we’ve got a problem.
We have somes sites we linked, with speedfusion tunnels, to the headquarter.
We want all the internet traffic, from all the sites, going thru the speedfusion to the HQ site, and then outside on Internet.
And, most of all, we want to protect internet incoming with a third party firewall, BUT also protect and check outbound traffic : URL filtering, etc.
Speedfusion are built, everything’s fine.
To enforce internet traffic from remote site to go to HQ, we added a outbound rule on remote peplink to redirect “all” to speedfusion. It’s ok.
on the HQ peplink, we added a rule to enforce internet traffic to be routed to the third-party firewall (a CyberRoam HA system).
Problem is :
Everything was fine WHEN we used drop-in mode on the peplink : on the firewall, we added a rule to push all incoming traffic from peplink’s address, using drop-in mode : as an example, 172.22.34.2, to a WAN internet connection (for example, 172.22.34.254). Peplink is between the firewall and the wan connection, it can “catch” the paquets and send them to what we decided.
Our problem is the drop-in mode was not possible (too much difficulties). The peplink, of course, is still between the firewall and the wan connection.
He has got an address like 172.22.34.254 for the LAN side.
The problem is to configure the firewall to add a rule saying something like “all traffic incoming from 172.22.34.0 side has to be sent to 172.22.34.254”.
Do you know if we can had a second LAN address on the peplink, to use one for the traffic peplink-to-firewall and the other for firewall-to-peplink, after firewall’s checks ?
Thank you for your help !