Placing Pepwave BR1 PRO 5G in Bridge Mode to Connect to Firewall

I needed to place my BR1 PRO 5G in bridge mode so I could connect it to my firewall and create a permanent VPN tunnel back to the corporate office.

I couldn’t find any cases that described this activity in detail and my mobile carrier’s technical support was very limited. Here’s what did to get this to work.

Note 1: I have a static external IP address assigned by my cellular carrier (T-Mobile).

  1. In the Pepware web UI (factory hardcoded to click on Dashboard → Details button for the Cellular WAN entry

  1. Under WAN Connection Settings place a check in the IP Passthrough box


  1. Scroll to the bottom of the page and click Save and Apply

Note 2: The external IP address, subnet mask and default gateway listed in the Pepwave for the cellular SIM card was not accurate.

To collect accurate external IP address, subnet mask, default gateway and DNS servers, connect a laptop with the ethernet network adapter configured for DHCP to the LAN 1 port on the Pepwave. You may need to power cycle the Pepwave but eventually it should pass the static IP information to the ethernet adapter. Using a command prompt run ipconfig /all to identify the information. To confirm connectivity to the internet you should be able to ping

I input the external IP address, subnet mask, default gateway and DNS servers into the external interface (WAN 0) on my firewall. Then I connected the LAN 1 interface on the Pepwave to the WAN 0 interface on my firewall and I was able to reach the internet and build the VPN tunnel back to corporate.

At no point did I use the WAN interface on the Pepwave. I also did not modify the WAN configuration in the Pepwave web UI.

One final note, even though the ethernet adapter on the laptop was using the external IP address I was still able to browse to Pepwave web UI (factory hardcoded to