Peplink Balance 20 Setup


I need to setup a Balance 20 using 2 WAN ports and connect it to a Sonicwall firewall. The balance 20 doesnt have the drop-in feature so how do i configure the LAN port to connect with the SW firewall?


You would typically connect the Sonicwall to the LAN port, and then put all the protected LAN devices behind the Sonicwall. You don’t need drop-in.


Thanks Don, but how to i configure the LAN port. Currently the WAN port on the SonicWall is configured to look for the first usable IP address and default gateway of the primary router. Should i change the WAN port on the firewall from Static to DHCP. Will that screw up all my rules on the firewall? Thanks Again.


Without drop-in mode the firewall configuration will need to change. SonicOS enhanced firmware allows for L2 Bridge Mode or Transparent Mode, otherwise a double NAT is needed with a private IP address on the WAN interface of the SonicWall.


My experience is with Untangle, but Sonicwall is similar. I set these up using what I believe Sonicwall calls Transparent Mode.

ISP > Balance router > Firewall > LAN

In transparent mode, the firewall device sits behind the Balance as a LAN device. The Firewall passes through the gateway IP of the Balance. To any device on the LAN, the firewall’s IP is the Balance gateway IP. Thats why they call it transparent.

So you asked “how do I configure the LAN port”. You configure it the same as you would if the Sonicwall was not there. The Sonicwall will acquire a LAN IP from the Balance (assuming you are using DHCP). You should set up a reservation in the Balance so the Sonicwall always gets the same IP. When the Sonicwall receives its LAN address, it will also receive the Balance IP as a gateway.

Within the Sonicwall, select the transparent method. The LAN side of the Sonicwall then pretends to be the same IP as the Balance. Its actually receiving requests, filtering as instructed, and passing through to the Balance.

As far as the LAN devices know, the Sonicwall is not there. The LAN devices think they are talking to the Balance. If the LAN user makes a request that is not permitted by the Sonicwall, the Balance never receives it.