Two unrelated feature requests


#1

I have two unrelated feature requests:

  1. This one may seem odd, and it only would work on the present product line if the USB port supports connecting to USB devices through USB hubs if one needs to support this plus USB modem fallback. But I’d like to see support added for hardware keys like Yubikey’s. https://www.yubico.com/products/yubikey-hardware/
    In other words, require a hardware token to be plugged into the router’s USB port in order to login for administration purposes. It would be a cheap way to add another level of security. Whether admins leave the token plugged in all of the time, or don’t, is their business. But it might be one way of requiring the admin mucking with the router to be physically at the router’s location. Which might be valuable for some people. It certainly would be a unique feature, as near as I can tell.

Anyway, worth thinking about.

  1. The other request, which would be of use to me now, is to extend the “Internal Network Firewall Rules” (Advanced --> Firewall --> Access Rules) to NOT be limited to transitions between VLANS. Right now, these rules only seem to be active for internal traffic between VLANS. I would like to see these rules also be enforced (or allow it optionally be enforced with a checkbox?) between devices on the same VLAN.

#2

Hi,

  1. Hardware Two Factor Authentication is an interesting idea but it kinda goes against the trend of easy remote management using a centralised service - so unlikely to be something we’d consider. We do support two factor authentication on InControl though, and local device admin accounts can be authenticated against an enterprise radius server currently - so perhaps we could consider 2FA for local device logon in the future if that was a popular requirement.

  2. Firewall rules between devices on the same vlan is not really practical - especially when the peplink isn’t the only device that is presenting the vlan to the end devices (such as an additional managed switch), since the network traffic flowing between the two devices in question wouldn’t come anywhere near the Peplink and would instead flow directly between the endpoints. If you want to restrict traffic flow between two devices they need to be in their own vlans or firewall rules need to be in place on the client end points themselves.