I recently started restricting remote admin of Peplink routers by source IP address. In firmware 6.2.2, in the System section, this is called “WAN connection access settings”. The “Allowed source IP subnets” works fine, but its just a bunch of numbers. After a brief time, it will be very easy for me to forget what each IP subnet is. A comment field associated with the allowed IP subnets would be great to have. Thanks.
Do you think Remote Web Admin on InControl2 is suitable for your environment? It will be more easy and simple to manage your Balance and Max devices. When all devices managed by InControl2, you just disable the WAN access of your devices. You will have less headache on this.
The point of filtering source IP addresses is to trust the fewest number of people possible. With InControl2, or any such cloud management system, it seems that the user is trusting the company that set up the system. In this case it means trusting dozens or hundreds of unknown Peplink employees. No doubt InControl2 is easy and simple, but any solution that is easy is not going to be as secure. The price of security always has been, and always will be, some inconvenience.