This is the disadvantage of using any VPN, including SFC. You will either need to host your own SpeedFusion device/endpoint at an IP that’s not part of a VPN/cloud hosting subnet.
The WAN subnet / ASN you’ve been using via SFC has been listed as a VPN subnet by their CDN WAF.
Generally I agree with you but with SFC, Peplink does not target the consumer market but is offering a paid service for their already premium priced products.
I would expect they put in some effort to keep their IPs clean of issues like this.
We would even pay for exclusive use on an IP address.
Well, unfortunately that’s not really how it works. In order to have a truly scalable environment you need to use AWS, Azure, GCP, etc. When you do that, even if you bring your own IP space, your subnets are advertised via that cloud provider’s BGP announcements, even if you have your own ASN. When companies like Lufthansa or their CDN, who try to reduce fraud, go to block places, they block large swaths of the internet by using subnets, ASNs, or a combination of both.
You say that you would pay for exclusive use of an IP address, and I’m happy to hear that, because you can do this on your own That’s what FusionHub is for. Now, you need to find somewhere to host it that isn’t already listed as a VPN provider or for non-personal/business use and host it there. This will likely mean hosting it in your office, house, or friend’s place (or playing whack-a-mole in AWS). Some people have luck on providers like AWS because the subnet/block they’re a part of doesn’t have anyone abusing anything, but that’s often not the case.
For Peplink to do this as part of SpeedFusion Connect means that you won’t be getting that free 500GB/1TB of data with your PrimeCare renewal, or a lesser amount, or maybe some additional costs will be incurred as it’s super expensive to run an independent infrastructure.
@ChristopherSpitler I believe it’s worth trying to establish a way of communication between Peplink and the companies offering these “protection features” to their customers. As reducing the number of false positives eventually improves the quality of their service.
We are already using FusionHub but as you said, scaling is costly.
Right now we are trying to work around the issue by avoiding DigitalOcean for egress but this comes with reduced performance.