Peplink 710 - 3 WANs & LDAP issues

Hello all. We just got our Peplink 710 running and our 3 ISPs (WANs) going.

Normal traffic is great, fast etc.

However we do have some cloud based solutions that poll our LDAP via our WAN1’s primary ISP’s public IP - this is being very inconsistent now - sometimes it responds fine, sometimes it fails to reach the LDAP.

I figure this is something where it comes in via WAN1 but the reply comes from WAN2 or 3 and it does not like that.

I have messed with outbound and inbound rules and NAT options to no avail - so seeking some help - I am sure this is a no brainier for many, so thank you for your patience.

Sounds like you’re on the right track with the reply going out one of the other WANs. Assuming the LDAP server is on your LAN create an outbound rule:

source = LAN or MAC address of the LDAP server
destination = any
protocol = any
algorithm = Priority
priority order = WAN 1 first
you must check the box for terminate sessions on link recovery

Using priority instead of enforced allows the LDAP server to reach the internet if WAN 1 goes down. If there is no need for the LDAP server to do that, I would use algorithm = Enforced.

If you use Priority but do not check terminate sessions, then if WAN 1 goes down the LDAP server will not be directed to WAN 1 as long as there are open sessions. That may be indefinitely. Checking the box ensures that routing goes back to WAN 1 as soon as WAN 1 is alive.

You could design the rule around ports instead of the source. If you do that build the rule around destination port, not source port. Per the link below that would be port 636 and 3269. Using that method source = ANY, and destination = your cloud server address.

It sounds like you’re doing something similar already but your rule may not be written correctly.

1 Like

Thanks, I suppose I can make two outbound rules that are “the same” - for this reason.

Our Peplink is in “Drop-in” mode (WAN1) and NAT for WAN2&3- the peplink then goes out to our main pre-existing firewall.

I was reading the documentation (yes, I did try lol) and it states that perhaps I should make the source the IP of the firewall - on peplink under “clients” there is only 1 client, the firewall.

So I did make a rule almost exactly like you stated - I will do as you recommend to the T and test it out- much appreciated. I will make one rule with the server IP and the other rule all the same but with the firewall (client) IP.

Our LDAP poll is direct public IP:port to our WAN1 IP, so the “in” is always WAN1, not variable.

I will try all of this and report back - thank you again :slight_smile:

Well, all is well now and this did help. We had some outside influences that we where overthinking. But the rules and flow seem to all be flowing now are our 2 issue systems (one LDAP query and one DNS lookup) are functioning faster than ever…just like our internet with peplink! thanks all