Speedfusion VPN: isolate branches from each other

Hello,

I have a lot, more than hundred of different Peplink devices (mostly Peplink Balance 20x) in branch offices, which are connected to FusionHub in the head office with SpeedFusion VPN.
I don’t want braches to be able to connect to each other. I want them to be able to access only to head office’s network and to internet. How can I implement this?
I tried to enable “SpeedFusion VPN Route Isolation” but it didn’t work. I am still able to reach from one to another branch.

FusionHub has the VRF Feature, that can be used.

VRF doesn’t work with inControl2 managed speedfusion profiles, unless they have fixed that recently.

Either NAT mode Speedfusion profiles, or redirect all PepVPN traffic via a virtual firewall appliance sat beside the Fusionhub and do proper firewall rules there.