Peplink Balance Series User Manual
Contents
1. 62 Copyright 2008 Peplink 14 3 Definition Peplink Balance Series User Manual of Port Forwarding This section applies only to Peplink Balance 20L and 30 Inbound Port Forwarding rules are defined at Network gt Inbound Access gt Port Forwarding Network gt Inbound Access gt Port Forwarding WANT default 192 168 1 10 To define a new service click the Add Service button upon which the following appears Enable Service Name IP Protocol Port lt Service Port Inbound IP Address es Required at least address one IP All Available IP Address es M WANT Server IP Address 192 168 1 10 Required Fields Enable Port Forwarding Settings This setting specifies whether the Inbound Service takes effect With an Enable value of Yes the inbound service takes effect traffic is matched and actions are taken by Peplink Balance based on the other parameters of the rule With an Enable value of No the inbound service does not take effect Peplink Balance disregards the other parameters of the rule Service Name This setting identifies the service to the System Administrator Valid values for this setting consist only of alphanumeric and the underscore _ characters 63 Copyright 2008 Peplink Peplink Balance Series User Manual Port Forwarding Settings The IP Protocol setting along with the2. Email Notification Settings This setting specifies whether or not to enable Email Notification If Email Notification is set to enable Peplink Balance sends email messages to a System Administrator when the WAN status changes or when new firmware is available Email Notification If disable is set Peplink Balance does not send email messages This setting specifies the SMTP server to be used for sending email If SMTP Server the Server requires authentication check the Require authentication check box SMTP User This setting specifies the SMTP username and password while sending Name email These options are shown only if the Require authentication Password check box is checked in SMTP Server setting Sender s Email This setting specifies the sender email address reported by the email Address messages sent by Peplink Balance Recipient s Email This setting specifies the email address to which Peplink Balance Address Should send the email messages After you have completed the settings you can click the Test Email Notification button to test the settings before saving it After it is click you will see this screen to confirm the settings OF Copyright 2008 Peplink Peplink Balance Series User Manual Su pon er Yes No Click Yes to confirm Wait afew seconds You will see a returned message and the detailed test result Test email sent Email
3. gt Power off gt gt Reboot gt shows firmware version shows serial number shows current time shows up time since server reboot shows current CPU loading 0 100 shows LAN port physical status shows LAN IP address shows LAN subnet mask shows Connected Disconnected IP address list shows transfer rate in Kbps gt WAN1 gt WAN2 gt WANS3 gt Throughput out shows transfer rate in Kbps gt WAN1 gt WAN2 gt WANS3 gt Data Transfer d shows volume transferred since last reboot in MB gt WAN1 gt WAN2 gt WAN3 gt Maintenance gt Power off gt Power off Yes No powers off unit gt Reboot gt Reboot Yes No reboots unit gt Factory default gt Factory default Yes No restores factory defaults gt LAN config gt Port speed shows port speed Auto 10baseT FD gt LAN 10baseT HD 100baseTx FD gt WAN1 100baseTx HD gt WAN2 gt WAN3 sika Copyright 2008 Peplink 5 3 4 Rear Panel Appearance Power Switch Peplink Balance Series User Manual Power Connector Connector Ports Power Connector AC input 110 220V Power Switch To hold pressing the key for 4 secs will power down the unit When the unit is powered off press it will power on the unit 5 3 5 Unit Label Appearance PePLink Balance 380 Product Code BPL380 Serial 1234 56 78 9000 FC LAN MAC XX XX XX VY Vy yy 0 Made in Taiwan sige Serial Num
4. Skype Google Talk RealVideo and Windows Ll Enable Streaming Media Secure Web HTTPS Enable DSL Optimization Enable Registered trademarks are copyrighted by their respective ovwmer Save Traffic Prioritization SIP Vonage When enabled any SIP and Vonage voice traffic will be prioritized PPTP and IPSec When enabled any PPTP and IPSec traffic will be prioritized VPN Skype Google Talk RealVideo and Windows Streaming Media When enabled voice and video traffic of Skype Google Talk RealVideo and Windows Streaming Media will be prioritized Registered trademarks are copyrighted by their respective owner Secure Web HTTPS When enabled HTTPS TCP port 443 traffic will be prioritized 86 Copyright 2008 Peplink Peplink Balance Series User Manual DSL Cable Optimization For an asymmetric DSL ADSL or cable based WAN connection where the upstream bandwidth is lower than the downstream with this option turned on the WAN s downstream bandwidth can be fully utilized in any situation DSL Cable When a DSL cable circuit s uplink becomes busy it is a fact that the Optimization downlink bandwidth is affected Users cannot download data in full speed until the uplink becomes less congested The DSL Cable Optimization could relieve such problem When it is enabled the download speed will be less affected by upload traffic Default Enabled Please
5. When the unit is powered off press it will power on the unit Reset Switch Press and release once to reset the system 5 4 4 Unit Label Appearance Serial Number and LAN MAC Address PePLink Balance 710 Mus Product Code BPL 10 Serial 1234 5678 9000 FC LAN MAC XX XX XX Yy YY YY Made in Taiwan peplink NTA TTT pepsi com 16 Copyright 2008 Peplink Peplink Balance Series User Manual 6 Installation 6 1 Connecting the Network with Peplink Balance 6 1 1 Preparation Before installing Peplink Balance please prepare the following e At least one Internet WAN access account e For each network connection one 10 100BaseT UTP cable with RJ45 connectors or one 1000BaseT Cat5E UTP cable for the Gigabit ports on the Balance 700 710 e A computer with TCP IP network protocol and a web browser installed Supported browsers include Microsoft Internet Explorer 6 or above Mozilla Firefox 2 0 or above or Apple Safari 3 1 1 or above 6 1 2 Constructing the Network At a high level construct the network according to the following steps 1 With a network cable connect a computer to one of the LAN ports on the Peplink Balance For Peplink Balance 20L 30 200 and 300 repeat with different cables for up to 4 computers to be connected 2 With another network cable connect the WAN broadband modem and one of the WAN ports on the Peplink Balance Repeat using different cables to connect u
6. e TCP e UDP e ICMP Protocol IP Alternatively the Protocol Selection Tool drop down menu can be used to automatically fill in the Protocol and Port number of common Internet services e g HTTP HTTPS etc After selecting an item from the Protocol Selection Tool drop down menu the Protocol and Port number remains manually modifiable 80 Copyright 2008 Peplink Peplink Balance Series User Manual Inbound Outbound Firewall Settings This setting specifies whether or not to log matched firewall events The logged messages are shown on the page Status gt Logs A sample message is as follows Aug 13 23 47 44 Denied CONN WAN1 SRC 20 3 2 1 DST 192 168 1 20 LEN 48 PROTO TCP SPT 2260 DPT 80 Event Logging e CONN The connection to which the log entry refers Possible values are LAN and WANx where x is the WAN number SRC Source IP address DST Destination IP address LEN Packet length PROTO Protocol SPT Source port DPT Destination port This specifies the source IP address es and port number s to be matched for a firewall rule A single address or a network can be specified as the Source IP amp Port setting as indicated with the following screenshots single Address IP Source IP amp Port In addition a single port or a range of ports can be specified for the Source IP amp Port setting This specifies the destination IP address es and port number s to be mat
7. By default MSS is set to Auto ee He Copyright 2008 Peplink Peplink Balance Series User Manual Physical Interface Settings This setting allows configuring a user specified MAC address Some service providers e g cable providers identify the clients MAC addresses and require a client to always connect using the same MAC MAC Address address In such cases change the Peplink Balance WAN interface Clone MAC address to the original client PC s via this field The default MAC Address is a unique value assigned at the factory In most cases the default value suffices Clicking the Default button restores the MAC Address to the default value Some service providers require the router to enable VLAN tagging for Internet traffic If it is required by your service provider you can VLAN enable this field and enter the VLAN ID that the provider requires Note Leave this field disabled if you are not sure DHCP Settings Each ISP may provide a set of DNS servers for DNS lookups This setting specifies the DNS Domain Name System Servers to be used when a DNS lookup is routed through this connection Selecting Obtain DNS server address automatically results in the DNS Servers assigned by the WAN DHCP Server to be used for DNS Servers outbound DNS lookups over the connection The DNS Servers are obtained along with the WAN IP address assigned from the DHCP server When Use the following DNS server a
8. Peplink Balance Series User Manual Peplink Balance 20L 30 200 300 380 390 700 7 10 Firmware version 4 5 1 Oct 2008 COPYRIGHT amp TRADEMARKS Specifications are subject to change without prior notice Copyright 2008 Peplink International Ltd All Rights Reserved Peplink and the Peplink logo are trademarks of Peplink International Ltd Other brands or products mentioned may be trademarks or registered trademarks of their respective owners 3 1 Sa 4 4 2 5 1 9 2 5 4 6 6 2 7 7 3 10 10 1 10 2 10 3 10 4 10 5 10 6 10 7 11 12 12 1 12 2 13 Loa 13 2 13 3 14 14 1 14 2 14 3 14 4 15 Peplink Balance Series User Manual Table of Contents INTRODUCTION AND SCOPE ccloscssedececcdan Sescceerceniavacosoapecussondecstusvsaccoantacasoatanedwessneatdaseseuntataueaseaveuss 4 GLOSSAR o E E 4 PRODUCT FEATURES osrin asena A EEEa 5 PORTED IN Ty AEA I E N EE E E E A TA E E dae ome see E E EE EET J OTE SUP OR TE OFEA TUR aes ee eda E E 6 PACKAGE CONT BING S norrisi oare uneen eae En E EE 6 PEPUNK BALANCE 20L7 SOP 200 3V0 i oasesovasorssovssavivecdiavniavisbviiadiavtiavbsiviiecdiavtiattaviiediavsiovbsbviieddiavtioviie 6 FPEPUNK DATANCE S007 307 7007F 7 TU cenie TAA 6 PEPLINK BALANCE OVERVIEW oososssesesecseccccccccccssssssssscccccccccccccsseseseeceessssssseseccecccceceeee 7 PEPUNK BALANCE 20L 200 osnssorsrerierskais eika ka baror E iR rae SORAAN EEE TONAR OARE TAKA REUN KANKEN ORUKORE SEE
9. Port Range traffic that is received by Peplink Balance via the specified protocol at the specified port range is forwarded via the same respective ports to the LAN hosts specified by the Servers setting For example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 88 TCP traffic received on ports 80 through 88 is forwarded to the configured servers via the respective ports Port Map traffic that is received by Peplink Balance via the specified protocol at the specified port is forwarded via a different port to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Port Map Service Port 80 and Map to Port 88 TCP traffic on Port 80 is forwarded to the configured servers via Port 88 Please refer below for details on the Servers setting Inbound IP This setting specifies the WAN connections and Internet IP address es Address es from which the service can be accessed Server IP This setting specifies the LAN IP address of the server that handles the Address requests for the service 64 Copyright 2008 Peplink Peplink Balance Series User Manual 14 4 Definition of DNS Records This section applies only to Peplink Balance 200 300 380 390 700 and 710 The built in DNS Server functionality of Peplink Balance facilitates inbound load balancing With the presence of the functionality NS SOA DNS records for a domain name can b
10. Click on the appropriate check box es to select the WAN connection s to be configured Setup Wizard gt WAN Setup gt Step 2 Choose WAN connection s to add or modify Status Select Link lt lt Back Next gt gt Cancel Select the connection type from the following screen Setup Wizard gt WAN Setup gt Step 3 Choose a connection type Selec t Type We OOOO U S C lt lt Back Next gt gt Cancel Depending on the selection of connection type further configuration may be needed For example PPPoE and Static IP require additional settings for the selected WAN port Please refer to Section 10 Configuration of WAN Interface s for details on setting up DHCP Static IP PPPoE and GRE After finishing the last step in the Setup Wizard please click Apply Changes on the page header to effect the configuration changes or Copyright 2008 Peplink Peplink Balance Series User Manual 7 3 Advanced Setup Advanced settings can be configured from the Network menu WAN connections can be configured by entering the corresponding WAN connection information from Network gt Interfaces gt WAN Main Setup Wizard Network System Status Apply Changes Network gt Interfaces gt WAN Not Configured Inbound Access Not ee ae Configured m Services a DNS Settings Please refer to Section 10 Configuration of WAN Interface s for details on setting up
11. D2 Of O2 03 03 04 04 04 09 09 09 40 40 34 35 40 43 43 47 44 51 51 51 Gi is 14 33 29 SIP tracking enabled 37 Time synchronization success 04 Health check status changed 07 Health check status changed 53 Health check status changed 56 Health check status changed 45 SIP tracking enabled 03 Time synchronization success 41 SIP tracking enabled 51 Health check status changed 52 Time synchronization success 54 Health check status changed 38 Health check status changed 04 Health check status changed 57 SIP tracking enabled Ja at 41 41 45 09 04 06 Time synchronization success 09 Health check status changed 42 SIP tracking enabled 52 Time synchronization success 45 SIP tracking enabled 45 40 53 Time synchronization success 20 Health check status changed WAN 1 WAN 2 WAN 1 WAN 2 WAN 2 WAN 3 WAN 2 WAN 3 WAN 3 WAN 2 WAN WAN WAI WAN WAN WAN 1 DOWN Lost Connection UP UP DOWN Link Down UP UP DOWN Lost Connection DOWN Lost Connection UP UP DOWN Health Check Failure DOWN Health Check Failure DOWN Health Check Failure UP UP WAN 3 UP DOWN Lost Connection May 11 09 47 00 Health check status changed WAN 1 UP The log section displays a list of events that has taken place on the Peplink Balan
12. Interface enter the following as User Name and Password to proceed User Name admin Password admin The default admin password can be changed at the page System gt Admin Security of the Web Administration Interface 4 After successful login the main page of Web Administration Interface is displayed Main Setup Wizard Network System Status PePLink Balance Web Administration Interface IP Address 192 168 1 1 IP Address 17 219 22 1 Details Status Connected Disconnect IP Address 18 220 23 1 Details Status Connected IP Address 19 221 24 1 Details Status Connected Disconnect Model PePLink Balance 380 Firmware v4 5 0 build 1090 Uptime 147 days 1 hour 12 minutes Important Note Configuration changes e g WAN LAN Admin settings etc take effect after clicking the Apply Changes button on each page s header The Apply Changes button causes the changes to be saved and applied sgia Copyright 2008 Peplink Peplink Balance Series User Manual 7 2 Configuration with Setup Wizard The Setup Wizard of Peplink Balance simplifies the task of configuring WAN connection s by guiding the configuration process step by step To begin click Setup Wizard after connecting to Web Administration Interface Setup Wizard gt WAN Setup gt Step 1 This wizard will provide step by step configuration in setting up the WAN interfaces Click Next to start Next gt gt Cancel
13. bandwidth for routing site to site VPN traffic Unless all the WAN connections of one site are done the Peplink Balance could still maintain VPN to be up and running The Peplink Balance must be set as a Server or a Client on both end of the VPN When one end is a client the other end must be a server A client connects to a server A server waits for connections from a client The server listens on TCP port 22143 of all WAN connections IP addresses Please refer to section 19 2 for Site to Site VPN Status Network gt Interface gt Site to Site VPN gt Site to Site VPN Configuration Network gt Interface gt Site to Site VPN gt Site to Site VPN Configuration OJ Oves Ono i O OJO ves Ono o OJ sewer O ciet RE ORETIT Client Serial Number J 1234 1234 1234 Server Hosts J 123 123 123 123 O Remote client is set up in high availability mode Allowed Client IP Addresses Optional m 8 0 IEJ PREES E Desintation Network Subnetmask J 255 255 255 0 x 10 9 70 s dfs 255 255 0 sd ee Remote Subnets Desintation Network Subnet Mask m Priority 1 Highest 1 Highest x A a 2 Priority 1 Highest v jority 1 Highest x Save Save Setup screen for server Setup screen for client 48 Copyright 2008 Peplink Peplink Balance Series User Manual General Site to Site VPN Settings Enable Select Yes to enable and
14. 111 C 3 BYPASSING THE FIREWALL TO ACCESS HOSTS ON LAN cssccesccecccesccecccsccesccasccesccsscesccescesseesscesceesceescs 113 C 4 INBOUND ACCESS RESTRICTION ssc2eccccace occaconentencacdesideedscendandsccodencedcadondeiendexsetesdoudssextecdedsedend eieadeaDinendseees 114 C 5 INBOUND ACCESS RESTRICTION eects cece cee teste cetera eecters edie ec ecu cen see SEEST EANNA 115 APPENDIX D i UY 2 Wee 5 G1 y Caner re en 116 APPENDIX E PRODUCT SPECIFIC ATION S eeeseesesesesesosessesesesosoesesesososcoscesesesososoeoesesesosseoesesesoso 118 E PEPCK BALANCE ZOOLANDO Z0 nae 118 E 2 PEPLINK BALANCE 30 AND SOO ascites cscs cenenducatvudewadateresivadetsedaacebedwacas os ovecanucivn da edazdiateedusdaesdanedsesedeedas 119 E 3 PEPUINK BALANCE 38O AND JJO reckicccteite dole scbaccdecesbdalascsedetucacccetnenddedacealdolaseddnsasieadelaesledeteciesdecdecuacdenes 120 E 4 PEPLINK BALANCE 700 AND 7 1 O tececccescosrcecesattusenuesietenrsetiesorusdeacensntiecenvedhanceuseiaviacueteveneueteaceddndewedieueceuesewes 121 ne Copyright 2008 Peplink Peplink Balance Series User Manual 1 Introduction and Scope The Peplink Balance series provides link aggregation and load balancing across up to seven WAN connections The Peplink Balance 20L provides a cost effective solution suitable for home environment The Peplink Balance 30 provides a feature set that is suitable for Small Office Home Office SO HO environments The Peplink
15. 380 and 390 Routing e NAT Drop in and IP Forwarding e Configurable Static Routes WAN Support DHCP PPPoE GRE and Static IP e Inbound and Outbound Link Load Balance Device Management e Wizard amp Menu Driven Web based Administration Interface over HTML SSL e Remote Reporting and Management e Configurations Upload and Download Security e Compatible with IPsec and PPTP VPN e Rules based Stateful Firewall with IP Address Protocol and Port filtering e NAT Mapping One to One mapping Physical Interface Balance 380 e Three RJ 45 for an IEEE 802 3u 10 100M WAN e One RJ 45 for an IEEE 802 3u 10 100M LAN e RS 232 Console Serial modem TA Port Physical Interface Balance 390 e Three RJ 45 for an IEEE 802 3ab 10 100M 1000M WAN e One RJ 45 for an IEEE 802 3ab 10 100M 1000M LAN e RS 232 Console Serial modem TA Port Power Specification e AC Power Adapter 100 240V Operating Environment e Temperature 0 C 40 C 32 F to 104 F e Humidity 10 90 non condensing 120 Copyright 2008 Peplink Peplink Balance Series User Manual E 4 Peplink Balance 700 and 710 Routing e NAT Drop in and IP Forwarding e Configurable Static Routes WAN Support DHCP PPPoE GRE and Static IP Inbound and Outbound Link Load Balance Device Management e Wizard amp Menu Driven Web based Administration Interface over HTML SSL e Remote Reporting and Management e Configurations Upload and Do
16. Balance 200 300 provides advanced features for small business The Peplink Balance 380 390 700 and 710 with a suite of advanced enterprise class features make ideal single box solutions for medium to large sized businesses environments and allow service providers to enable highly available multi network service This manual applies to the following Peplink Balance products with firmware v4 5 Peplink Balance 20L Peplink Balance 30 Peplink Balance 200 300 Peplink Balance 380 390 Peplink Balance 700 710 The manual presents how to set up Peplink Balance and provides a collection of case studies involving advanced features of Peplink Balance 2 Glossary The following terms acronyms and abbreviations are frequently used in this manual Term Definition DHCP Dynamic Host Configuration Protocol DNS Domain Name System GRE Generic Routing Encapsulation HTTP Hyper Text Transfer Protocol ICMP Internet Control Message Protocol IP Internet Protocol LAN Local Area Network MAC Address Media Access Control Address MTU Maximum Transmission Unit MSS Maximum Segment Size NAT Network Address Translation PPPoE Point to Point Protocol over Ethernet SNMP Simple Network Management Protocol TCP Transmission Control Protocol UDP User Datagram Protocol Copyright 2008 Peplink Peplink Balance Series User Manual VRRP Virtual Router Redundancy Protocol WAN Wide Area Ne
17. DHCP Static IP PPPoE and GRE see Copyright 2008 Peplink Peplink Balance Series User Manual 8 Configuration of LAN Interface s The LAN Interface settings are located in Network gt Interfaces gt LAN Network gt Interfaces gt LAN IP Address 192 168 1 2 Subnet Mask Speed k Ba Wie ee Cue Pee V Enable Default Gateway 192 168 1 1 I have other host s on WAN segment Host IP Address es 192 168 1122 192 168 1122 192 168 1 123 192 168 1 124 192 168 1 125 192 168 1 126 IF Range P 192 168 1 250 Subnet Mask F Lease Time Gli Days Hours Mins 0 Seconds DNS Servers Assign DNS server automatically DHCP Reservation MAC Address Static IP Web Server 00 11 22 33 44 55 192 168 1 38 Scr ay a 3 3 Static Route Destination Network Subnet Mask Gateway o d es lt DNS Caching C Enable Local DNS Records o HP Address www foobar com 197 168 1 99 z5 Required Sey ee Copyright 2008 Peplink Peplink Balance Series User Manual LAN Settings IP Address amp Subnet Mask The IP address of Peplink Balance on LAN The speed of the LAN Ethernet Port By default the appropriate data speed is automatically detected by Speed Peplink Balance In the event of synchronization issues the port speed can be manually specified to circumvent the issues Drop in Mode Settings Drop in Mode eases the installation of Peplink Balan
18. Host Mappings Note 1 Inbound Mapping is not needed for WAN connections in drop in or IP forwarding mode Note 2 Each WAN IP address can be associated to one NAT Mapping only ay ya Copyright 2008 Peplink Peplink Balance Series User Manual Outbound Mappings This setting specifies the IP address of each WAN connection to be used for any outgoing traffic originating from the LAN Host Note 1 If you do not want to use a specific WAN for outgoing accesses you should still choose default here then customize the outbound access rule in the Outbound Traffic Management section Note 2 WAN connections in drop in or IP forwarding mode are not Shown here Click Save to save the settings when configuration is complete Important Note Inbound firewall rules override Inbound Mapping settings 782 Copyright 2008 Peplink Peplink Balance Series User Manual 16 Firewall Configuration A firewall is a mechanism that selectively filters data traffic between the WAN side the Internet and the LAN side of the network It can protect the local network from potential hacker attacks offensive Web sites and or other inappropriate uses The firewall functionality of Peplink Balance supports the selective filtering of data traffic in both directions e Outbound LAN to WAN Inbound WAN to LAN e Intrusion Detection and DoS Prevention 16 1 Outbound and Inbound Firewall Th
19. IP Address Outgoing NAT IP Address DNS Servers Use the following DNS server address es DNS server 1 DNS server 2 Network Settings for GRE This field illustrates that NAT Network Address Translation will be applied to the traffic routing over this WAN connection For further details please refer to the following sections e Section 10 4 1 Routing under GRE via Network Address Translation NAT e Section 10 4 2 Routing under GRE via IP Forwarding Routing Mode 38 lt Copyright 2008 Peplink Peplink Balance Series User Manual Network Settings for GRE This setting specifies the utilization of the WAN connection The selection of Always on results in the WAN connection to be used whenever it is available If Backup Priority and a priority group is selected the WAN connection is treated as a backup connection and is used only in the absence of available Always on WAN connection s Connection Type and higher priority backup connection s Connection Type ipaa Fatele 7 i __ The default and recommended Connection Type is Always on Reply ICMP Ping If this field is disabled the WAN connection will not respond ICMP Ping Requests requests By default this is enabled Upstream This setting specifies the data bandwidth in the outbound direction Bandwidth from the LAN through the WAN interface This setting specifies the data bandwidth in the inbound directi
20. Master Peplink Balance unit is 84 Copyright 2008 Peplink Peplink Balance Series User Manual received in 3 seconds or longer since the last heartbeat signal the Slave Peplink Balance unit becomes active e The Slave Peplink Balance unit initiates the WAN connections and binds to a previously configured LAN IP address e Ata subsequent point when the Master Peplink Balance unit recovers it will once again become active The settings to configure High Availability are located at the following location Network gt Misc Settings gt High Availability Network gt Misc Settings gt High Availability High Availability Enable Group Number 1 255 Preferred Role Master Slave Virtual IP 192 168 1 2 LAN Administration IP 192 168 1 1 Subnet Mask 255 455 255 0 High Availability High Availability Settings Checking this box specifies that the Peplink Balance unit is part of a High Availability configuration Group Number This setting specifies a number that identifies a pair of Peplink Balance units that operate in a High Availability configuration The two Peplink Balance units in the pair must have the same Group Number value Preferred Role This setting specifies whether the Peplink Balance unit operates in Master or Slave mode Click the corresponding radio button to set the role of the unit One of the units in the pair must be configured as the Master and the other un
21. No the rule does not take effect Peplink Balance disregards the other parameters of the rule Source This setting specifies the source IP Address IP Network or MAC Address for traffic that matches the rule eee This setting specifies the destination IP Address or IP Network for Destination traffic that matches the rule This setting specifies the IP Protocol and Port of traffic that matches proreo ene this rule You may select some common protocol from the Protocol Pom Selection Tool drop down menu This setting specifies the behavior of Peplink Balance for the outbound traffic rule One of the following values can be specified e Weighted Balance Algorithm e Persistence e Enforced e Priority e Least Used not applicable to Balance 20L and 30 e Lowest Latency not applicable to Balance 20L and 30 The next sections present the details of the above Algorithms De Copyright 2008 Peplink Peplink Balance Series User Manual Load Distribution Settings This setting specifies whether to terminate existing IP sessions on a less preferred WAN connection in the event that a more preferred WAN connection is recovered from the Down health state This setting is applicable to the Algorithms Weighted Persistence and Priority Terminate Sessions on Link Recovery By default this is disabled It means all existing IP sessions will not be terminated or affected when any other WAN connection is recovered
22. Port setting specify the protocol of the service as TCP UDP ICMP or IP Traffic that is received by Peplink Balance via the specified protocol at the specified port s is forwarded to the LAN hosts specified by the Servers setting IP Protocol Please refer below for details on the Port and Servers settings Alternatively the Protocol Selection Tool drop down menu can be used to automatically fill in the Protocol and a single Port number of common Internet services e g HTTP HTTPS etc After selecting an item from the Protocol Selection Tool drop down menu the Protocol and Port number remains manually modifiable The Port setting specifies the port s that correspond to the service and can be configured to behave in one of the following manners Any Port Single Port Port Range and Port Map Any Port all traffic that is received by Peplink Balance via the specified protocol is forwarded to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Any Port all TCP traffic is forwarded to the configured servers Single Port traffic that is received by Peplink Balance via the specified protocol at the specified port is forwarded via the same port to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 TCP traffic received on Port 80 is forwarded to Port the configured servers via Port 80
23. Settings Timeout P second s Health Check Interval P second s Health Retries P Recovery Retries P This setting specifies the timeout in seconds for ping DNS lookup Timeout requests Default Timeout is set to 5 second Health Check This setting specifies the time interval in seconds between ping or Interval DNS lookup requests Default Health Check Interval is 5 seconds sH Copyright 2008 Peplink Peplink Balance Series User Manual Other Health Check Settings This setting specifies the number of consecutive ping DNS lookup timeouts after which Peplink is to treat the corresponding WAN connection as down Default Health Retries is set to 3 Health Retries l l For example with the default Health Retries setting of 3 after consecutive 3 timeouts the corresponding WAN connection will be treated as down This setting specifies the number of consecutive successful ping DNS lookup responses that must be received before the Peplink treats a previously down WAN connection to be up again By default Recover Times is set to 3 Recovery Retries For example with the default Recover Retries setting of 3 a WAN connection that was treated as down will be considered to be up again upon receiving 3 consecutive successful ping DNS lookup responses In case a WAN connection goes down all of the WAN connections with non Always on C
24. WAN connections for the type of traffic By destination The traffic matching this rule will be persistently routed through the same WAN connection for the traffic from any machine to the same destination It provides a more even distribution of load to the WAN connections but also lower application compatibility The default Persistence Mode is by source When there are multiple client requests they can be distributed persistently to WAN connections with a weight If you choose Auto in the field Load Distribution the weights will be each WAN s Downstream Bandwidth which is specified in the WAN settings page see section 10 Configuration of WAN Interface s If you choose Custom you can customize the weight of each WAN manually by using the sliders 12 2 3 Algorithm Enforced This setting specifies the WAN connection usage to be applied on the specified IP Protocol amp Port and is applicable only when the Algorithm is set to Enforced Matching traffic will be routed through the specified WAN connection regardless of health check status of the WAN connection Ae Copyright 2008 Peplink Peplink Balance Series User Manual 12 2 4 Algorithm Priority This setting specifies the priority of the WAN connections to route the specified network service The highest priority available WAN connections will always be used for routing the specified type of traffic A lower priority WAN connection will be used onl
25. and may void the warranty 91 Copyright 2008 Peplink 18 3 Time Peplink Balance Series User Manual The Time Server functionality enables the system clock of Peplink Balance to be synchronized with a specified Time Server The settings for Time Server configuration are located at the following location System gt Time System gt Time Time Zone GMT Greenwich Mean Time iv Time Server Defout Save Time Server Settings Time Zone This specifies the time zone along with the corresponding Daylight Savings Time scheme in which Peplink Balance operates The Time Zone value affects the time stamps in the system logs of Peplink Balance and E mail notifications Time Server This setting specifies the NTP network time server to be utilized by Peplink Balance Oe Copyright 2008 Peplink Peplink Balance Series User Manual 18 4 Email Notification The Email Notification functionality of Peplink Balance provides a System Administrator with up to date information on network status The settings for configuring Email Notification are found at the following location System gt Email Notification System gt Email Notification Email Notification Require authentication SMTP User Name Sender s Email Address admin mycompany com Recipient s Email Address system mycompany com Test Email Notification Save
26. and 710 will further accommodate six additional WAN connections BOT Copyright 2008 Peplink Peplink Balance Series User Manual To enable Drop in mode perform the following steps from Network gt Interfaces gt LAN Drop in Mode on WAN1 Enable Default Gateway 192 168 1 1 I have other host s on WAN segment Host IP Address es 192 166 1122 in Delete 1 Check the Enable box under Drop in Mode After checking the Enable box most network settings for WAN1 will be hidden from Web Administration Interface 2 Put the IP address of the WAN1 router in the Default Gateway field Ensure that the Peplink Balance IP subnet is the same as the Firewall s WAN port and the Router s LAN port 3 If hosts other than the router exist on the WAN segment of Peplink Balance check the I have other host s on WAN segment box enter the IP address es of the host s and then click the down arrow to add the hosts The following diagram illustrates Internet Service Provider C Internet Service Provider B Internet Service Provider A Y A Q WAN1 Default Gateway WAN2 Default WANS Default 210 10 10 1 Gateway Gateway a PePLink Balance 210 10 10 5 Drop in mode 210 10 10 4 210 10 10 3 210 10 10 10 Firewall 192 168 0 1 Trusted LAN 192 168 0 0 24 gt 70 Copyright 2008 Peplink Peplink Balance Series User Manual Flushing ARP A
27. default 14 1 Definition of Servers on LAN This section applies only to Peplink Balance 200 300 380 390 700 and 710 The settings to configure servers on the LAN are located at the following location Network gt Inbound Access gt Servers Network gt Inbound Access gt Servers No Servers Defined To define a new server click Add Server upon which the following screen appears Network gt Inbound Access gt Servers gt Add Edit Server Server Name myserver Required Save Cancel N Lf Enter a valid server name consisting only of alphanumeric and the underscore characters and the corresponding LAN IP address Upon clicking Save after entering required information the following screen appears Network gt Inbound Access gt Servers Saved Changes will be effective after clicked the Apply Changes button 192 168 1 123 192 168 1 234 Delete Add Server To define additional servers click Add Server and repeat the above steps 58 Copyright 2008 Peplink Peplink Balance Series User Manual 14 2 Definition of Services This section applies only to Peplink Balance 200 300 380 390 700 and 710 Services are defined at Network gt Inbound Access gt Services Network gt Inbound Access gt Services No Services Defined Add Service Tip At least one server must be defined before services can be added Please refer to Sect
28. download and upgrade over the Internet The second method is to upload a firmware file manually Click on the Check for firmware button to use online upgrade With online upgrade Peplink Balance checks online for new firmware if new firmware is available the firmware is automatically downloaded by Peplink Balance The upgrade process will subsequently be automatically initiated You may also download a firmware image from the _ Peplink web site http www peplink com and update the unit manually Click Browse to select the firmware file from the local computer then click Upload to send the firmware to Peplink Balance Peplink Balance will then automatically initiate the firmware upgrade process Firmware Upgrade Status for Peplink Balance 20L 30 200 and 300 Status LED Information during firmware upgrade e OFF Firmware upgrade in progress DO NOT disconnect power e Red Unit is rebooting e Green Firmware upgrade successfully completed Important Note The firmware upgrade process may not necessarily preserve the previous configuration and the behavior varies on a case by case basis Consult the Release Notes for the particular firmware version Do not disconnect the power during firmware upgrade process Do not attempt to upload a non firmware file or a firmware file that is not qualified or not supported by Peplink Upgrading a Peplink Balance unit with an invalid firmware file will damage the unit
29. e Custom Outbound Traffic Rules The selections are explained as follows Outbound Traffic Policy Settings With the selection of this policy outbound traffic from a source LAN High Application device is routed through the same WAN connection regardless of the Compatibility destination Internet IP address and protocol This provides the highest application compatibility With the selection of this policy outbound traffic from a source LAN device to the same destination Internet IP address will persistently be n sila routed through the same WAN connection regardless of protocol pplication l a l Compatibility This provides high compatibility to most applications and users still benefit from WAN link load balancing when multiple Internet servers are accessed With the selection of this policy outbound traffic behavior can be Managed by managed by defining custom rules Custom Rules Rules can be defined in a custom rule table A default rule can be defined for connections that cannot match any one of the rules The default policy is Normal Application Compatibility 50 Copyright 2008 Peplink Peplink Balance Series User Manual 12 2 Fine Tuning Load Distribution for Individual Services Choose Managed by Custom Rules by clicking in the Outbound Policy form choose the desired policy and press the Save button The following screen will then be displayed Network gt Outbound Poli
30. lengths of time to refresh yo ee Copyright 2008 Peplink Peplink Balance Series User Manual 10 Configuration of WAN Interface s The WAN interface settings are located in Network gt Interfaces gt WAN There are four possible connection methods DHCP Static IP PPPoE GRE The connection method and details are determined by and can be obtained from the ISP 10 1 DHCP Connection The DHCP connection method is suitable if the ISP provides an IP address automatically by DHCP e g Cable Metro Ethernet etc Network gt Interfaces gt WAN gt WAN Connection 1 WAN Connection Name CF i WAN1 Yes 2o Enable Connection Method Routing Mode Connection Type MAC Address Clone VLAN DNS Servers Hostname Optional 2 ooo a m P Auto Ocustom ssi joo khi kle blee kle Default F L Enable Obtain DNS server address automatically C use the following DNS server address es DNS server 1 DNS server 2 LJ Use custom hostname 30 Copyright 2008 Peplink Peplink Balance Series User Manual Network Settings for DHCP This field illustrates that NAT Network Address Translation will be applied to the traffic routing over this WAN connection Routing Mode l l i For further details please refer to Appendix B Routing under DHCP Static IP and PPPOE This setting specifies the utilization of the WAN connection The selection of Always on
31. port number is non standard you can check the Define custom signal ports and input the port numbers to the text boxes FTP Passthrough FTP sessions consist of two TCP connections One for control and one for data In multi WAN situation they have to be binded to the same WAN connection Otherwise problems will arise in transferring files By default the Peplink Balance monitors TCP control connections on port 21 for any FTP connections and binds TCP connections of the same FTP session to the same WAN If you have an FTP server listening on a port number other than 21 you can check the Define custom control ports and enter the port numbers to the text boxes TFTP Passthrough The Peplink Balance monitors outgoing TFTP connections and routes any incoming TFTP data packets back to the client Select Enable if you want to enable the TFTP passthrough support IPsec NAT T Passthrough This field is for enabling the support of IPsec NAT T passthrough UDP ports 500 4500 and 10000 are monitored by default You may add more custom data ports that your IPsec system uses 88 Copyright 2008 Peplink Peplink Balance Series User Manual 18 System Settings 18 1 Admin Security For security reasons after logging in to the administration interface at the first time changing the administrator password is recommended Configuring the administration interface to be accessible only from the LAN can furt
32. registered user name for the dynamic DNS service Password Pass TZO Key This setting specifies the password for the dynamic DNS service Hosts Domain This setting specifies a list of hostnames or domains to be associated with the public Internet IP address of the WAN connection Important Note In order to use dynamic DNS services appropriate hostname registration s as well as a valid account with a supported dynamic DNS service provider are required A dynamic DNS update is performed whenever a WAN s IP address changed E g IP is changed after a DHCP IP refresh reconnection etc Due to dynamic DNS service providers policy a dynamic DNS host would expire automatically because the host record was not updated for a long time Therefore Peplink Balance performs an update every 23 days even if a WAN s IP address did not change sA Copyright 2008 Peplink Peplink Balance Series User Manual 11 Site to Site VPN This section applies only to Peplink Balance 380 390 700 and 710 Peplink Balance site to site VPN functionality securely connects a branch office to your company s main headquarters or to other branches The data voice or video communications between these locations are kept confidential across the public Internet The Site to Site VPN of the Peplink Balance is specifically designed for multi WAN environment The Peplink Balance can aggregate all WAN connections
33. results in the WAN connection to be used whenever it is available If Backup Priority and a priority group is selected the WAN connection is treated as a backup connection and is l used only in the absence of available Always on WAN connection s Connection Type and higher priority backup connection s Connection Type The default and recommended Connection Type is Always on Reply ICMP Ping If this field is disabled the WAN connection will not respond ICMP Ping Requests requests By default this is enabled Upstream This setting specifies the data bandwidth in the outbound direction Bandwidth from the LAN through the WAN interface This setting specifies the data bandwidth in the inbound direction from the WAN interface to the LAN Downstream Bandwidth The value of this setting is also used as the default weight value for the default outbound rule if Custom Outbound Traffic Rules in Outbound Traffic Management Physical Interface Settings This setting specifies port speed and duplex configurations BPpeed By default Speed is set to Auto adi This setting specifies the Maximum Transmission Unit By default MTU is set to 1440 This setting should be configured based on the maximum payload size that the local system can handle The MSS Maximum Segment Size MSS is computed from the MTU minus 40 bytes for TCP over IPv4 If MTU is set to Auto the MSS will also be set automatically
34. the active inbound and outbound UDP and TCP sessions of each WAN connection on Peplink Balance 106 Copyright 2008 Peplink Peplink Balance Series User Manual 19 5 DHCP Clients The DHCP Clients table is at Status gt DHCP Clients It lists DHCP client IP addresses and MAC addresses that the Peplink Balance has offered IP addresses to since it is powered up Status gt DHCP Clients MAC Address 00 6 19 279 c8 19 IP Address 197 168 1 10 19 6 Log Log information is located at Status gt Logs Jan 1 00 00 29 Link health check monitor started Jan 1 00 00 40 Health check status changed WAN 1 DOWN Lost Connection WAN 2 DOWN Lost Connection WAN 3 DOWN Link Down Jan 1 00 00 55 SIP tracking enabled Jan 1 00 01 50 Health check status changed WAN 1 UP May 10 11 38 18 Time synchronization success May 10 11 39 03 SIP tracking enabled May 10 11 39 14 Time synchronization success May 10 11 39 47 Health check status changed 25 Health check status changed 37 Health check status changed 49 Health check status changed 58 Health check status changed 51 Health check status changed 42 42 43 43 May 10 May 10 May 10 May 10 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 May 11 11 1i 13 13 D2 Da Of O72 0z 02 0z 02 O2 D2
35. the hostname to look up Default Server balance mycompany com Address Z02 153 122 108 Name www mycompany com Address 2uUzZedooel 22 109 CGleo8 212 419 The values of the IP addresses are fictitious and for illustration only the actual IP addresses in implementation will likely be different 76 Copyright 2008 Peplink Peplink Balance Series User Manual 15 Configuration of NAT Mappings This configuration replaces DMZ in firmware versions prior to 3 8 The configuration of NAT Mappings allows the IP address mapping of all inbound and outbound NAT ed traffic to and from an internal client IP address The settings to configure NAT Mappings are located at Network gt NAT Mappings 192 168 1 23 WAN1 29 123 123 13 WAN1 29 123 123 13 Delete 1927 168 1 24 WAN2 30 21 21 12 WAN 2 30 21 21 12 Delete Add NAT Rule To add a NAT Mapping click Add NAT Rule upon which the following screen is displayed Network gt NAT Mappings gt Add Edit NAT Mappings LAN Host Inbound Mappings Outbound Mappings NAT Mapping Settings This is the IP address of the host on the LAN that the system should LAN Host map the selected connection IP address correspondences This setting specifies the WAN connections and corresponding WAN specific Internet IP addresses on which the system should bind on Any access to the specified WAN connection s and IP address es will Inbound be forwarded to the LAN
36. 1 Reply Source 2 2 3 4 Destination 1 2 3 7 Server IP 2 2 3 4 IP 10 0 0 11 41 Copyright 2008 Peplink Peplink Balance Series User Manual 10 4 2 Routing under GRE via IP Forwarding The following figure shows a typical scenario with Peplink Balance under the GRE connection mode and IP Forwarding routing mode Tunnel Local IF Tunnel Remote IP oy Bae Address Address 192 168 128 222 192 168 128 223 PePLink Balance mci YZIOZZ EOL OLZ PePLink Balance Router Private GRE Router k ae _ bod In this scenario the IP address settings are as follows WAN IP Address 172 23 2 123 Default Gateway 172 23 2 122 Remote GRE IP address 172 23 254 87 the GRE router or host s IP address Tunnel IP remote address 192 168 128 223 IP address of remote end of tunnel Tunnel IP local address 192 168 128 222 IP address of local end of tunnel LAN IP Address 210 103 22 1 The following figure shows the packet flow for Peplink Balance under GRE connection mode and IP Forwarding routing mode Request Source 1 2 3 5 Encapsulated Request Source 192 168 113 7 Destination 2 2 3 4 Destination 192 168 113 8 Request Source 1 2 3 5 R nnel ji f GRE Tunnel Destination 2 2 3 4 Reply Source 2 2 3 4 Destination 1 2 3 5 Tunnel IP 192 168 113 7 Tunnel IP 192 168 113 8 MANGA iG IP 1 234 1P 1 234 Encapsulated Reply GRE Gateway Source 192 1
37. 1 This setting specifies that SNMP version 1 is to be enabled SNMPv2c This setting specifies that SNMP version 2 is to be enabled SNMPv3 This setting specifies that SNMP version 3 is to be enabled To add a community for either SNMPvi or SNMPv2c click the Add SNMP Community button in the Community Name table upon which the following screen is displayed System gt SNMP gt Add SNMP Community Community Name MyCompany Allowed Source Subnet Address 192 168 1 20 Allowed Source Subnet Mask Community Name SNMP Community Settings This setting specifies the SNMP Community Name OS Copyright 2008 Peplink Peplink Balance Series User Manual SNMP Community Settings This setting specifies a subnet from which access to the SNMP server is Allowed Source allowed Subnet Address Enter subnet address here e g 192 168 1 0 Source Subnet This setting specifies the subnet mask that corresponds to the subnet Mask specified via Allowed Source Subnet Address e g 255 255 255 0 To define a user name for SNMPv3 click Add SNMP User in the SNMPv3 User Name table upon which the following screen is displayed System gt SNMP gt Add SNMP User Authentication Protocol MOS nme cana Privacy Password myprivpasswd User Name snmpuser E ka ka SNMPv3 User Settings User Name This setting specifies a user name to be used in SNMPv3 This setting specifies via a drop down menu the o
38. 10 9 30 1 icmp_seq 3 tt 128 time 0 000 ms 64 bytes from 10 9 30 1 icmp_seq 4 t 128 time 0 000 ms 64 bytes from 10 9 30 1 icmp_seg 5 tt 128 time 0 000 ms 10 9 30 1 ping statistics 5 packets transmitted 5 received 0 packet loss time 4010ms rt minJayq max mdey 0 000 0 000 0 000 0 000 ms A System Administrator can use the Ping utility to manually check the connectivity of a particular LAN WAN connection 101 Copyright 2008 Peplink Peplink Balance Series User Manual 18 12 Traceroute Test The Traceroute Test tool in Peplink Balance traces the routing path to the destination through a particular Ethernet interface The Traceroute Test utility is located at System gt Tools gt Traceroute The Traceroute Test utility is displayed as a pop up window illustrated as follows Traceroute Test IP Address or Domain Name Interface WANT traceroute to 218 103 62 122 218 103 62 122 30 hops max 40 byte packets 1 Balance 10 9 1 1 100 000 ms 10 000 ms 10 000 ms 2 balance 10 1 9 1 20 000 ms 0 000 ms 30 000 ms Traceroute A System Administrator can use the Traceroute utility to analyze the connection path of a LAN WAN connection 102 Copyright 2008 Peplink Peplink Balance Series User Manual 19 Status The information section displays the information of Peplink Balance on the device site to site VPN link usage active sessions DHCP clients and log 19 1 Device
39. 2 Whaat A Chg Points Copyright 2008 Peplink 8 Peplink Balance Series User Manual 5 2 Peplink Balance 30 300 5 2 1 Front Panel Appearance peplink LH ian XH WANS WAN WANI 5 2 2 LED Indicators The statuses indicated by the Front Panel LEDs are as follows Power and Status Indicators OFF Power off PONET Green Power on OFF System initializing Status Red Booting up or busy Orange Power on self test Green Ready state LAN Indicators OFF Port is not connected Activity Green Port is connected Blinking Port is transferring data OFF 10Mbps pOPaCe Orange 100Mbps WAN Indicators OFF Port is not connected Activity Green Port is connected Blinking Port is transferring data OFF 10Mbps ace Orange 100Mbps Copyright 2008 Peplink 5 2 3 Rear Panel Appearance RS 232 Port roe WAN Ports 5 2 4 Connector Ports Connector Ports RS 232 Port Reserved for engineering use Supports up to three 10 100BaseT WAN connections typically connected to broadband modems Supports up to four 10 100BaseT LAN connections typically connected to client PCs WAN Ports LAN Ports Power Connector DC 9V power input from supplied power adaptor 5 2 5 Unit Base Appearance Serial Number and LAN MAC Address ip ere GE ope in 2A PoPLink Balance 300 ragad Wada e Chor Produi
40. 68 113 8 IP 1 2 3 1 Destination 192 168 113 7 Reply IP 2 2 3 4 Source 2 2 3 4 Destination 1 2 3 5 IP 1 2 3 6 sA a Copyright 2008 Peplink Peplink Balance Series User Manual 10 5 WAN Health Check To ensure traffic is only routed to health WAN connections only Peplink Balance provides the functionality to periodically check the health of each WAN connection The Health Check settings for each WAN connection can be independently configured via Network gt Interfaces gt WAN Method P DNS Lookup Health Check DNS Serwers Host 1 Host 2 Use first two DNS servers as Health Check DNS Servers Timeout P second s Health Check Interval P second s Health Retries Recovery Retries Health Check Settings This setting specifies the health check method for the WAN connection Method The value of Method can be configured as Disabled Ping or DNS Lookup The default method is DNS Lookup Health Check Disabled Note Health check disabled The link will not be treated as down for IP routing errors considered up The connection will not be treated as down in the event of IP routing errors Health Check Method Ping Method Ping Hosts Use first two DNS servers as Ping Hosts The ICMP Ping packets will be issued to test the connectivity with a configurable target IP address or hostname A WAN connection is considered up if ping responses
41. Counter J The Link Usage Status section displays the cumulative amounts of data that have been transferred through each WAN connection as well as the inbound and outbound rate of data transferred via various protocols If you click on the Add Trip Counter link a new transfer volume table will be shown where the values are reset to zero This will enable you to count the transferred volume from a specific time instead of from the system up time 105 Copyright 2008 Peplink Peplink Balance Series User Manual 19 4 Active Sessions Information on Active Sessions is at Status gt Active Sessions Status gt Active Sessions WAN1 WAN1 No connections WAN2 WAN2 No connections WAN3 WAN3 No connections WAN1 WAN1 192 168 1 10 1563 _ isaaisa ia1 245 999 maps Jooo 19236811011849 i373 a30 www Jooo is2 169 1 40 1652 i7373 53 80 www Jooo as2 a60 1 a0 4655 7373 513 80 www Jooo WAN2 WAN2 192 168 1 10 1114 10 9 30 1 24800 D 00 00 01 192 168 1 10 1120 10 9 1 252 445 JO0 00 01 192 168 1 10 1578 139 85 139 18 443 00 00 06 00 00 11 192 168 1 10 1850 139 173 5 13 80 00 00 01 192 168 1 10 1853 139 173 5 13 80 WAN3 WAN3 192 168 1 10 1847 139 173 5 13 80 00 00 01 5 13 00 00 01 WAN1 WAN1 No connections WAN2 WAN2 No connections WAN3 WAN3 No connections WAN1 WAN1 WAN2 WAN2 No connections WANS WAN3 No connections This Active Sessions section displays
42. If it is set to enabled existing IP sessions may be terminated when another WAN connection is recovered such that only preferred healthy WAN connection s are used at any point in time 12 2 1 Algorithm Weighted Balance This setting specifies the ratio of WAN connection usage to be applied on the specified IP Protocol amp Port and is applicable only when Algorithm is set to Weighted Balance Algorithm Weighted Balance Load Distribution WAN 10 Weight Terminate Sessions P on Link Recowery LJ Enable The amount of matching traffic that is distributed to a WAN connection is proportional to the weight of WAN connection relative to the total weight Use the sliders to change each WAN s weight Example With the following weight settings on a Peplink Balance 300 e WANI1 10 e WAN2 10 e WANS 5 Total weight is 25 10 10 5 Matching traffic distributed to WAN1 is 40 10 25 x 100 Matching traffic distributed to WAN2 is 40 10 25 x 100 Matching traffic distributed to WAN3 is 20 5 25 x 100 12 2 2 Algorithm Persistence The configuration of Persistent Services is the solution to the few situations where link load distribution for Internet services is undesirable For example many e banking and other secure websites for security reasons terminate the session when the client computer s Internet IP address changes mid session In general different Internet IP addresses represent di
43. Internet WAN connection Solution You can test the WAN connection by ping which is similar to problem 4 As we want to isolate the problems from the LAN ping will be performed from Peplink Balance By using the Ping Traceroute under the tab Status of the Peplink Balance you may able to find out the source of problem Problem 6 When I upload files to a server via ftp the transfer stalls after a few kilobytes of data are sent What should I do Solution The Maximum Transmission Unit MTU or MSS setting may need to be adjusted By default the MTU is set at 1440 Choose Auto for all of your WAN connections If it does not solve you may try the MTU 1492 if a connection is a DSL If problem still persists change the size to smaller values until your problem is resolved e g 1462 1440 1420 1400 etc s i7 Copyright 2008 Peplink Peplink Balance Series User Manual Appendix E Product Specifications E 1 Peplink Balance 20L and 200 Routing e NAT Drop in and IP Forwarding Drop in mode is not applicable to Balance 20L e Configurable Static Routes WAN Support DHCP PPPoE GRE and Static IP Inbound and Outbound Link Load Balance Device Management e Wizard amp Menu Driven Web based Administration Interface over HTML SSL Remote Reporting and Management e Configurations Upload and Download Security e Compatible with IPsec and PPTP VPN e Rules based Stateful Firewall with IP A
44. Maintenance Peplink Balance Series User Manual gt gt Power off gt gt Reboot 4 shows firmware version shows serial number shows current time shows up time since server reboot shows current CPU loading 0 100 shows LAN port physical status shows LAN IP address shows LAN subnet mask shows Connected Disconnected IP address list shows transfer rate in Kbps shows transfer rate in Kbps shows volume transferred since last reboot in MB gt Power off gt Reboot gt Factory default gt LAN config gt Port speed gt LAN gt WAN1 gt WAN2 gt gt WAN7 gt Power off Yes No powers off unit gt Reboot Yes No reboots unit gt Factory default Yes No restores factory defaults shows port speed Auto 10baseT FD 10baseT HD 100baseTx FD 100baseTx HD 1000baseTx FD sipa Copyright 2008 Peplink Peplink Balance Series User Manual 5 4 3 Rear Panel Appearance USB Ports Reset Switch Power Switch i iS SA E 5 ands MF gt x A pE OO FC t 4 Ea AM ARS ELA i yi ny X sA NN aes Ca b Pats ee RA ee i er Po ALAN yee RS 232 Port Power Connector Connector Ports RS 232 Port Reserved for engineering use USB Ports Reserved for engineering use Power Connector AC input 110 220V Power Switch To hold pressing the key for 4 secs will power down the unit
45. No to disable the VPN service To select the Peplink Balance to act as a Server or a Client It is favorable for a Peplink Balance to act as a server if all of its WAN connections also have Internet IP address es and at least one of them Role is a Static one If the server end does not have any static Internet IP address you can set up dynamic DNS service for the WAN connections On the client end enter the server s dynamic DNS host names into the Server Hosts field Remote Subnets By default only the remote LAN s subnet will be routed through the VPN If the remote end has multiple subnets and you want to make use of the VPN to reach the subnets you can input the subnets addresses here NOTE Make sure the remote end s Static Routes of the LAN Settings page see section 8 also included the same routes WAN Connectivity Priority You can specify the priority of the WAN connections to be used for making VPN connections WAN connections set to OFF will never be used Only available WAN connections with the highest priority will be used for making VPN connections Outgoing traffic will be distributed evenly if more than one connection that have the same priority Server Settings Client Serial Number The server only accepts connections made from a client with the serial number specified here If the remote end is in high availability setup you can check the check box Remote client is set up in high availabi
46. P New Outbound Traffic Rule Enable On yYes ONo Source Set the weight of Destination WAN1 and WAN2 POEN TCP smel SMTP Se ET a for SMTP to 1 and EE oE Port G 8 respectively a ES Weight Terminate Sessions O on Link Recovery L Enable Save Cancel C 2 Maintaining the Same IP Address throughout a Session C 2 1 Scenario Some client IP address sensitive web sites for example Internet banking use both client IP address and cookies matching for session identification Since different IP addresses are used during the load balancing the session is dropped when a mismatching IP is detected C 2 2 Solution Make use of the Persistency functionality of Peplink Balance With Persistency configured and the option By destination selected Peplink Balance uses a consistent WAN connection for source destination pairs of IP addresses and prevents sessions from being dropped With Persistency configured and the option By source selected Peplink Balance uses a consistent WAN connection for same source IP addresses This option offers even higher application compatibility but the outbound traffic load will be distributed more evenly only if more users use the Internet siiile Copyright 2008 Peplink Peplink Balance Series User Manual C 2 3 Settings Set persistence in Network gt Outbound Traffic Management gt Custom Outbound Traffic
47. RE 7 olny lbs Gato 0 20 0 0 a E A E 9 le gO EALAN ceo o 6 dio E ne en eee eee eee 1 PEPONE BALANCE 7007 TO sscencs cot N A so eeerate aac e serie Uecan cus tease eno aesen 14 INSTALLA THON oasa lt conesecasataenssaasaoncuesteose caneseanectas 17 CONNECTING THE NETWORK WITH PEPLINK BALANCE ccseccencssaccacccesstencsscasaacsacnaadeacnssacesancyecaammeecsaaadanceacics 17 CONFIGURING COMPUTERS ON THE LARN carenecercocertetericnnseureresessunancceey seunssctnencessaesoueavacutuesecantaenenesnenacie 18 BASIC CONFIGURATION csissccvercecctcseateasspencerdsnced estacssecsadeaiareeessenscoscustassetsasccesaand eotnecccasacadeeuteceeet 21 CONNECTING TO WEB ADMINISTRATION INTERFACE ccceeseccccceeeseccsceececcsseeeseecssseeeesessseueeeecsseuueesesseeeness Z CONC UR ATION INES TUP NNA ertrar TETEE EEEE TEE E denen E AE EEEE EEEO 22 PROVINCE TU E E 23 CONFIGURATION OF LAN INTERFACES scsssccssscaccsssceceteesssccseanconseaecdeaseetacanadedacseaaenceossteesseatactesas 24 DROP IN MODE creron E ects auecouse cuss saenosceustvbss E E E S 27 CONFIGURATION OF WAN INTERFACE S ccccssssccccsssscccssssccccscsccecscssccceessccecesscccceessceeeess 30 OC ONE TON cscs eee ce E E E T E E E E EE E E E I E 30 UCAF ONION E es oats neice ceaadsasaesauenenesenatceuecas nase 33 Fee ON casera rse es ceca T 35 Ed GS a are nn en E E 38 VARN TEAR RAE sors atone A stature atm tetytevetnaetr ose sanen cents E E A E E EE AA 43 ADOMONAL PUBIC IPF SEIN G
48. Rules Click Add Rule select HTTP TCP port 80 for web service and select Persistence HTTP Persistence Service Name Enable KO Source Destination Protocol D Port Persistence Algorithm EENT TTO OBy Source By Destination CEDE CO Auto O Custom Terminate Sessions on Link Recovery L Enable A network administrator can use the Traceroute utility to manually analyze the connection path of a particular WAN connection s 14 Copyright 2008 Peplink Peplink Balance Series User Manual C 3 Bypassing the Firewall to Access Hosts on LAN C 3 1 Scenario There are times when remote access to computers on the LAN is desirable for example when hosting web sites online businesses and FTP download and upload areas etc In such cases it may be appropriate to create an inbound NAT mapping for the network to allow some hosts on the LAN to be accessible from outside of the firewall C 3 2 Solution Web Administration Interface can be used for adding an inbound NAT mapping to a host and to bind the host to the WAN connections via Network gt NAT Mappings gt Add NAT Rule For example the following settings add the host with IP address 192 168 1 102 to an Inbound Mapping and bind the host to the default IP and 12 23 34 3 of WAN1 Network gt NAT Mappings gt Add Edit NAT Mappings LAN Host 192 168 1 102 Inbound Mappings Outbound Mappings siine Co
49. S penenr 46 DYNAMIC DNS SETTINGS ssseosesesssssesssserssseresssesssserssssssserersessasrsrersessrssstersssersesteesssesssseresssaeseseeeessasesreeeessas 46 SME TOSHE VEN cre E A 48 MANAGEMENT OF OUTBOUND TRAFFIC TO WAN ssssccccssssssecccccscssccccccssssccceecessscceeeeeess 50 UT OUI El P O eE E A EE eeasusees 50 FINE TUNING LOAD DISTRIBUTION FOR INDIVIDUAL SERVICES cccccsccccssessesccsseaseaccascecsascassaccesseeseaseaseaseas 5 SERVICE FORWARDING eeeeeeeseseesseccesesccsseccesescceseccossecosseccoseecoeseecoseseceseccosseccosescosseecesescosseeceseeeee 56 EEE E E i E E E A A E E E E E E E E A E E E E AE TTT 56 WEB PROXY FORWARDING sessssssssssceerssssssstttrresssstttttttssssttttttt sses t tett esseet tertres seet ttt esseet ttttesseeeeetessseeeeereee 56 ORS RORY POIO axes chee a cats Gece ccs love E E E 57 MANAGEMENT OF INBOUND ACCESS FROM WAN sccsccccsssssssccccsssssccceeesseccceceessscceseees 58 EI TIONEO SER CE Rs ONAN nisreen re EE EER 58 PE INTO SE Se cates acetates to srers stare ces cet R sng create N E E E E S 59 DEERRNTONOFFORTF O NA EOIN eena E EE 63 PE FIT Ne ORNS EE OFE a ie vets aisece nc os sss e eacadg teen se Sa sae ea eae ve ae ese ace ates eensaacoee 65 CONFIGURATION OF NAT MAPPINGS ccsscccccsssccccscsscccsessccececscceceesscceeesscceceescceeeescceesess 77 ae ee Copyright 2008 Peplink Peplink Balance Series User Manual 16 FIREWALL CONFIGURATION
50. System information is located at Status gt Device Status gt Device System Time Fri May 11 09 34 48 UTC 2007 Seral Number 1824 B937 B937 00 11 6E 11 6E DC 00 11 6E 11 6E DD 00 11 6E 11 6E DE 00 11 6E 11 6E DF System Information System Time This shows the current system time Serial Number This shows the serial number of the Peplink Balance unit kma This shows the firmware version on which the Peplink Balance unit is verion currently running The second table shows the MAC address of each Ethernet interface 103 Copyright 2008 Peplink Peplink Balance Series User Manual 19 2 Site to Site VPN Status This section applies only to Peplink Balance 380 390 700 and 710 Site to Site VPN status information is located at Status gt Site to Site VPN Status gt Site to Site VPN Established Current Priority 1 Local Serial Number 1824 2468 2468 Remote Serial Number 1824 1357 1357 1 DSL_eM 2 DSL_6M 3 Cable_10M online This screen shows the current Site to Site VPN s connection status local and remote device s serial number The VPN Details table shows which WAN connections are being used for routing VPN traffic 104 Copyright 2008 Peplink Peplink Balance Series User Manual 19 3 Link Usage Status Link usage status information is located at Status gt Link Usage Status gt Link Usage Data transferred since last reboot Add Trip
51. To restrict web admin access only from defined IP subnets Any Allow web admin accesses to be from anywhere without IP address restriction Allow access from the following IP subnets only Restrict web admin access only from the defined IP subnets When this is chosen a text input area will be displayed beneath AEE ETO O Any Allow access from the following IP subnets only The allowed IP subnet addresses should be entered into this text area Each IP subnet must be in form of n n n n n where n n n n is an IP address e g 192 168 0 0 and m is the subnet mask in CIDR format which is between O and 32 inclusively For example 192 168 0 0 24 To define multiple subnets separate each IP subnet one in a line For example 192 168 0 0 24 10 8 0 0 16 Allowed WAN IP Addresses This is to choose which WAN IP address es the web server should listen on Allowed WAN IP Address es 90 Copyright 2008 Peplink Peplink Balance Series User Manual 18 2 Firmware Upgrade The firmware of Peplink Balance is upgradeable through Web Administration Interface Firmware upgrade functionality is located at System gt Firmware System gt Firmware Last Status Current firmware version 4 0 0 New version available 4 0 4 Download and Upgrade Check again Firmware Image Upgrade There are two ways to upgrade the unit The first method is online firmware upgrade The system can check
52. a latency sensitive application requires to be routed through the lowest latency WAN regardless the WAN s available bandwidth ee Copyright 2008 Peplink Peplink Balance Series User Manual 13 Service Forwarding 13 1 SMTP Forwarding Some ISPs require their users to send e mails via the ISP s SMTP server All outgoing SMTP connections are blocked except those connecting to the ISP s The Peplink Balance supports to intercept and redirect all outgoing SMTP connections destined for TCP port 25 via a WAN connection to the WAN s corresponding SMTP server ee 2 lt 0 112 223 112 293 2e To enable the feature check the Enable check box of the SMTP Forwarding Check Enable Forwarding for the WAN connection that needs such forwarding Enter the ISP s e mail server address and TCP port number for each WAN The Peplink Balance will intercept SMTP connections choose a WAN with reference to the Outbound Policy and then forward the connection to the forwarded SMTP server if the chosen WAN enabled forwarding If the Forwarding is disabled for a WAN connection SMTP connections for the WAN will be simply forwarded to the connection s original destination If you want to route all SMTP connections only to particular WAN connection s you Should create a rule in Outbound Policy see section 12 2 13 2 Web Proxy Forwarding Enable IP Address 202 43 66 76 rt 8p When this feature is enabled t
53. ansmission Unit By default MTU is set to 1440 This setting should be configured based on the maximum payload size that the local system can handle The MSS Maximum Segment Size MSS is computed from the MTU minus 40 bytes for TCP over IPv4 If MTU is set to Auto the MSS will also be set automatically By default MSS is set to Auto This setting allows configuring a user specified MAC address Some service providers e g cable providers identify the clients MAC addresses and require a client to always connect using the same MAC address In such cases change the Peplink Balance WAN interface MAC Address MAC address to the original client PC s via this field The default MAC Address is a unique value assigned at the factory In most cases the default value suffices Clicking the Default button restores the MAC Address to the default value Some service providers require the router to enable VLAN tagging for Internet traffic If it is required by your service provider you can VLAN enable this field and enter the VLAN ID that the provider requires Note Leave this field disabled if you are not sure Static IP Settings These settings specify the information required in order to IP Address communicate on the Internet via a fixed Internet IP address Subnet Mask Default Gateway The information is typically determined by and can be obtained from the ISP and include the following sJ Cop
54. are received from either one or both of the ping hosts 43 Copyright 2008 Peplink Peplink Balance Series User Manual Health Check Settings This setting specifies IP addresses or host names with which connectivity is to be tested via ICMP Ping If Use first two DNS servers as Ping Hosts is checked the target l ping host will be the first DNS server for the corresponding WAN Ping Hosts connection Reliable ping hosts with a high up time should be considered By default the first two DNS servers of the WAN connection are used as the Ping Hosts Health Check Method DNS Lookup OJ onstoowe Health Check DNS Servers Host 1 Host 2 Use first two DNS servers as Health Check DNS Servers DNS lookups will be issued to test the connectivity with target DNS servers The connection will be treated as up if DNS responses are received from either one or both of the servers regardless of whether the result was positive or negative This field specifies two DNS hosts IP address with which connectivity is to be tested via DNS Lookup If Use first two DNS servers as Health Check DNS Servers is Health Check checked the target DNS hosts will be the first two DNS servers DNS Servers assigned to this WAN connection Reliable targets with a high up time should be considered By default the first two DNS servers of the WAN connection are used as the Health Check DNS Servers Other Health Check
55. ates the flash module that is the target of the next Next Firmware firmware upgrade Upgrade Target By default the target of the next firmware upgrade is the flash module that is NOT designated for the next boot For Peplink Balance 20L 30 200 and 300 by clicking Load config from Flash X the configuration parameters on the corresponding flash module is loaded but not applied X corresponds to the flash module that is NOT designated for the next boot For example clicking Load config from Flash 1 loads the configuration from Flash 1 but does not apply the corresponding settings The configuration parameters are applied upon clicking Apply Changes on the page header of Web Administration Interface 100 Copyright 2008 Peplink Peplink Balance Series User Manual 18 10Reboot This page provides a Reboot button for restarting the system System gt Reboot Reboot 18 11 Ping Test The Ping Test tool in Peplink Balance performs Pings through a specified Ethernet interface The Ping utility is located at System gt Tools gt Ping The Ping utility is displayed as a pop up window illustrated as follows Ping Test IP Address or Domain Name 10 9 30 1 Interface WANI Number of times to Ping 5 PING 10 9 30 1 10 9 30 1 from 10 9 2 33 eth 56 34 bytes of data 64 bytes from 10 9 30 1 icmp _seq 1 tte 126 time 0 000 ms 64 bytes from 10 9 30 1 icmp_seq 2 tte 128 time 0 000 ms 64 bytes from
56. ave the page 7 3 Copyright 2008 Peplink Peplink Balance Series User Manual DNS Registration and Hosting Domain Delegation These are the steps to be used when you host your domain at your ISP or a domain registrar and want to delegate a sub domain to be resolved and managed at Peplink Balance 1 Create a domain e g www mycompany com Homain com Domain Name Wwww mycompany com Add Domain 2 Create NS records named ns1 ns2 etc The IP addresses are the Balance s DNS server addresses cat J pace JO TIL sec Refresh sec Retry sec Expire sec Min time sec 3600 16364 1048576 2560 E mail hostmaster Name Server IP Address 220 246 168 380 3 Then create an A record with an empty host name o 5 second s Default Custom M WAN1 defaut A 9912312311 29 123 123 12 wanz a 7A Copyright 2008 Peplink Peplink Balance Series User Manual Included IP Address es TIL sec WAN default New A Record If ISC BIND 8 or 9 is being utilized in the zone file mycompany com then the addition of the following lines suffice WWW IN NS balancewanl WWW IN NS balancewan2 balancewanl IN A 202 153 122 108 balancewan2 IN A 61s 30 212416 202 153 122 108 and 67 38 212 18 represent the WAN1 and WANZ2 Internet IP addresses of Peplink Balance respectively The values of the IP addresses are fictitious and for illustration only th
57. ber and LAN MAC Address Dus peplink http Awww peplink com Copyright 2008 Peplink Peplink Balance Series User Manual 5 4 Peplink Balance 700 710 5 4 1 Front Panel Appearance LCD Display LAN Port Console Port Balance710 LCD Controls WAN Ports Power LED Status indicated in the Front Panel is as follows LED Indicator Power LED OFF Power off ON Green Power on Console Port Console Port Reserved for Engineering Use LAN Port and WAN Ports 1 to 3 Gigabit Ethernet Green LED ON 1000 Mbps OFF 100 10 Mbps Yellow LED Solid Port is connected without traffic Blinking Data is transferring OFF Port is not connected They are auto MDI MDI X ports WAN Ports 4 to 7 Fast Ethernet Green LED ON 100 Mbps OFF 10 Mbps Yellow LED Solid Port is connected without traffic Blinking Data is transferring OFF Port is not connected They are MDI ports 14 Copyright 2008 Peplink 5 4 2 LCD Display Menu gt System Status gt System gt Firmware ver gt Serial number gt System time gt System up time gt CPU load gt LAN gt Status gt IP address gt Subnet mask gt Link status gt WAN1 gt WAN2 gt gt WAN7 gt Link usage gt Throughput in gt WAN1 gt WAN2 PP as gt WAN7 gt Throughput out gt WAN1 gt WAN2 gt gt WAN7 gt Data Transfer d gt WAN1 gt WAN2 gt gt WAN7 gt
58. cccccccccccccccccccccsceccccsccccececcecccccccccsceccscsccscsccccececccccscscesescnsess 79 16 1 OUTBOUND AND INBOUND FIRE Vy AU cect ccssrenscecisecsenecauasecesazscanecanesudenssacaensaesaheiacanocasaeteatesaseenueaseasanosaatoans 79 16 2 INTRUSION DETECTION AND DOS PREVENTION ssccacocececssaceceuadesecescsncecabecosseciacconsbodessseedanceeonodadeeesseoceeuvaceee 83 17 MISCELLANEOUS SETHNOS sesers ad 84 17 1 FA EN E E EE E EE EE EE AE 84 17 2 TRAFFIC FPRIORTZANON psec cts eee tee cetera csc cere wc cl ceca toc ETEESI edie eset ees 86 17 3 SERVICE FASS TAROUCG H paeran EE E 88 18 STSTEM SETIN GS aoia E l 89 18 1 ARI E I e EEE E ee en ee 89 18 2 FIRA NART UPO ADE a ee mre eee ee eee 9 OS E Ur OTD ra CENT ene ye 92 18 4 AIO WO cs sa cee sexe ts teeta terse ve EOT ERE ROEE OOAD EUIR RETER TOENE OR 93 18 5 FV LE EESE ENEE EE AAEE EEEE Leak Sed EEA oad coun Sad Gane Sok seach ete AEE EE 94 toa RA game Re ee ee rn ne ee AR 95 18 7 PEP UU tc Ca lene ne ee ae 97 18 8 SAVING AND LOADING CONFIGURATIONS sicesepceeeieceaceeccaieeeicecesctieaisucetteleveteapeeiieelauieiceckwateustevse neuusswuseiatiiaeses 99 18 9 FAS IVAN AS IEG ccc secre rere cee tee sec eeace cee cca E A Geseatenevecceseenceuseece 100 EAO REOOO eee ae ene an vn UC nv 101 EAL PRNG aca acs oestrone sic comes ee ela sae see aisles E aessacscaes 101 18 12 TRACEROUTE TEST ccccssccsscescosccsscascosccsscescesccsscascescenscascescesscscescesscescescasscescessessceecessenscescessesscesc
59. ce on a live IP Address amp network between the existing Firewall and Router such that no Subnet Mask configuration changes are required on existing equipment Please refer to section 9 Drop in Mode for details DHCP Server Settings When this setting is enabled the DHCP server of Peplink Balance automatically assigns an IP address to each computer that is connected DHCP Server via LAN and configured to obtain an IP address via DHCP Peplink Balance s DHCP server prevents IP address collision on LAN IP Range amp This setting allocates a range of IP address that will be assigned to LAN Subnet Mask computers by the DHCP server of Peplink Balance This setting specifies the length of time throughout which an IP address of a DHCP client remains valid Upon expiration of the Lease Time the assigned IP address will no longer be valid and the renewal of the IP address assignment will be required This is to input the DNS server addresses to be offered to the DHCP clients If Assign DNS server automatically is selected the Peplink DNS Servers Balance s built in DNS server address i e LAN IP address will be offered Lease Time This setting reserves the assignment of fixed IP addresses for a list of computers on the LAN The computers to be assigned fixed IP addresses on the LAN are identified by their MAC addresses The fixed IP address assignment is displayed as a cross referenced l
60. ce unit Click the Refresh button to retrieve log entries again Click the Clear Log button to clear log 107 Copyright 2008 Peplink Peplink Balance Series User Manual Appendix A Restoration of Factory Defaults To restore the factory default settings on a Peplink Balance unit perform the following For Balance 20L 30 200 300 1 Locate the reset button at the back of the Peplink Balance unit 2 With a paper clip press and keep the reset button pressed for at least 10 seconds until the unit reboots itself For Balance 380 390 700 710 e Use the buttons to control the LCD menu to go to Maintenance gt Factory Default Then choose Yes to confirm Afterwards the factory default settings will be restored Important Note All user settings will be lost after restoring the factory default settings Regular backup of configuration parameters is strongly recommended 108 Copyright 2008 Peplink Peplink Balance Series User Manual Appendix B Routing under DHCP Static IP and PPPoE The information in this appendix applies only to situations where Peplink Balance operates with to a WAN connection under DHCP Static IP and PPPoE For information that applies to GRE please refer to e Section 10 4 1 Routing under GRE via Network Address Translation NAT e Section 10 4 2 Routing under GRE via IP Forwarding B 1 Routing via Network Address Translation NAT When Peplink Ba
61. ces used by the LAN users The mail server is external to the network The connections are ADSL with slow uplink and fast downlink and Metro Ethernet symmetric C 1 2 Solution The solution is to individually set the WAN loading balance according to the service e Web browsing mainly downloads data sending e mails mainly consumes upload bandwidth e Both connections offer good download speeds WAN2 offers good upload speeds e Define WAN1 and WAN2 s inbound and outbound bandwidths to be 3M 512k and 4M 4M respectively e For HTTP set the weight to 3 4 e For SMTP set the weight to 1 8 such that users will have a greater chance to be routed via WAN2 when sending e mail C 1 3 Settings 1 Add anew outbound traffic rule for HTTP 2 Add anew outbound traffic rule for SMTP In general to add a new outbound traffic rule Click here and Select Custom Outbound Traffic Rules Custom Outbound Traffic Rules Network gt Outbound Policy Fort 7 TCP add a new load a distribution rule 110 Copyright 2008 Peplink Peplink Balance Series User Manual Settings for HTTP New Outbound Traffic Rule Service Name Destination Set the weight of oes WAN1 and WAN2 for J sero est Z HTTP to 3 and 4 i respectively Load Distribution Weight Terminate Sessions on Link Recovery C Enable Save Cancel SS Settings for SMT
62. ched for a firewall rule A single address or a network can be specified as the Source IP amp Port setting as indicated with the following screenshots Destination IP amp Port In addition a single port or a range of ports can be specified for the Source IP amp Port setting 81 Copyright 2008 Peplink Peplink Balance Series User Manual Inbound Outbound Firewall Settings This setting specifies the action to be taken by Peplink Balance upon encountering traffic that matches the both of the following e Source IP amp Port nee e Destination IP amp Port ction With the value of Allow for the Action setting the matching traffic passes through Peplink Balance to be routed to the destination If the value of the Action setting is set to Deny the matching traffic does not pass through Peplink Balance and is discarded Upon clicking Save after entering required information the following screen appears Port Defaut fey faw Add Rule To create an additional firewall rule click Add Rule and repeat the above steps To reorder a rule s position just drag on the rule by holding the left mouse button move it to the desired position and drop it by releasing the mouse button ae a a Port Port eE k any amy w y o Add Rule E To remove a rule click Xx Rules are matched from top to the bottom If a connection matched any one of
63. cy Jo Managed by Custom Rules Service Algorithm Destination Protocol Port Persistence Src TCP Default Weighted Balance 10 0 0 The bottom most rule is Default Click on it to change the device s default way to control outbound traffic for all connections that does not match any rules above Click the service Default to change its setting Default Rule Default Rule O Ei Custom Auto Algorithm Load Distribution Weight Terminate Sessions P on Link Recovery Cancel By default the Default Rule Auto is chosen You can change a custom algorithm to be used Please refer to the coming sections for the details of the available algorithms To create a custom outbound traffic rule click Add Rule at the bottom of the table upon which the following window is displayed i Copyright 2008 Peplink Peplink Balance Series User Manual New Outbound Traffic Rule Enable Source Destination Protocol Algonthm Load Distribution Weight Terminate Sessions P on Link Recovery CO Enable Load Distribution Settings Service Name This setting specifies the name of the outbound traffic rule This setting specifies whether the outbound traffic rule takes effect With an Enable value of Yes the rule takes effect traffic is matched and actions are taken by Peplink Balance based on the other enade parameters of the rule With an Enable value of
64. ddress Protocol and Port filtering e NAT Mapping One to One mapping Physical Interface e Two RJ 45 for an IEEE 802 3u 10 100M WAN Four RJ 45 for an IEEE 802 3u 10 100M LAN e RS 232 Console Serial modem TA Port Power Specification e AC Power Adapter 100 240V Operating Environment e Kensington Lock Interface e Temperature 0 C 50 C 32 F 122 F e Humidity 10 90 non condensing s19 2 Copyright 2008 Peplink Peplink Balance Series User Manual E 2 Peplink Balance 30 and 300 Routing e NAT Drop in and IP Forwarding e Configurable Static Routes WAN Support DHCP PPPoE GRE and Static IP Inbound and Outbound Link Load Balance Device Management e Wizard amp Menu Driven Web based Administration Interface over HTML SSL e Remote Reporting and Management e Configurations Upload and Download Security e Compatible with IPsec and PPTP VPN e Rules based Stateful Firewall with IP Address Protocol and Port filtering e NAT Mapping One to One mapping Physical Interface e Three RJ 45 for an IEEE 802 3u 10 100M WAN o Four RJ 45 for an IEEE 802 3u 10 100M LAN e RS 232 Console Serial modem TA Port Power Specification e AC Power Adapter 100 240V Operating Environment e Kensington Lock Interface e Temperature 0 C 50 C 32 F 122 F e Humidity 10 90 non condensing 119 Copyright 2008 Peplink Peplink Balance Series User Manual E 3 Peplink Balance
65. ddress es is selected you can put custom DNS server addresses for this WAN connection into the DNS server 1 and DNS server 2 fields If your service provider s DHCP server requires you to supply a hostname value upon acquiring an IP address you can enter the Hostname value here If your service provider does not provide you the value you can safely bypass this option Please refer to section 10 5 10 6 and 10 7 for details about WAN Health Check Additional Public IP Settings and Dynamic DNS Settings respectively a BP a Copyright 2008 Peplink Peplink Balance Series User Manual 10 2 Static IP Connection The Static IP connection method is suitable if the ISP provides a static IP address to connect directly Network gt Interfaces gt WAN gt WAN Connection 1 WAN Connection Name CZ WAND 00 Connection Method Click here to edit Connection settings Routing Mode own SO atways on OBackup Priority S Upstream Bandwidth F Downstream Bandwidth 7 Default auto O custom aaa MAC Address Clone a bo ia se se lee Default IP Address Subnet Mask Default Gateway DNS Servers Use the following DNS server address es DNS server 1 DNS server 2 Connection Settings for Static IP This field illustrates that NAT Network Address Translation will be applied to the traffic routing over this WAN connection Routing Mode l l i For further details please r
66. e delegated to Internet IP address es of Peplink Balance Upon receiving a DNS query Peplink Balance supports returning as an A record the corresponding IP address for the domain name on the most appropriate healthy WAN connection It also supports acting as a generic DNS server for hosting A CNAME MX TXT and NS records For example This example is for illustration only the actual resolution that takes place in implementation will likely be different e The DNS resolution of the domain name www mycompany com is delegated to the WAN2 Internet IP addresses of Peplink Balance e Upon receiving the DNS query Peplink Balance returns as an A record the IP address for www mycompany com on WAN1 because WAN1 is the most appropriate healthy link The settings for defining the DNS records to be hosted by Peplink Balance are located at Network gt Inbound Access gt DNS Settings Network gt Inbound Access gt DNS Settings Priority 1 WAN1 WAN2 WAN3 Domain Name Add Domain 65 Copyright 2008 Peplink Peplink Balance Series User Manual This setting specifies the WAN IP addresses on which the DNS server of Peplink Balance should listen If no addresses are selected the Inbound Link Load Balancing feature will be disabled Peplink Balance will not respond to DNS requests To specify and or modify the IP addresses on which the DNS Server Should listen click the Edit bu
67. e MAC Address to the default value Some service providers require the router to enable VLAN tagging for Internet traffic If it is required by your service provider you can VLAN enable this field and enter the VLAN ID that the provider requires Note Leave this field disabled if you are not sure Please refer to the following sections for further details e Section 10 4 1 Routing under GRE via Network Address Translation NAT GRE Settings e Section 10 4 2 Routing under GRE via IP Forwarding The values for DNS server 1 and DNS server 2 are typically determined by and can be obtained from the ISP Each ISP may provide a set of DNS servers for DNS lookups This field specifies the DNS Domain Name System Servers to be used when a DNS lookup is routed through this connection etches You can input the ISP provided DNS server addresses into the DNS server 1 and DNS server 2 fields If no address is entered here this link will not be used for DNS lookups Please refer to section 10 5 10 6 and 10 7 for details about WAN Health Check Additional Public IP Settings and Dynamic DNS Settings respectively AQ Copyright 2008 Peplink Peplink Balance Series User Manual 10 4 1 Routing under GRE via Network Address Translation NAT The following figure shows a typical scenario with Peplink Balance under the GRE connection mode and NAT routing mode Outgoing NAT IP Tunnel Local IP Tun
68. e actual IP addresses in implementation will likely be different Hosting the complete domain at Peplink Balance To host your own DNS server contact the DNS registrar to have the NS records of the domain e g mycompany com point to your Balance s WAN IP addresses Then follow these instructions 1 Under Network gt Inbound Access gt DNS Settings create a new domain for example mycompany com Lf AAS 2 Create NS records named ns1 ns2 etc The IP addresses are the Balance s DNS server addresses same as above 3 Create the corresponding A CNAME MX and TXT records as you wish The A record resembles the one below Included IP Address es TIiL sec WAN1 default Edit Delete WANZ default New A Record aJi a Copyright 2008 Peplink Peplink Balance Series User Manual Testing the DNS Configuration The following steps can be used to test the DNS configuration From a host on the Internet use an IP address of Peplink Balance and nslookup to lookup the corresponding hostname Check the information that is returned for the expected results An example with nslookup in Windows follows C Documents and Settings User Name gt nslookup Default Server nsl myisp com Address 147 222 11 2 gt server 202 153 122 108 This is Peplink Balance s WAN IP address Default Server balance mycompany com Address ZUZ2IS32172722 106 gt www mycompany com This is
69. e outbound and inbound firewall settings are located in Network gt Firewall Network gt Firewall Upon clicking Add Rule the following screen appears New Firewall Rule Rule Name Enable WAN Connection Protocol Protocol Selection Tool x Action Event Logging Save Cancel 79 Copyright 2008 Peplink Peplink Balance Series User Manual Inbound Outbound Firewall Settings Rule Name This setting specifies a name for the firewall rule This setting specifies whether the firewall rule should take effect With an Enable value of Yes the firewall rule takes effect traffic is matched and actions are taken by Peplink Balance based on the other Enang parameters of the rule With an Enable value of No the firewall rule does not take effect Peplink Balance disregards the other parameters of the rule Applicable to Inbound Firewall only This setting specifies the WAN connection s on which the rule applies Any WAN1 WAN2 WANS applicable only to Peplink Balance 30 300 380 390 700 and 710 e WAN4 to WAN7 applicable only to Peplink Balance 700 and 710 A value of Any WAN1 WAN2 and WAN7Z specifies that the rule applies to all WAN connections WAN1 WAN2 and WAN7 respectively WAN Connection This setting specifies the protocol to be matched Via a drop down menu the following protocols can be specified
70. ect Cancel At the New Connection Wizard screen click Next Select Connect to the Internet and click Next Select Set up my connection manually and click Next Select the following checkbox Connect using a broadband connection that is always on Click Next Click Finish to close the New Connection Wizard Windows Vista DHCP Client Configuration Connect the computer and the Peplink Balance s LAN interface with an Ethernet cable The following screen will be displayed on EE es the computer screen Choose Work Select a location for the Network network Windows will automatically apply the correct network settings for the location Home Choose this for a home or similar location Your computer is discoverable and 7 you can see other computers and devices Work Choose this for a workplace or similar location Your computer is discoverable 7 and you can see other computers and devices Public location Choose this for airports coffee shops and other public places or if you are directly connected to the Internet Discovery of other computers and devices is limited Customize the name location and icon for the network Help me choose Click Close to finish ie eae Successfully set network settings Network name Network Location type Private This allows you to see other computers and devices while making your computer discoverable View or change network and sharing settings
71. ed Solution First check whether the WAN connections are up Second ensure your download manager application has split the file into 3 parts or more It is also possible that all of 2 or even 3 download sessions were being distributed to the same link by chance Problem 3 I am using some web sites to lookup my public IP address e g www whatismyip com When I keep pressing the browser s Refresh button the server almost always returns the Same address The IP address supposed to be changing for every refresh Solution The web server has enabled the Keep Alive function such that you were using the same TCP session to query the server Try to test with a web site that does not enable Keep Alive For example try http private dnsstuff com tools aboutyou ch This third party web site is provided only for reference Peplink has no association with the site and does not guarantee the site s validity or availability Problem 4 What can I do if I suspect a problem on my LAN connection Solution You can test the LAN connection using ping For example if you are using DOS Windows at the Command Prompt type ping 192 168 1 1 This pings the Peplink Balance device provided that Peplink Balance device s IP is 192 168 1 1 to test whether the connection to _ Peplink Balance is OK 116 Copyright 2008 Peplink Peplink Balance Series User Manual Problem 5 What can I do if I suspect a problem on my
72. efer to Appendix B Routing under DHCP Static IP and PPPOE This setting specifies the utilization of the WAN connection The selection of Always on results in the WAN connection to be used whenever it is available If Backup Priority and a priority group is selected the WAN connection is treated as a backup connection and is l used only in the absence of available Always on WAN connection s Connection Type and higher priority backup connection s Connection Type P Always on Backup Priority Group 1 Highest 1 Group 1 Mmignest Group 2 Lowest The default and recommended Connection Type is Always on jara Praia 7 sJ Copyright 2008 Peplink Peplink Balance Series User Manual Connection Settings for Static IP Reply ICMP Ping If this field is disabled the WAN connection will not respond ICMP Ping Requests requests By default this is enabled Upstream This setting specifies the data bandwidth in the outbound direction Bandwidth from the LAN through the WAN interface This setting specifies the data bandwidth in the inbound direction from Downstream the WAN interface to the LAN Bandwidth The value of this setting is used as the default weight control value for outbound load balance Physical Interface Settings This setting specifies port speed and duplex configurations peen By default Speed is set to Auto vat This setting specifies the Maximum Tr
73. es User Manual 9 Drop in Mode Drop in Mode or transparent bridging mode eases the installation of Peplink Balance ona live network between the firewall and router such that changes to the settings of existing equipment are not required Drop in Mode is not applicable to Balance 20L The following diagram illustrates Internet gt Internet gt Service Service _ Provider A _ Provider B Internet a i h 4 Service _ ProviderA Router Public Address Space B PePLink Balance Public Address Space A o Host 2 Host 1 Host 2 Host 1 When Drop in Mode is enabled the LAN ports and the WAN1 port are bridged When operating in Drop in Mode Peplink Balance forwards the traffic between the LAN hosts and the router for WAN1 without performing any IP address translation Hosts on the LAN will not notice any change in the IP addresses of the hosts on WAN1 and vice versa However although the IP addresses on all of the forwarded packets remain the same Peplink Balance inserts its own MAC address in place of the original As a result MAC address changes will be noticed by hosts on both the LAN and the WAN Further details will subsequently follow After successfully setting up Peplink Balance as part of the network via Drop in Mode a Peplink Balance 200 unit will accommodate one additional WAN connection Peplink Balance 30 300 380 and 390 will accommodate two additional WAN connections Peplink Balance 700
74. escens 102 19 TS seats sacar onan ka EN EE E A EAE N E E A E A 103 19 1 Pare eerste sts cee ease ts saree cea a cee sass ects pees das cas bac fap assesses cee E 103 19 2 MERO eV I SS sce cts se ese ces gan oo cased ee gcse cee ese E cesanhsdeesan Ginn adean 104 19 3 U oe US asses esses E eee asesnoece cantata 105 PaA TIN Ss SINS eee wee css ce eerste were ences ce tensns accu nasa eetenarecG ie sacs nceasiece nena wee nesese eaeubsete ne uaieeeeconenseies 106 19 5 DACP UN ce tis ayaa sc ctcaeece tween strates E ise ee etd atest cleat ate Gascon aise EN EE RS 107 19 6 EO cess es se sw eae earn a sce alae Rata Sela a ea ae oc ede 107 APPENDIX A RESTORATION OF FACTORY DEFAULTS ccccccscsccscsccscsccscsccscscsscscsscscesescecs 108 APPENDIX B ROUTING UNDER DHCP STATIC IP AND PPPOE ccscscsscscsscscescscsscscecs 109 B ROUTING VIA NETWORK ADDRESS TRANSLATION NAT ccccccccccccccecccceceeeeessseeceecceccecsesseeseueeeeeseeeeeeeecess 109 B 2 ROUTING VIA IF FORWARDING oz ccercsenc a cece acsececencstcaceacec ETETE 109 APPENDIX C CASE STUDIES saves en cececnecaciesecsanacesenccucecsbabsteestacicsaceceacsseiosbdecsecasheswoueiaenaeseaeonaroruuscseeuseee 110 C PERFORMANCE OPTIMIZATION ccccsccescosccsccascesccsscascoscenscascescenscescescesscscessenssescessesscscessenscescesseescessesses 110 C 2 MAINTAINING THE SAME IP ADDRESS THROUGHOUT A SESSION cccescescoccesceccecceccecceceeceecescescescesceseeseeses
75. etting up an outbound firewall rule with Peplink Balance C 5 2 Solution To set up a firewall between Internet and private network for outbound access click the Add Rule button in the Outbound Firewall Rules table and then make the settings according the following screenshot No FTP access Rule Name O No FTP access Enable Protocol O TCP v amp HTTP Any Add Source IP amp Port O ny n J Any Port Any Address Destination IP amp A Sinoie Port i y Single Port Single Port x 1 Port 21 Action OJ Callow Deny Event Logging O Enable Cancel After the fields have been entered as in the screenshot click Save to add the rule sii Copyright 2008 Peplink Peplink Balance Series User Manual Appendix D Troubleshooting Problem 1 Outbound load is only distributed taking place over one WAN connection Solution Outbound load can only be distributed evenly to the WAN connection if many outbound connections are made If there is only one user on the LAN and only one download session is made from his her browser the WAN connections cannot be fully utilized For a single user download manager applications are recommended The applications can split a file into pieces and download the pieces simultaneously For example FlashGet Windows GetRight Windows iGetter MAC etc Problem 2 I am using FlashGet now Why is the download speed still in single link s spe
76. fferent computers The security concern is that an IP address change during a session may be the result of an unauthorized intrusion attempt Therefore to prevent damages from the potential intrusion the session is terminated upon the detection of an IP address change oe Copyright 2008 Peplink Peplink Balance Series User Manual Peplink Balance can be configured to distribute data traffic across multiple WAN connections Also the Internet IP depends on the WAN connections over which communication actually takes place As a result a LAN client computer behind Peplink Balance may communicate using multiple Internet IP addresses For example a LAN client computer behind a Peplink Balance 300 with three WAN connections may communicate on the Internet using three different IP addresses With the Persistency feature of Peplink balance rules can be configured to enable client computers to persistently utilize the same WAN connections for e banking and other secure websites As a result a client computer will Communicate using one IP address and eliminate the issues O By Source By Destination There are two Persistent Modes One is by source and the other by destination By source The traffic matching this rule will be persistently routed through the same WAN connection for the traffic from the same machine to the same destination It provides higher application compatibility but a less even distribution of load to the
77. fter the installation of Peplink Balance in Drop in Mode the hosts on both sides of Peplink Balance will see a change in MAC addresses Thus the WAN default gateway and firewall need to be rebooted Important Note After the installation of Peplink Balance in Drop in Mode the hosts on both sides of Peplink Balance will notice a change in MAC addresses The installation of Peplink Balance in Drop in Mode will effect no change in IP addresses More specifically LAN hosts find that IP packets from WAN hosts report the MAC address of Peplink Balance Similarly WAN hosts find that the MAC address of Peplink Balance is reported by the IP packets from LAN hosts From a practical perspective the mentioned change in MAC addresses is communicated briefly after the installation of Peplink Balance to the WAN1 router the firewall and hosts on the LAN via broadcast ARP packets The potential issue exists where the broadcast ARP packets do not reach some hosts and or routers Under such circumstances the ARP table entries of the affected equipment would not be up to date and therefore the affected equipment would not be able to communicate Flushing the ARP table of the affected equipment will likely overcome this issue Alternatively it may also be practical to wait for the ARP table entries to refresh or to reboot the affected equipment ARP table entries in Windows are refreshed every 5 seconds other types of equipment may require greater
78. g Peplink Balance will automatically provide a suitable IP Address and related information to each computer connected to its LAN interface Please refer to Section 8 Configuration of LAN Interface s for further details on the DHCP Server Settings The following steps configure a computer on the LAN to use the DHCP Server functionality provided by Peplink Balance 6 2 1 10 11 12 Windows 95 98 ME 2000 DHCP Client Configuration Select Start Menu gt Settings gt Control Panel gt Internet Options Select the Connection tab and click the Setup button Select the option I want to set up my Internet connection manually or I want to connect through a local area network LAN Click Next Select the option I connect through a local area network LAN Click Next On the subsequent Local area network Internet Configuration screen ensure that all of the boxes are unchecked When prompted with the following Do you want to set up an Internet mail account now Select the option No Click Finish to close the Internet Connection Wizard 18 Copyright 2008 Peplink 6 2 2 Se SSeS SY S 10 6 2 3 oF Peplink Balance Series User Manual Windows XP DHCP Client Configuration Select Start Menu gt Control Panel gt Network and Internet Connections Select Set up or change your Internet Connection Select the Connection tab and click the Setup button At the Location Information pop up menu sel
79. he Peplink Balance will intercept all outgoing connections destined for the proxy server specified in Web Proxy Server Interception Settings choose a WAN connection with reference of Outbound Policy and then forward them to the specified web proxy server and port number Redirected server settings for each WAN can be set here If Forwarding is disabled for a WAN web proxy connections for the WAN will be simply forwarded to the connection s original destination 56 Copyright 2008 Peplink Peplink Balance Series User Manual 13 3 DNS Forwarding Forward Outgoing DNS y Requests to Local DNS Proxy Enable When DNS Forwarding is enabled all clients outgoing DNS requests will also be intercepted and forwarded to the built in DNS proxy server spa Copyright 2008 Peplink Peplink Balance Series User Manual 14 Management of Inbound Access from WAN When operating under NAT mode Peplink Balance acts as a firewall that blocks by default all inbound access from the Internet By the custom definition of servers and services for inbound access Internet users can access the servers behind Peplink Balance Advanced configurations allow inbound access to be distributed among multiple servers on the LAN Important Note Inbound access management applies only to WAN connections that operate under NAT mode For WAN connections that operate under drop in mode or IP forwarding inbound traffic is forwarded to the LAN by
80. her improve system security Administrative Settings configuration is located at System gt Admin Security System gt Admin Security ee ae Tee e Senate Security HTTP HTTPS x Web Admin Port HTTP 80 HTTPS 443 Default Web Admin Access HTTP LAN Only m HTTPS LAN WAN m STEET GRO O Any Allow access from the following IP subnets only 29 94 111 0 24 37 122 55 0 24 WAN1 29 123 123 11 29 123 123 12 29 123 123 13 29 123 123 14 x C WAN2 C WAN3 Allowed WAN IP Address es Required Save Admin Settings Change Admin Password This setting specifies a new administrator password Confirm Admin This setting verifies and confirms the new administrator password Password This setting specifies the protocol s through which the Web Administration Interface is accessible Security e HTTP HTTPS HTTP HTTPS This setting specifies the port number at which the Web Administration Web Admin Port Interface is accessible 89 Copyright 2008 Peplink Peplink Balance Series User Manual Web Admin Access This setting specifies the network interfaces through which the Web Administration Interface can be accessed e LAN only e LAN and WAN If LAN and WAN is chosen a WAN Connection Access Settings form will be displayed WAN Connection Access Settings Allowed Source IP Allowed Source IP Subnets s
81. in Network and Sharing Center View computers and devices on the network Close oO Copyright 2008 Peplink 6 2 4 6 2 5 Peplink Balance Series User Manual Mac DHCP Client Configuration Open TCP IP Control Panel From the Connect via pop up menu select Ethernet Select Using DHCP Server from the Configure pop up menu The DHCP Client ID field can be left blank Save the settings and close the TCP IP Control Panel UNIX DHCP Client Configuration Depending on the flavor of UNIX the procedure may vary The following steps are for Red Hat Enterprise Linux 3 1 2 3 Login to the system as root At the command prompt type netconfig When prompted with the following Would you like to set up networking Respond with Yes When prompted with the following Please enter the IP configuration for this machine Select the option Use dynamic IP configuration BOOTP DHCP Select OK Sz Copyright 2008 Peplink Peplink Balance Series User Manual 7 Basic Configuration 7 1 Connecting to Web Administration Interface 1 Start a web browser on a computer connected through LAN with Peplink Balance 2 To connect to Web Administration Interface of Peplink Balance enter the following LAN IP address in the address field of the web browser http 192 168 1 1 The default LAN IP address for Peplink Balance is 192 168 1 1 3 When prompted for User Name and Password to access the Web Administration
82. in name in the Domain Name field click the Add Domain button Then click on the newly created domain name and the following screen is displayed cat Jf delete KO TiL sec Refresh sec Retry sec Expire sec Min time sec Name Server IP Address Mail Server Priority Reference Included IP Address es This page is for defining the domain s NS MX CNAME A and TXT records Five tables are presented in this page for defining the five types of records 68 Copyright 2008 Peplink Peplink Balance Series User Manual 14 4 2 NS SOA Record The NS SOA Record table shows the NS servers A records TTL Refresh Time Retry Time Expire Time Minimum Time and E mail contact address that correspond to the domain To add or edit an NS record click the upper Edit button in the NS Record box Then the table will expand to look like the following TIL sec Refresh sec Retry sec Expire sec Min time sec Name Server IP Address nsi 88 77 66 55 Delete The first two rows are the settings of TTL Refresh Time Retry Time Expiry Time Minimum Time and E mail e TTL Time to Live Defines the duration in seconds that the record may be cached e Refresh Indicates the time when the slave will try to refresh the zone from the master e Retry Defines the time between retries if the slave secondary fails to contact the master when refresh above has expired e Expire Indicates when the zone data is no l
83. ing specifies the utilization of the WAN connection Routing Mode The selection of Always on results in the WAN connection to be used whenever it is available If Backup Priority and a priority group is selected the WAN connection is treated as a backup connection and is used only in the absence of available Always on WAN connection s Connection Type and higher priority backup connection s Connection Type The default and recommended Connection Type is Always on Reply ICMP Ping If this field is disabled the WAN connection will not respond ICMP Ping Requests requests By default this is enabled Upstream This setting specifies the data bandwidth in the outbound direction Bandwidth from the LAN through the WAN interface This setting specifies the data bandwidth in the inbound direction from the WAN interface to the LAN Downstream Bandwidth The value is referenced when using the algorithms Weighted Balance see section 12 2 1 and Least Used see section 12 2 5 in Outbound Policy Physical Interface Settings This setting specifies port speed and duplex configurations PEE By default Speed is set to Auto vat This setting specifies the Maximum Transmission Unit By default MTU is set to 1440 This setting should be configured based on the maximum payload size that the local system can handle The MSS Maximum Segment Size MSS is computed from the MTU minus 40 by
84. ion 14 1 Definition of Servers on LAN as necessary To define a new service click the Add Service button upon which the following appears Enable Service Name IP Protocol i Port ngle Port Inbound IP Address es Require at least one IP address WANT WANZ Included Server s P Require at least one Server iV myserveri 192 168 1 123 Weight O myserver2 192 168 1 234 Required Fields _ Save Cancel Oa Copyright 2008 Peplink Peplink Balance Series User Manual Services Settings This setting specifies whether the Inbound Service takes effect With an Enable value of Yes the inbound service takes effect traffic is matched and actions are taken by Peplink Balance based on the Enable other parameters of the rule With an Enable value of No the inbound service does not take effect Peplink Balance disregards the other parameters of the rule This setting identifies the service to the System Administrator service Name yalid values for this setting consist only of alphanumeric and the underscore _ characters The IP Protocol setting along with the Port setting specify the protocol of the service as one of the following valid values e TCP e UDP e ICMP e IP Traffic that is received by Peplink Balance via the specified protocol at IP Protocol the specified port s is forwarded to the LAN hosts specified by the Servers setting Please refer belo
85. ion Priority set to Default Please refer to section 14 4 5 for the details The WAN connection s with the highest priority smallest number will be chosen Those with lower priorities will not be chosen in resolving A records unless the higher priority ones become unavailable To specify the Primary and Backup connections click the Edit button that corresponds to Default Connection Priority The screen should Default assemble the one below Connection Priority Network gt Inbound Access gt DNS Settings gt Edit Default Connection Priority for DNS A Records Default Priority Default Priority Default Priority Save Cancel Each WAN connection is associated with a priority number Click Save to save the settings when configuration is complete This section shows a list of domain names to be hosted by the Peplink Balance Each domain can have its NS MX and TXT records and its or its sub domains A and CNAME records POMA NATE Input the domain name into the Domain Name field and click the Add Domain button to add a new one Click on a domain name to edit Click the Delete button on the right of a domain name to delete 67 Copyright 2008 Peplink Peplink Balance Series User Manual 14 4 1 Creating DNS Records To create new DNS records for a domain perform the following steps From Network gt Inbound Access gt DNS Settings enter a doma
86. ion that the user account that is entered is valid 98 Copyright 2008 Peplink Peplink Balance Series User Manual 18 8 Saving and Loading Configurations Backing up the Peplink Balance settings immediately after the successful completion of the initial setup is strongly recommended The functionality to download and upload Peplink Balance settings is found at the following location System gt Configuration System gt Configuration Restore Factory Settings Browse 18 8 1 Restore Configuration to Factory Settings The Restore Factory Settings button is to reset the configuration to the factory default settings You have to click the Apply Changes button to make the settings effective 18 8 2 Downloading Active Configurations The Download button is to backup the current active settings Click Download and save the configuration file 18 8 3 Uploading Configurations To restore or change settings based on a configuration file click Browse to locate the configuration file on the local computer and then click Upload The new settings can then be applied by clicking the Apply Changes button on the page header or discard at the Main page of Web Administration Interface 18 8 4 Uploading Configuration from High Availability Pair This section applies only to Peplink Balance 200 300 380 390 700 and 710 In a High Availability HA configuration to quickly load onto the Peplink Ba
87. ist between the computers Name MAC addresses and fixed IP addresses The Name field optional is a humanized name to represent the device MAC addresses should be in the format of 00 AA BB CC DD EE Press to create a new record Press x to remove a record DHCP Reservation Oe a Copyright 2008 Peplink Peplink Balance Series User Manual Static Route Settings Static Route This table is for defining static routing rules for the LAN segment A static route consists of the network address subnet mask and gateway address The address and subnet mask values are in the format of w x y z Press Lar to create a new route Press x to remove a route DNS Proxy Settings This field is to enable DNS caching on the built in DNS proxy server When the option is enabled queried DNS replies will be cached until the records TTL reached This feature could improve the DNS lookup DNS Caching time But it cannot return the most updated result for those frequently updated DNS records By default it is disabled This table is for defining custom local DNS records A static local DNS record consists of a Host Name and an IP Address om ah When looking up the Host Name from the LAN to LAN IP of Peplink ecords Balance the corresponding IP Address will be returned Press EJ to create a new record Press x to remove a record 26 Copyright 2008 Peplink Peplink Balance Seri
88. it must be configured as the Slave The setting specifies the LAN IP address on which the active Peplink Balance listens The value of Virtual IP represents a LAN IP address that is shared Virtual IP among the Master and Slave units however at any time only one of the two units will listen on the IP address The Default Gateway of the clients on the LAN should be set to the virtual IP value LAN This setting specifies a LAN IP address to be used for accessing Administration administration functionality IP This address should be unique within the LAN Subnet Mask This setting specifies the subnet mask of the LAN 225 lt Copyright 2008 Peplink Peplink Balance Series User Manual Important Note Under HA mode Dynamic DNS is not supported During a fail over or fail back the active Peplink Balance does not perform Dynamic DNS updates As a result the resolved addresses may not be the IP address of the active Peplink Balance unit 17 2 Traffic Prioritization This section applies only to Peplink Balance 200 300 380 390 700 and 710 Peplink Balance provides the functionality to prioritize Voice over IP VPN video streaming Secure Web over the other Internet traffic The settings for configuring Quality of Service are located at the following location Network gt Misc Settings gt Traffic Prioritization Network gt Misc Settings gt Traffic Prioritization SIP Vonage
89. lance is operating under NAT mode the source IP addresses of outgoing IP packets are translated to the WAN IP address of Peplink Balance Therefore with NAT all LAN devices share the same WAN IP address to access the Internet i e the WAN IP address of Peplink Balance Operating Peplink Balance in NAT mode requires only one WAN Internet IP address In addition operating in NAT mode also has security advantages because LAN devices are hidden behind Peplink Balance not directly accessible from the Internet and hence less vulnerable to attacks The following figure shows the packet flow in NAT mode SS 19g urce IP 7 rg 8 1 10 D Source IP 12 34 56 78 WAN IP D 12 34 56 78 192 168 1 1 PePLink Balance 192 168 1 11 B 2 Routing via IP Forwarding When Peplink Balance is operating under IP Forwarding mode the IP addresses of IP packets are unchanged Peplink Balance forwards both inbound and outbound IP packets without changing their IP addresses The following figure shows the packet flow in IP Forwarding mode LAN IP 23 24 55 14 Source IP Source IP 23 24 55 10 23 24 55 10 WAN IP 77 55 33 10 77 55 33 14 PePLink Balance Default Gateway 23 24 55 11 109 Copyright 2008 Peplink Peplink Balance Series User Manual Appendix C Case Studies C 1 Performance Optimization C 1 1 Scenario In this scenario email and web browsing are the two main Internet servi
90. lance unit the configuration of its HA counterpart click the Upload button After loading the settings configure the LAN IP address of the Peplink Balance unit to be different from the HA counterpart 99 Copyright 2008 Peplink Peplink Balance Series User Manual 18 9 Flash Management The Peplink Balance 20L 30 200 and 300 is equipped with dual flash memory modules The Peplink Balance 380 390 700 and 710 has single module but with two partitions Each flash memory or partition stores one firmware image It not only allows improved flexibility but also facilitates more effective management of the flash contents It is possible to upgrade the firmware on the module partition that is not designated for booting so that the boot flash is unaffected by firmware upgrade process or any potential power failures throughout Flash module management is located at System gt Flash Management For Peplink Balance 20L 30 200 and 300 System gt Flash Management Flash status CoC Bootable Load config from Flash 1 For Peplink Balance 380 390 700 and 710 System gt Flash Management Boot from E Flash Management Firmware This displays the firmware version on each flash module partition Version i e Flash 1 or Flash 2 Flash Status This shows the status of the flash module The star indicates the flash module partition from which Peplink Boot from Balance will perform its next boot The star indic
91. lity mode and enter the second unit s serial number into the second text box Allowed Client IP Addresses Optional If all of the client s Internet IP address es are static you can enter them in this field The server will then only accept connections made from the listed IP address es One line for each IP address If this field is empty such access control will be disabled Client Settings Server Hosts Enter server s Internet host names and or IP addresses here You may enter only one of the server s Internet IP addresses host names here even if the server has multiple WAN connections The client and server will exchange its WAN IP addresses to each other for any WAN connection state change The client will connect to all of the default or specified IP address of each server WAN connections via all of client s WAN connections AQ Copyright 2008 Peplink Peplink Balance Series User Manual 12 Management of Outbound Traffic to WAN Peplink Balance provides the functionality to flexibly manage and load balance outbound traffic among the WAN connections The settings for managing and load balancing outbound traffic are located in Network gt Outbound Policy Normal Application Compatibility 12 1 Outbound Traffic Policy There are three main selections for the Outbound Traffic Policy of Peplink Balance e High Application Compatibility e Normal Application Compatibility
92. ne of the following valid authentication protocols Authentication Protocol e NONE MD5 e SHA Authentication This setting specifies the authentication password and is applicable Password only if the MD5 or SHA authentication protocol is selected This setting specifies via a drop down menu the one of the following l valid privacy protocols Privacy Protocol e NONE e DES Privacy This setting specifies the privacy password and is applicable only if the Password DES privacy protocol is selected 96 Copyright 2008 Peplink Peplink Balance Series User Manual 18 7 Reporting Server The Reporting functionality enables Peplink Balance to post traffic data and other information periodically to a Peplink s Reporting Server for generating detailed historical usage reports of the device The settings for configuring Reporting Server functionality are found at the following location System gt Reporting Server System gt Reporting Server Post Data to Serwer Yes O No Reporting Serwer report peplink com Default For first time users create a login on the Reporting Serwer Specify your login ID to be alowed to access the report Click here to wiew reports Remote Reporting Settings Post Data to This setting specifies whether or not Peplink Balance should Server periodically and automatically post traffic data to reporting server Reporting This setting specifies the Inte
93. nel Remote IP Address Address Address 210 103 22 1 192 168 128 222 192 168 128 223 PePLink Balance CL L SOL C6L Ss PePLink Balance Router Private GRE Router neta ee _ ee In this scenario the IP address settings are as follows WAN IP Address 172 23 2 123 Default Gateway 172 23 2 122 Remote GRE IP address 172 23 254 87 GRE router or host s IP address Tunnel IP remote address 192 168 128 223 IP address of remote end of tunnel Tunnel IP local address 192 168 128 222 IP address of local end of tunnel Outgoing NAT IP address 210 103 22 1 This field is used for NAT routing mode only For all outgoing traffic the IP datagram will be sent via this IP address through the tunnel as a result the Outgoing NAT IP address is the public address that is seen by all external hosts on the WAN The following figure shows the packet flow for Peplink Balance under GRE connection mode and NAT routing mode Source 10 0 0 10 Source 192 168 113 7 Destination 2 2 3 4 Destination 192 168 113 8 N A q Request Encapsulated Request Request Source 1 2 3 7 Destination 2 2 3 4 PF GRETunnel o o l Reply Source 2 2 3 4 Destination 10 0 0 10 IP 10 0 0 10 Tunnel IP 192 168 113 7 Tunnel IP 192 168 113 8 MANGA IP 10 0 0 1 IP 1 2 3 7 q Encapsulated Reply Source 192 168 113 8 Destination 192 168 113 7 GRE Gateway IP 1 2 3
94. note that the Peplink Balance prioritizes only outbound packets E g for secure web prioritization the system will prioritize uploading traffic for outgoing connections and downloading traffic for incoming connections vee Copyright 2008 Peplink Peplink Balance Series User Manual 17 3 Service Passthrough Service Passthrough settings can be found from Network gt Misc Settings gt Service Passthrough Network gt Misc Settings gt Service Passthrough SIP Passthrough Always Enabled ee ee C Define custom signal ports FTP Passthrough Always Enabled C Define custom control ports TFTP Passthrough Enable IPsec NAT T Passthrough Enable C Define custom ports Registered trademarks are copyrighted by their respective owner Save Some Internet services required to be specially handled in a multi WAN environment The Peplink Balance supports handling such services correctly such that Internet applications do not notice it is behind a multi WAN router Settings for Service Passthrough Support is available here Service Passthrough Support SIP Passthrough Session Initiation Protocol aka SIP is a voice over IP protocol Peplink Balance can act as a SIP Application Layer Gateway ALG which binds connections for the same SIP session to the same WAN connection and translate IP address in the SIP packets correctly in NAT mode Such passthrough support is always enabled If your SIP server s signal
95. notification settings are not saved it will be saved after clicked the Save button Test Result INFO Try email through connection 3 220 ESTP gt EHL balance 250 smtp Hello balance 210 210 210 210 200 812 LOOOQ00000 18 5 Remote Syslog The Remote Syslog functionality of Peplink Balance enables event logging at a specified remote Syslog server The settings for configuring Remote System Log are found at the following location System gt Remote Syslog System gt Remote Syslog Remote Syslog Remote Syslog Settings This setting specifies whether or not to log events at the specified remote Syslog server Remote Syslog Remote Syslog This setting specifies the IP address or hostname of the remote Syslog Host server on This setting specifies the port number of the remote Syslog service or By default the Port setting has value is 514 DE e Ee Copyright 2008 Peplink 18 6 SNMP Peplink Balance Series User Manual SNMP or Simple Network Management Protocol is an open standard that can be used to collect information about the Peplink Balance unit SNMP configuration is located at System gt SNMP SNMP Server Name MyCompany SNMPyv1 SNMPyv2 SNMPv3 Enable Enable Enable MyCompany Ssnmpuser 192 168 1 20 24 MDS DES Add SNMP User SNMP Settings e eae This setting specifies the SNMP server name SNMPv
96. on from Downstream the WAN interface to the LAN Bandwidth The value of this setting is used as the default weight control value for outbound load balance Physical Interface Settings This setting specifies port speed and duplex configurations Speed By default Speed is set to Auto This setting specifies the Maximum Transmission Unit If you choose Auto the MTU will be detected automatically when the MTU WAN connection goes up If you choose Custom you can specify the MTU manually By default the MTU is set to 1440 This setting should be configured based on the maximum payload size that the local system can handle The MSS Maximum Segment Size is computed from the MTU minus 40 bytes for TCP over IPv4 MSS If MTU is set to Auto the MSS will also be set automatically By default MSS is set to Auto 39 Copyright 2008 Peplink Peplink Balance Series User Manual Physical Interface Settings This setting allows configuring a user specified MAC address Some service providers e g cable providers identify the clients MAC addresses and require a client to always connect using the same MAC address In such cases change the Peplink Balance WAN interface MAC Address MAC address to the original client PC s via this field The default MAC Address is a unique value assigned at the factory In most cases the default value suffices Clicking the Default button restores th
97. onger authoritative e Min Time Negative caching time the time an error record is cached e E mail Defines the E mail address of the person responsible for this zone Note the sign in the E mail address field will be converted into a dot in returning the SOA record You can enter a name server host name and its IP address into the two newly created text boxes The host name can be a non FQDN fully qualified domain name Click the Add button on the right to finish and to add the other one After finished adding NS records click the Save button Before clicking the Save button all NS record changes are not yet saved to the Peplink Balance 69 Copyright 2008 Peplink Peplink Balance Series User Manual 14 4 3 MX Record The MX Record table shows the domain s MX records Each MX record contains the priority and mail exchange server host name Mail Server Priority mail01 mail02 For each record Priority and Host name must be entered Priority typically ranges from 10 to 100 Smaller numbers have a higher a priority After finishing adding MX records click the Save button 14 4 4 CNAME Record The CNAME Record table shows the domain s CNAME records Here is how you use CNAME Records If you want a sub domain secure to have the same A record value s as www then you can create a CNAME record for secure and reference it to www Host Reference TILi sec New CNAME Rec
98. onnection Type will also be brought up until any one of higher priority WAN connections is up and found to be healthy This design could increase the overall network availability For example if WAN1 WAN2 and WAN3 have the connection types of Always on Backup Priority Group 1 and Backup Priority Group 2 respectively when WAN1 goes down WAN2 and WAN3 will also try to connect If WAN3 is connected first WAN2 will still be kept connecting If WAN2 is connected WAN3 will disconnect or abort making connection Automatic Public DNS Server Check on DNS Test Failure In case the health check method is set to DNS Lookup and checks failed the Balance will automatically perform DNS lookups on some public DNS servers If the tests are success it means the WAN may not be down but rather the target DNS server became malfunctioned You will see the following warning message on the Main page Failed to receive DNS response from the health check DNS servers for WAN connection 3 But public DNS server lookup test via the WAN passed So please check the DNS server settings sA5 a Copyright 2008 Peplink Peplink Balance Series User Manual 10 6 Additional Public IP Settings IP Address List 211 11 22 1 211 11 22 2 211 11 22 3 211 111 22 4 211 11 22 5 Delete Those settings will not be sawed until the sawe button below has been pressed Additional Public IP Settings The IP Address List represents the li
99. opyright 2008 Peplink Peplink Balance Series User Manual 5 Peplink Balance Overview 5 1 Peplink Balance 20L 200 5 1 1 Front Panel Appearance 5 1 2 LED Indicators The statuses indicated by the Front Panel LEDs are as follows Power and Status Indicators OFF Power off power Green Power on OFF System initializing Status Red Booting up or busy Orange Power on self test Green Ready LAN Indicators OFF Port is not connected Activity Green Port is connected Blinking Port is transferring data OFF 10Mbps LO 100 Orange 100Mbps WAN Indicators OFF Port is not connected Activity Green Port is connected Blinking Port is transferring data OFF 10Mbps eee Orange 100Mbps ey Copyright 2008 Peplink 5 1 3 Rear Panel Appearance RS 232 Port LAN Ports 5 1 4 Connector Ports The connector ports on the rear panel are as follows Connector Ports RS 232 Port Reserved for engineering use Supports up to two 10 100BaseT WAN connections typically connected to broadband modems Supports up to four 10 100BaseT LAN connections typically connected to client PCs Power Connector DC 9V power input from supplied power adaptor WAN Ports LAN Ports 5 1 5 Unit Base Appearance Serial Number and LAN MAC Address mip prere GH oe Te E a a PoPLink Balante 200 Product Codi BoP i gece WAU 4 F i
100. ord The wildcard character is supported in the Host field The Reference of x domain name will be returned for every name ending with domain name except names that have their own records The TTL field tells the time to live of the record in external DNS caches 14 4 5 A Record This table shows the A records of the domain name Included IP Address es TiL sec Custom 88 77 66 55 5 Edit Delete WAN1 default 29 123 123 11 WAN2 default 30 123 123 17 New A Record To add an A record click the Add A Record button The screen resembles the one below JO Copyright 2008 Peplink Peplink Balance Series User Manual Network gt Inbound Access gt DNS Settings gt mydomain com gt Add Edit A Record m IP Mapping os O Default amp Custom pen ain 29 123 123 12 29 123 123 13 or S217 E 30 123 123 18 30 123 123 19 ej Dwans o SS O OO Custom IP Save Cancel A Record Editing This field specifies the A record of this sub domain to be served by the Peplink Balance The wildcard character is supported The IP TOS PRAMI addresses of domain name will be returned for every name ending with domain name except names that have their own records This setting specifies the time to live of this record in external DNS caches TTL In order to reflect any dynamic changes on the IP addresses in case of link failure and recove
101. p to 2 3 or 7 WAN broadband connections with the Peplink Balance 200 300 380 390 and 700 710 respectively 3 For Peplink Balance 20L 30 200 and 300 connect the provided power adapter to the power connector and then plug in the power adapter at a power outlet For Peplink Balance 380 390 700 and 710 connect the provided power cord to the AC power port and then plug in the cord at a power outlet The following figure schematically illustrates the configuration that results Connection Connection from ISP 1 from ISP 1 Broadband A KC Broadband Modem 1 Modem 2 247 x Copyright 2008 Peplink 6 1 3 Peplink Balance Series User Manual Configuring the Network Environment To ensure that Peplink Balance works properly in the LAN environment and can access the Internet via the WAN connections please refer to the following setup procedures 6 2 PC Configuration on the LAN Section 6 2 Configuring Computers on the LAN LAN Configuration For basic configuration please refer to Section 7 Basic Configuration Section 8 Configuration of LAN Interface s covers advanced configuration WAN Configuration For basic configuration refer to Section 7 Basic Configuration Section 10 Configuration of WAN Interface s covers advanced configuration Configuring Computers on the LAN The simplest way to setup the Local Area Network LAN is to enable the DHCP Server functionality of Peplink Balance With this settin
102. plink Balance 200 300 380 390 700 and 710 The miscellaneous settings include configuration for high availability quality of service time server SNMP email notification and remote system log 17 1 High Availability Peplink Balance supports High Availability HA configurations via an open standard Virtual Router Redundancy Protocol VRRP RFC 3768 In an HA configuration two same model Peplink Balance units i e a pair of Peplink Balance 200 units or a pair of Peplink Balance 300 units provide redundancy and failover in a master slave arrangement From a high level in the event that the Master Unit is down the Slave Unit becomes active The following diagram illustrates an HA configuration with two Peplink Balance 200 units and two Internet connections Ss Rotter ADSLiCable Modem _ Master R VRRP A In the diagram the WAN ports on each Peplink Balance unit connect to the router and modem and Peplink Balance unit connects to the same LAN switch via a LAN port An elaboration on the technical details of the implementation by Peplink Balance of Virtual Router Redundancy Protocol VRRP RFC 3768 follows e In an HA configuration the two Peplink Balance units communicate with each other using VRRP over the LAN e The two Peplink Balance units broadcast heartbeat signals to the LAN at a frequency of one heartbeat signal per second e Inthe event that no heartbeat signal from the
103. pyright 2008 Peplink Peplink Balance Series User Manual C 4 Inbound Access Restriction C 4 1 Scenario A firewall is required in order to protect the network from potential hacker attacks and other Internet security threats C 4 2 Solution Firewall functionality is built into Peplink Balance By default inbound access is unrestricted Enabling a basic level of protection involves setting up firewall rules For example to set up a firewall rule between the Internet and the private network that monitors Web access from Internet click the Add Rule button in the Inbound Firewall Rules table make the settings according the following screenshot New Firewall Rule wiene C ae ixj Protocol Any Address v Source IP amp Port Any Port Any Address v Destination IP amp Port Single Port Port 80 Action Ol Allow O Deny Event Logang O Cancel After the fields have been entered as in the screenshot click Save to add the rule Then change the default inbound rule to Deny by clicking the Default rule in the Inbound Firewall Rules table s 4 Copyright 2008 Peplink Peplink Balance Series User Manual C 5 Inbound Access Restriction C 5 1 Scenario For security reasons it may be appropriate to disallow LAN users to use ftp to transfer files to and from the Internet or otherwise restrict outbound access This can easily be achieved by s
104. rnet IP address or hostname of the Server reporting server By default the Reporting Server value is report Peplink com create a login Click the link to register a login ID on Peplink s Reporting Server Each login ID can associate with multiple Peplink Balance devices If you already have a login ID on the server you can skip this step 207e Copyright 2008 Peplink Peplink Balance Series User Manual Specify Click on the link and the following window will pop up Reporting Server Registration Registration will contact the reporting server to associate this PePLink Balance with the specified user account on the server Make sure you have a valid user account before this registration Update Cancel Reporting Server report peplink com Fill in the User Account field to specify the login ID on the Reporting Server to be allowed to access the report of this Peplink Balance device view reports Click the link to view link usage reports from the Reporting Server A login screen should be shown PePLink Balance Report Server 4 5 1 Username Password Register Report Account Forgot Password Login Copyright c PePLink All Rights Reserved Important Note The registration process will contact the reporting server to associate the Peplink Balance unit with the specified user account on the server Please ensure prior to registrat
105. rovide a set of DNS servers for DNS lookups This setting specifies the DNS Domain Name System Servers to be used when a DNS lookup is routed through this connection Selecting Obtain DNS server address automatically results in the DNS Servers assigned by the PPPoE server to be used for outbound DNS Servers DNS lookups over the WAN connection The DNS Servers are obtained along with the WAN IP address assigned from the PPPoE server When Use the following DNS server address es is selected you can put custom DNS server addresses for this WAN connection into the DNS server 1 and DNS server 2 fields Please refer to section 10 5 10 6 and 10 7 for details about WAN Health Check Additional Public IP Settings and Dynamic DNS Settings respectively 237 Copyright 2008 Peplink Peplink Balance Series User Manual 10 4 GRE Connection The GRE connection method is suitable if the ISP provides GRE tunnel access through a private network to the Internet WAN Connection Name F WAN1 Enable l ves Ono Connection Method o GRE x Click here to edit Connection settings Routing Mode Connection Type J always on O Backup Priority Upstream Bandwidth P Kbps 0 1000000 Downstream Bandwidth P Kbps 0 1000000 uo Detour MAC Address Clone P oo La bE oo i Bi Default WAN IP Address WAN Subnet Mask WAN Default Gateway Remote GRE Host Tunnel Local IP Address Tunnel Remote
106. ry this value should be set to a smaller value E g 5 secs 60 secs etc SF 132 Copyright 2008 Peplink Peplink Balance Series User Manual A Record Editing This setting specifies lists of WAN specific Internet IP addresses that are candidates to be returned when Peplink Balance responds to DNS queries for the domain name specified by Host Name The IP addresses listed in each box as Default are the Internet IP addresses associated with each of the WAN connections Static IP addresses that are not associated with any WAN can be entered into the Custom IP list A PTR record is also created for each Custom IP s For WAN connections that operate under Drop in mode there may be other routable IP addresses in addition to the Default IP address Therefore Peplink Balance allows custom Internet IP addresses to be l added manually via filling the text box on the right hand side and IP Mapping clicking the Left Arrow button Only the highlighted IP addresses in the lists are candidates to be returned when responding to a DNS query Multiple items in a list can be selected by holding CTRL and clicking on the items In case of a WAN connection is down the corresponding set of IP addresses will not be returned However the IP addresses in the Custom IP field will always be returned If the Connection Priority field is set to Custom you can also specify the priority of the use of each WAN connection Only selected IP addres
107. s es of available connection s with the highest priority and also Custom IP addresses will be returned By default the Connection Priority is set to Default 14 4 6 PTR Record PTR records are created along with A records pointing to Custom IPs Please refer to section 14 4 5 for details For example if you created an A record www mydomain com pointing to 11 22 33 44 then a PTR record 44 33 22 11 in addr arpa pointing to www mydomain com will also be created In order to have the PTR records working you will also have to create NS records for the PTR records For example if the IP address range 11 22 33 0 to 11 22 33 255 is delegated to the DNS server on the Peplink Balance you will also have to create a domain 33 22 11 in addr arpa and have its NS records pointing to your DNS server s the PePWave Balance public IP addresses Network gt Inbound Access gt DNS Settings gt 33 22 11 in addr arpa 3600 16384 With the above records created the PTR record creation is complete Pay ye Copyright 2008 Peplink Peplink Balance Series User Manual 14 4 7 TXT Record This table shows the TXT record of the domain name cat Jf peters This is a testing TXT record Click the Edit button to edit the record The time to live value and the TXT record s value can be entered Click the Save button to finish After completing editing the five types of record you can click the link DNS Settings to le
108. specified by the Servers setting For example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 88 TCP traffic received on ports 80 through 88 is forwarded to the configured servers via the respective ports Port Map traffic that is received by Peplink Balance via the specified protocol at the specified port is forwarded via a different port to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Port Map Service Port 80 and Map to Port 88 TCP traffic on Port 80 is forwarded to the configured servers via Port 88 Please refer below for details on the Servers setting Inbound IP This setting specifies the WAN connections and Internet IP address es Address es from which the service can be accessed 61 Copyright 2008 Peplink Peplink Balance Series User Manual Services Settings This setting specifies the LAN servers that handle requests for the service and the relative weight values The amount of traffic that is distributed to a server is proportional to the weight value assigned to the server relative to the total weight Example With the following weight settings on a Peplink Balance Included Server s e demo_server_1 10 e demo_server_2 5 The total weight is 15 10 5 Matching traffic distributed to demo_server_1 67 10 15 x 100 Matching traffic distributed to demo_server_2 33 5 15 x 100
109. st of fixed Internet IP addresses assigned by the ISP in the event that more than one Internet IP addresses are assigned to this WAN connection IP Address List Enter the fixed Internet IP addresses and the corresponding subnet mask and then click the Down Arrow button to populate IP address entries to the IP Address List 10 7 Dynamic DNS Settings Peplink Balance provides the functionality to register the domain name relationships to dynamic DNS service providers Through registration with dynamic DNS service provider s the default public Internet IP address of each WAN connection can be associated with a host name Either upon a change in IP address or every 23 days without link reconnection Peplink Balance will connect to the dynamic DNS service provider to perform an IP address update within the provider s records The settings for dynamic DNS service provider s and the association of hostname s are configured via Network gt Interfaces gt WAN Service Provider Email Password Confirm Password Hosts 46 Copyright 2008 Peplink Peplink Balance Series User Manual Dynamic DNS Settings This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers Service Provider changeip com dyndns org no ip org tzo com Select Disabled to disable this feature User ID User Email This setting specifies the
110. t Cocke EPLO Sprig MAOO UAA LAR MAZ E Mounting Points D s10 Copyright 2008 Peplink Peplink Balance Series User Manual 5 3 Peplink Balance 380 390 5 3 1 Front Panel Appearance Console Port USB Ports LAN Port Syecet s lt peplink Balance380 LCD Controls E Power LED 5 3 2 LED Indicators The statuses indicated by the Front Panel LEDs are as follows WAN Ports Power and Status Indicators OFF Power off Green Power on Power LED Console and USB Ports Console Port Reserved for Engineering Use USB Port Reserved for Engineering Use LAN and WAN Ports Balance 380 Green LED ON 100 Mbps OFF 10 Mbps Yellow LED Solid Port is connected without traffic Blinking Data is transferring OFF Port is not connected They are MDI ports LAN Port and WAN Ports Gigabit ports on Balance 390 Green LED ON 1000 Mbps OFF 100 10 Mbps Yellow LED Solid Port is connected without traffic Blinking Data is transferring OFF Port is not connected They are auto MDI MDI X ports 44 Copyright 2008 Peplink 5 3 3 LCD Display Menu gt System Status gt System gt Firmware ver gt Serial number gt System time gt System up time gt CPU load gt LAN gt Status gt IP address gt Subnet mask gt Link status gt WAN1 gt WAN2 gt WAN3 gt Link usage gt Throughput in Peplink Balance Series User Manual gt
111. t Link load distribution per TCP UDP service aS Copyright 2008 Peplink The 4 1 gt N ce o o o Peplink Balance Series User Manual Persistent routing for specified source and or destination IP addresses per TCP UDP service Traffic Prioritization and DSL Cable optimization Other Supported Features Easy to use web based administration interface HTTP and HTTPS support for Web Administration Interface Configurable web administration port and administrator password Firmware upgrades configuration backups Ping and Traceroute via Web Administration Interface Remote web based configuration via WAN and LAN interfaces Remote reporting to Peplink Balance reporting server Hardware High Availability via VRRP available only with Peplink Balance 200 300 380 390 700 and 710 Quality of Service for Voice over IP and Secure Web available only with Peplink Balance 200 300 380 390 700 and 710 Time server synchronization SNMP Email notification Syslog SIP pass through PPTP packet pass through Web Logging Link Status Active Sessions Package Contents contents of Peplink Balance product packages are as follows Peplink Balance 20L 30 200 300 Peplink Balance 20L 30 200 300 Power adapter Information slip CD containing this user manual Peplink Balance 380 390 700 710 Peplink Balance 380 390 700 710 Power cord Information slip CD containing this user manual Rack mount kit 6 C
112. tes for TCP over IPv4 If MTU is set to Auto the MSS will also be set automatically By default MSS is set to Auto 36 Copyright 2008 Peplink Peplink Balance Series User Manual Physical Interface Settings This setting allows configuring a user specified MAC address Some service providers e g cable providers identify the clients MAC addresses and require a client to always connect using the same MAC address In such cases change the Peplink Balance WAN interface MAC Address MAC address to the original client PC s via this field The default MAC Address is a unique value assigned at the factory In most cases the default value suffices Clicking the Default button restores the MAC Address to the default value Some service providers require the router to enable VLAN tagging for Internet traffic If it is required by your service provider you can VLAN enable this field and enter the VLAN ID that the provider requires Note Leave this field disabled if you are not sure PPPoE Settings These settings specify the information required in order to connect via PPPoE to the ISP Login ID and The information is typically determined by and can be obtained from Password the ISP and include the following e Login ID e Password Servi Service Name is a PPPoE parameter which is provided by the ISP ervice Name Optional Note Leave this field empty if you are not sure Each ISP may p
113. the upper rules the matching will stop If none of the rules is matched the Default rule will be applied By default the Default rule is Allow for both outbound and inbound accesses Tip If the default inbound rule is Allow for NAT enabled WANs no inbound Allow firewall rules will be required for inbound Services and inbound NAT Mapping rules However if the default inbound rule is Deny corresponding Allow firewall rules will be required 82 Copyright 2008 Peplink Peplink Balance Series User Manual 16 2 Intrusion Detection and DoS Prevention Intrusion Detection and DoS Prevention Intrusion Detection and DoS Prevention Enabled Intrusion Detection h e and DoS Prevention Enable Save Cancel The Balance supports detecting and preventing intrusions and Denial of Service DoS attacks from the Internet To turn on this feature click EEJ check the Enable check box for the Intrusion Detection and DoS Prevention and press the Save button When this feature is enabled the Balance will detect and protect from the following kinds of intrusions and denial of service attacks Port Scan NMAP FIN URG PSH Xmas Tree Another Xmas Tree Null Scan SYN RST SYN FIN SYN Flood Prevention Ping Flood Attack Prevention 203 2 Copyright 2008 Peplink Peplink Balance Series User Manual 17 Miscellaneous Settings This section applies only to Pe
114. tton that corresponds to DNS Server Listens on and the following screen is displayed Network gt Inbound Access gt DNS Settings gt DNS Server DNS Server s DNS Server Save Cancel To specify the Internet IP addresses on which the DNS Server should listen select the WAN connection by checking the appropriate boxes and the IP addresses associated with the WAN connections by highlighting the appropriate items in the list Multiple items in the list can be selected by holding CTRL and clicking on the items Click Save to save the settings when configuration is complete This setting specifies the IP address es of secondary DNS server s that are to be allowed to retrieve zone records from the DNS server of Peplink Balance The zone transfer server of Peplink Balance listens on TCP Port 53 Network gt Inbound Access gt DNS Settings gt Zone Transfer Zone Transfer Enable Zone Transfer Allowed Client s 31 21 33 111 Delete Selected 3121 33 12 amp 31 21 33 112 Save Cancel Peplink Balance serves both the clients that are accessing from the specified IP addresses and the clients that are accessing from the LAN Interface of the Peplink Balance unit 66 Copyright 2008 Peplink Peplink Balance Series User Manual Default Connection Priority defines the default priority group of each WAN connection in resolving A records It applies to A records which have the Connect
115. twork 3 Product Features Peplink Balance Series products enable all LAN users to share broadband Internet connections and provide advanced features to enhance Internet access The following is the list of supported features 3 1 3 1 1 3 1 2 3 1 4 3 1 6 Supported Network Features WAN Multiple public IP support DHCP PPPoE Static IP Address or GRE 10 100 1000 Mbps Connection in Full Half Duplex Drop in Mode available only with Peplink Balance 30 200 300 380 390 700 and 710 Network Address Translation NAT Port Address Translation PAT Inbound and Outbound NAT mapping IPsec NAT T and PPTP packet pass through Multiple static IP addresses per WAN Connection MAC address clone Customizable MTU and MSS values WAN connection health check Dynamic DNS Supported service providers changeip com dyndns org no ip org and tzo com LAN DHCP server on LAN Static routing rules Local DNS Site to Site VPN Secure yet easy to setup site to site VPN available only with Peplink Balance 380 390 700 and 710 Firewall Outbound LAN to WAN firewall rules Inbound WAN to LAN firewall rules per WAN connection Intrusion detection and prevention Specification of NAT mappings Inbound Traffic Management TCP UDP traffic redirection to dedicated LAN server s Inbound link load balancing by means of DNS available only with Peplink Balance 200 300 380 390 700 and 710 Outbound Traffic Managemen
116. w for details on the Port and Servers settings Alternatively the Protocol Selection Tool drop down menu can be used to automatically fill in the Protocol and a single Port number of common Internet services e g HTTP HTTPS etc After select an item from the Protocol Selection Tool drop down menu the Protocol and Port number remain manually modifiable 60 Copyright 2008 Peplink Peplink Balance Series User Manual Services Settings The Port setting specifies the port s that correspond to the service and can be configured to behave in one of the following manners Any Port Single Port Port Range Port Map Any Port all traffic that is received by Peplink Balance via the specified protocol is forwarded to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Any Port all TCP traffic is forwarded to the configured servers Single Port traffic that is received by Peplink Balance via the specified protocol at the specified port is forwarded via the same port to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Single Port Port and Service Port 80 TCP traffic received on Port 80 is forwarded to the configured servers via Port 80 Port Range traffic that is received by Peplink Balance via the specified protocol at the specified port range is forwarded via the same respective ports to the LAN hosts
117. wnload Security e Compatible with IPsec and PPTP VPN e Rules based Stateful Firewall with IP Address Protocol and Port filtering e NAT Mapping One to One mapping Physical Interface Four RJ 45 for an IEEE 802 3u 10 100M WAN Three RJ 45 for an IEEE 802 3ab 10 100 1000M WAN One RJ 45 for an IEEE 802 3ab 10 100 1000M LAN RS 232 Console Serial modem TA Port Power Specification e AC Power Adapter 100 240V Operating Environment e Temperature 0 C 40 C 32 F to 104 F e Humidity 10 90 non condensing ma eee Copyright 2008 Peplink Contact Us Sales Sales peplink com Support Support peplink com Business Development and Partnerships partners peplink com pep slink www peplink com Address United States Office 800 West El Camino Real Mountain View CA 94040 United States Tel 1 650 450 9668 Fax 1 650 625 4664 Protecting Business Continuity Hong Kong Office 17 F Park Building 476 Castle Peak Road Cheung Sha Wan Hong Kong Tel 852 2990 7600 Fax 852 3007 0588 Copyright 2008 Peplink
118. y when all higher Highest Priority Priority Order Lowest Priority Terminate Sessions C Enable on Link Recovery j Configure multiple distribution rules to accommodate different kinds of services 12 2 5 Algorithm Least Used This section applies only to Peplink Balance 200 300 380 390 700 and 710 The traffic matching this rule will be routed through the healthy WAN connection with the most available downstream bandwidth The available downstream bandwidth of a WAN connection is calculated from the total downstream bandwidth specified in the WAN settings page and the current downstream usage The available bandwidth and WAN selection is determined every time an IP session is made 12 2 6 Algorithm Lowest Latency This section applies only to Peplink Balance 200 300 380 390 700 and 710 Algorithm ON Lowest Latency Traffic matched this rule will be routed through the healthy WAN connection with the lowest latency Active pings are issued periodically to a nearby router of each WAN connection The latency of a WAN is the ping round trip time of the WAN connection Tip The round trip time of a 6M down 640k up link can be higher than that of a 2M down 2M up link It is because the overall round trip time is lengthened by its slower upstream bandwidth despite of its higher downlink speed Therefore this algorithm is good for two scenarios 1 all WAN connections are symmetric or 2
119. yright 2008 Peplink Peplink Balance Series User Manual Static IP Settings Each ISP may provide a set of DNS servers for DNS lookups This field specifies the DNS Domain Name System Servers to be used when a DNS lookup is routed through this connection PN Senet You can input the ISP provided DNS server addresses into the DNS server 1 and DNS server 2 fields If no address is entered here this link will not be used for DNS lookups Please refer to section 10 5 10 6 and 10 7 for details about WAN Health Check Additional Public IP Settings and Dynamic DNS Settings respectively 10 3 PPPoE Connection The PPPoE connection method is suitable if the ISP provides a PPPoE login ID and password to connect via PPPoE Network gt Interfaces gt WAN gt WAN Connection 1 WAN Connection Name WAN 1 Enable O yes Ono Connection Method Routing Mode Connection Type MAC Address Clone VLAN Login ID P assword Confirm Password Service Name optional DNS Servers O1 LJ Obtain DNS server address automatically Use the following DNS server address es DNS server 1 DNS server Z 225 a Copyright 2008 Peplink Peplink Balance Series User Manual Network Settings for PPPoE This setting selects between routing via NAT and IP Forwarding By default Routing Mode is set to NAT For further details please refer to Appendix B Routing under DHCP Static IP and PPPoE This sett
Download Pdf Manuals
Related Search