Peplink Link balancer

Hello Team,

I plan to purchase the Peplink Link balancer for purpose load sharing internet & Link failover and I am going to deploy it as HA. And for the existing Diagram, please refer to the below Picture.Customer's Diagram

I have some questions to clarify with all of you about this solution, so please let me know if you have experience with it.
• How to configure between the firewall and Peplink link balancer? And what is the method?
• After connects the new Peplink link balancer to the existing firewall, is there any affecting on the existing configuration on the firewall(Check Point FW)? Due to the existing firewall, we have configured VPN site to site from Phnom Penh to Malaysia. So I worry when we add Peplink link balancer it effect to the current configure on the existing firewall.
• Can Peplink pass the log to an existing log management system that customers using?
• When I assign one link for VPN from Phnom Penh to Malaysia down, does the VPN still working or not? • How to configure between the firewall and Peplink link balancer? And what is the method?
• After the customer connects the Peplink link balancer to the existing firewall, is there any affecting on their existing configuration on the firewall? Due to the existing firewall, they have configured VPN site to site from Phnom Penh to Malaysia. So they worry when they add Peplink link balancer it effect to the current configure on the existing firewall.
• Can Peplink pass the log to an existing log management system that customers using?
• When the customer assigns one link for VPN from Phnom Penh to Malaysia down, does the VPN still working or not?
• Could you share the Technical proposal on these solutions?
• As I plan to configure HA, so please advise me about the new diagram based on this sample diagram. Thank you!

1 Like

Hello Team, Do you have any comments on my solution above?

HA installation can work well but introduce a lot of complexity. Peplink Balance routers are extremely reliable hardware. I have many of them 10 years with no hardware issues. The design you have still has at least two single points of failure (the firewall and the switch) so I don’t see that you gain anything through HA. Since you are new to Peplink I recommend you start by configuring this system as a single router, and maybe later when you are more comfortable consider HA. So with that in mind my answers to your questions will be based on a single router install…

How to configure the firewall.

The Firewall is typically installed in Transparent mode. The LAN devices see the LAN side of the firewall as the same IP as the router. Configuration of the firewall has nothing to do with the Balance.

VPN effect on firewall.

The VPN is outside the firewall so the two technically do not affect each other. Depending on configuration the firewall device might block data to/from the firewall but the VPN itself will not be affected.

Log Management system.

Yes the Balance series can work with an external log server.

When I assign one link for VPN from is down…

The biggest reason to use Peplink Balance routers is for access to multi-WAN VPN. With a Balance at both ends of the VPN and multiple internet providers, you can if desired configure the VPN to be live on multiple internet providers at the same time. The multiple providers are “blended” into one both for bandwidth and for redundancy. There are options for how you want this to be configured. If you configure the VPN so all the internet providers are live, if one of the internet sources goes down your VPN remains live. It may have reduced bandwidth but the VPN remains live. It is also possible to configure the VPN so it only uses one WAN at a time which means if that WAN goes down there is a brief interruption while the backup negotiates a connection. There are plus and minus to both methods.

After the customer connects the Peplink link balancer…

Your question makes me wonder if you think the device is “just” a balancer. The Balance series are a router which does load balancing, but they are still first a router. You must have a router ahead of your firewall now?

When the customer assigns one link for VPN is down…

If you configure the VPN to use only one link, and that link goes down then yes of course the VPN will go down. You can configure the VPN to use multiple WAN simultaneously, or as “cold” backup, or just one WAN.

Technical proposal…

I am just a user and forum member. There should be a Peplink certified reseller in your market who would assist you with selecting the right device and configuration.

4 Likes

Hi Don,

thank you so much for your feedback, I would like to double-check more about the VPN on the FW, so what the configuration should perform in Firewall in order to prevent affection on VPN Site to Site once we put the Peplink, could you please advised more?

Hi Peplink Team,
may i can get confirmation from Peplink Engineer on my questions above?
Please to share link reference as well. thank !