Use PepVPN / InControl to filter IP addresses for website?

Suddenly we have a large number of remote employees (sound familiar?) and we deployed Peplink devices to help with security, failover, and management Just about everyone has home internet, but we are providing backup 4G connection for those that require it.

We’d like to limit remote access to one of our websites to just these employees and our local office. Our website has a setting to filter by IP address, but all of these remote employees have DHCP and dynamic 4G IP addresses. Impossible to add and remove these multiple times a day. Our office has static and DHCP.

Remote workers also are using video (zoom, etc.) and VoIP that we don’t want to route through an unneeded VPN connection. Bandwidth is limited.

Is this possible to accomplish just through InControl (is there an IP address that remote Peplink devices can use) or will this require a mix of PepVPN connections where there is a static IP?

Basically, do I have any options?

Can’t tell if you are using pepvpn back to your head office location or not? If you are you can add an outbound policy that forwards just access to the DNS name for your website over PepVPN.

If you’re not, how about publishing a local DNS entry on the remote peplinks for the website but on a different public IP to all the remote devices, then host a reverse proxy (using NGINX for example) on that IP and redirect to the actual website?

I’m not, but could I put a Balance One/Two in the head office (and add more PepVPN licenses) behind the current firewall to get the same behavior, or will that create problems that I don’t clearly understand?