Peplink BR1 in front of firewall with Class B IP?


#1

I administer a small firm with about 20 locations. Occasionally one of the sites will lose their internet connection, so I’m looking for a relatively failover solution.

I understand the BR1 has a automatic failover solution, but I’d like to purchase a single BR1 and send it sites as needed.

Is it possible to configure the BR1 with a Class B IP address and put it in front of the existing firewall?

For example Site A has a static DSL connection with a 198.1.1.1 IP and a router/firewall behind it. If the DSL fails, I’d like to set the BR1 LAN IP to 198.1.1.1 and set it in front of the firewall and use the cell service to provide internet access to the rest of the network while still having the firewall providing port forwarding/blocking etc.

Would this work? and am I overthinking this?

Thank you in advance for any tips or advice


#2

Since you´re looking to keep all the management in the firewall, the easiest way to go is putting the MAX BR1 in IP Passthrough mode.
This will basically turn the Pepwave MAX BR1 into a transparant cellular bridge.

You can enable this via ‘Dashboard’, by clicking on the ‘Details’ button at the Cellular WAN.
The ‘Connection Details’ window will be displayed.
In the ‘General Settings’ section, select the option for ‘IP Passthrough’.

This will disable the router functionality and provide the cellular WAN address directly to one attached network client.
In this case, it will be your firewall.


#3

Won’t that only work if my router’s external port is set to DHCP or if my router is set to use the IP info from the cell IP address?

Ideally I’d like to only configure the Pepwave MAX BR1 and send it to the site that’s having internet issues. They would just plug it in without touching the firewall and get internet access that way.

I understand I am double NAT’ing, but it should work for a small temporary network in a pinch. Any ideas?


#4

If you’'re just looking to swap out a DSL router that is already doing NAT (from DSL to the 192.1.1.1 address) with a BR1 that will do NAT between cellular and its LAN, then yes it can be a direct swap. You’d just swap it over and then set up a NAT mapping between the cellular WAN and the LAN IP assigned on the LAN of the BR1 to your.

However, unlike DSL where the public IP tends to be publicly routable, most cellular providers will assign a private IP to their subscribers which they then NAT. So unless you specifically get a SIM with a public IP assigned, inbound port forwarding wouldn’t work anyway (as it would be blocked by the cellular ISP). Outbound internat access will work like a champ though!

Here in the UK we offer an emergency internet service replacement in exactly the way you describe using our CloudCase enclosure to make sending it by courier and setup by inexperienced hands at the remote site easy…