Hi Paul
Got everything set up, a friend helped out with the settings, love the interface, its really intuitive! and I’m successfully using the USB to get the statistics page, working great, even saw some ostructions last night that I was not aware of, time to trim the trees. One issue, even with the LTE modem set to be always connected, im looking at the event log and have a ton of short outages which have been disconnecting Teams calls - can the Speedfusion in the cloud help with this?
Yes, that is what SpeedFusion tunnels will do. We talked about our tunnel settings on Mar 10th (up thread) I use a FusionHub endpoint rather than SFcloud because I need inbound access, not just outbound, but the SpeedFusion part is similar.
I will let a peplink partner talk about exactly what service you get with a primecare device.
https://forum.peplink.com/t/care-plans-upgraded-with-speedfusion-cloud/31595
You then use an Outbound Policy to send the critical data via the tunnel. I have moved my WAN smoothing up to Medium since I could still get some issues on Zoom.
Thanks, I spent an hour trying to figure out how to activate it, the link in the announcement you included was the first time I saw anything about how to activate it, ( which I was able to) I wish that had been easier to find LOL - Im using Zoom and Teams O365 from a single computer , what do I change now that SF is activated?
We indicated above the settings for zoom: outbound policy, use destination domain name zoom.us. You must be using the 20X for DNS, not going directly to 8.8.8.8 or other DNS servers. I can’t use teams, so the summary from above is the best information I have.
You can set up a policy for a specific machine by IP, to simply route all of its traffic out the SFC if individual applications can’t be identified.
You can see under “Status: Active Sessions: Search” which route each TCP and UDP sessions are using…
I found these IPs for Teams, this is what I set up, is it required to add the domains shown in the MS link provided as well? thank you all for your help!
For Teams you just need one rule with the UDP ports. That’s what I have and it seems to work great!
To confirm, is anything besides the domain “zoom.us” needed for Zoom?
Hi Paul, can you possibly share the screenshot of the one rule you set up for teams,
Do I need to change the main outbound policy for the Gateway to include SFC as well?
Thanks, so there for zoom and teams ( and any other similar platform ) you just put Cloud SFC in the “Highest Priority” and leave the "WAN(starlink) (and in my LTE) in the “Not in Use”
Yeah, I guess I should put something in lower priority (Yellowknife is my WISP) in case the SFC cloud is unavailable for some reason.
I don’t have a Teams rule, since I can’t run teams outside of the corporate network.
But I put the SFC at the highest priority, then the WAN’s below it, since there can be network scenarios where the SFC doesn’t establish.
the UDP rule would probably be just for the real time communication content. I don’t know how much a live teams meeting relies on 443 for other content during or before a session.
To be sure you have 100% of the rules needed for teams would be to put in a deny rule (throw away the traffic from the test IP) after all of the teams rules. If you can still run a complete cycle of a teams session without error, then you have found all of the necessary rules.
Here’s an interesting status view that shows my activity during a Teams call. You can clearly see the Teams related traffic going to SFC.
What I see there is that there is a number of teams “https” sessions that all are going via Starlink… 52.113.205.224:443 for example. They are teams related. Are they core to the application? Is the slower fail over good enough?.. The UDP voice and video packets might be good enough… might not… Just realize that it isn’t all of it.
Great observation! Maybe the configuration could stand some additional tweaking. I will say that as I noted initially, my Teams calls have been going great with no drop outs. So maybe those https sessions aren’t as critical.
That is the phone app trying to get statistics from the Starlink router. Do you actually use the provided router? (saw that you do…)
If you don’t then just deny them via Firewall rules and they will disappear.
I didn’t notice it because I actually have a 192.168.1.0/24 network route to a DSL modem, that goes via a Juniper SRX that I assume is blocking all of those.
Yes, just set them to log->deny, and they show up in the firewall Log.
Not the phone app, but the statistics page. Thanks!
Any idea what the rules would be for GoToMeeting calls?
one second google search: https://support.goto.com/meeting/help/optimal-firewall-configuration-g2m060010
yes I found that too, but the specific rules actually needed to add to the outbound policy - like for teams there was no need to add IPs or domains, just the UDP port range,
