• Ethernet WAN connection in full/half duplex
• Static IP support for PPPoE
• USB mobile connection(s) 
• Wi-Fi WAN connection
• Network address translation (NAT)/port address translation (PAT)
• Inbound and outbound NAT mapping
• IPsec NAT-T and PPTP packet pass through
• Intelligent Failover
• MAC address clone and passthrough
• Customizable MTU and MSS values
• WAN connection health check
• Dynamic DNS 
• Ping, DNS lookup, and HTTP-based health check

• Wi-Fi AP
• Ethernet LAN ports
• DHCP server on LAN
• Extended DHCP option support
• Static routing rules
• VLAN on LAN support

• Site-to-Site VPN
• 256-bit AES Encryption
• Dynamic Routing
• Pre-shared key authentication
• PPTP/L2TP/Open VPN –  VPN server

• Outbound (LAN to WAN) firewall rules
• Inbound (WAN to LAN) firewall rules per WAN connection
• Intrusion detection and prevention
• Specification of NAT mappings
• Outbound firewall rules can be defined by destination domain name

• Link load distribution per TCP/UDP service 
• Persistent routing for specified source and/or destination IP addresses per TCP/UDP service
• Traffic prioritization and DSL optimization
• Prioritize and route traffic to VPN tunnels with Priority and Enforced algorithms

• Quality of service for different applications and custom protocols 
• User group classification for different service levels
• Bandwidth usage control and monitoring on group- and user-level
• Application prioritization for custom protocols and DSL/cable optimization

• User-friendly web-based administration interface
• HTTP and HTTPS support for web admin interface
• Configurable web administration port and administrator password
• Firmware upgrades, configuration backups, ping, and traceroute via web admin interface
• Remote web-based configuration (via WAN and LAN interfaces)
• Time server synchronization
• SNMP
• Email notification
• Read-only user for web admin
• Shared IP drop-in mode
• Authentication and accounting by RADIUS server for web admin
• Syslog
• SIP passthrough
• PPTP packet pass through
• Event log
• Active sessions
• Client list
• UPnP / NAT-PMP
• Real-time, hourly, daily, and monthly bandwidth usage reports and charts

The statuses indicated by the front panel LEDs are as follows:

As your organization grows, it may require more bandwidth, but modifying your network can be tedious. In Drop-in Mode, you can conveniently install your Peplink router without making any changes to your network. For any reason your Peplink router looses power, the  LAN Bypass will safely and automatically bypass the Peplink router to resume your original network connection.

VoIP and videoconferencing are highly sensitive to latency. With QoS, Peplink routers can detect VoIP traffic and assign it the highest priority, giving you crystal-clear calls.

For increased WAN diversity, plug in a USB LTE modem as a backup. Peplink routers are compatible with over 250 modem types.

Use OpenVPN or  L2TP with IPsec to safely and conveniently connect remote clients to your private network. L2TP with IPsec is supported by most devices, but legacy devices can also connect using PPTP.

Click here for the full instructions on setting up L2TP with IPsec.
Click here for the full instructions on setting up OpenVPN connections

The DPI report written in the updated KB article will show further information on InControl2 through breaking down application categories into subcategories.

sscs

https://forum.peplink.com/t/updated-ic2-deep-packet-inspection-dpi-reports-and-everything-you-need-to-know-about-it/29658

Pepwave routers support Wi-Fi “Air Monitoring Mode” which used to troubleshoot remotely and proactively monitor Wi-Fi and WAN performance. The report can be viewed under InControl 2 > Reports > AirProbe Reports after enabling Wi-Fi Air Monitoring. 

Note: To enable this feature, go to https://<Device’s IP>/cgi-bin/MANGA/support.cgi

The SP Default Configuration feature written in the updated KB article allows for the provisioning of custom made settings (a.k.a. InControl2 configuration) via the Ethernet LAN port and is ideal for those wanting to do a bulk deployment of many Peplink devices. 

Note: If you would like to use this feature, please contact your purchase point (Eg.VAD).  

Cloud Service Providers often restrict access to certain applications. With SFC Relay, you can route traffic before going out to the Internet, allowing access to previously restricted applications experienced with the public SpeedFusion Cloud nodes. Available as an add-on for your home router or as an upgradable license to your Peplink router, SFC Relay is sure to impress you and any peers you give access to.

https://forum.peplink.com/t/configure-speedfusion-cloud-relay-server-and-client/6215ca9b017e48e0f3ff2479/

DoH provides the benefits of communicating DNS information over a secure HTTPS connection in an encrypted manner. The protocol offers increased privacy and confidentiality by preventing data interception and man-in-the-middle attacks.

InTouch is Peplink’s zero-touch remote network management solution, leveraging InControl 2 and a SpeedFusion Connect (formerly known as SpeedFusion Cloud) data plan. This service extends a network administrator’s ability to reach any device UI backed by a Peplink/Pepwave router. To configure InTouch, all you need is a valid InControl 2 subscription, a SpeedFusion Connect data plan, and a Peplink/Pepwave router (which requires the latest 8.2.0 firmware).

To watch a demonstration and read the FAQ, visit https://www.peplink.com/enterprise-solutions/intouch/
Or learn to configure InTouch at https://youtu.be/zg0iavHGkJw

Before installing your Pepwave router, please prepare the following as appropriate for your installation:

• At least one Internet/WAN access account and/or Wi-Fi access information
• Depending on network connection type(s), one or more of the following:

• Ethernet WAN: An ethernet  cable with RJ45 connector
• USB: A USB modem
• Wi-Fi WAN: Wi-Fi antennas

A computer with the TCP/IP network protocol and a web browser installed. Supported browsers include Microsoft Internet Explorer 11 or above, Mozilla Firefox 24 or above, Apple Safari 7 or above, and Google Chrome 18 or above.

Construct the network according to the following steps:

1: With an Ethernet cable, connect a computer to one of the LAN ports on the Pepwave router. Repeat with different cables for up to 4 computers to be connected.

2: With another Ethernet cable or a USB modem/Wi-Fi antenna/, connect to one of the WAN ports on the Pepwave router. Repeat the same procedure for other WAN ports.

Connect the power adapter to the power connector on the rear panel of the Pepwave router, and then plug it into a power outlet.  

All Care plans now come with SpeedFusion Connect Protect included. This data allowance will automatically begin and end in accordance with your warranty. No activation is required.

Access the Web Admin of the device you want to create as the Peplink Relay Server, navigating to the “AFC Protect” tab.

To set up a Peplink Relay Server, select “Relay Mode – for Inbound accesses” > Choose the SFC Protect Location you wish to connect to >  Click on the green tick button to confirm the change.

The Relay Sharing Code will be generated and other peers can use this code to establish a SpeedFusion Connect connection that will forward the traffic to this device, allowing them to access local networks and the Internet via your WAN connection.

To connect to SpeedFusion Connect Protect, you can select a SFC Protect Location of your choice, or simply Automatic, then the device will establish a connection to the nearest cloud server.

Choose Automatic > Click on the green tick button to confirm the change.

Or you may select Home Sharing and use your Relay Sharing Code to create a profile if you have set up a Peplink Relay Client on another device.

Click on Apply Changes to save the change.

By default, the router will build a SpeedFusion tunnel to the SpeedFusion Cloud.

If you are running a latency sensitive service like video streaming or VOIP, a WAN Smoothing sub-tunnel can be created. Navigate to SFC Protect > Client Mode – for Outbound accesses > SFC.

A SpeedFusion tunnel configuration window will pop out.  Click on the + sign to create the WAN Smoothing sub-tunnel.

Click on Save and Apply Changes to save the configuration. Now, the router has 2 SpeedFusion tunnels to the SpeedFusion Cloud.

Create an outbound policy to steer the internet traffic to go into SFC Protect. Please go to Advanced > Outbound Policy, click on Add Rule to create a new outbound policy.

Optimize Cloud Application allows you to route Internet traffic to SpeedFusion Connect Protect based on the application. Go to SFC Protect > Route by Cloud Application.

Select a Cloud application to route through SpeedFusion Cloud from the drop down list > Click > Save > Apply Changes. Click the   to remove a selected Cloud application to route through SpeedFusion Cloud.

SpeedFusion Connect Protect provides a convenient way to route the Wi-Fi client to the cloud from SFC Protect  > Route by Wi-Fi SSID. 

Create a new SSID for SFC Protect. The new SSID will inherit all settings from one of the existing SSIDs including the Security Policy. Then click Save followed by Apply Changes.

SFC Protect SSID will be shown on Dashboard.

SpeedFusion Connect Protectt provides a convenient way to route the LAN client to the cloud from SFC Protect > Route by LAN Client.

Choose a client from the drop down list > Click + > Save > Apply Changes.

LAN interface settings are located at Network > LAN > Network Settings. Navigating to that page will show the following dashboard:

This represents the LAN interfaces that are active on your router (including VLAN). A gray “X” means that the VLAN is used in other settings and cannot be deleted.
You can find which settings are using the VLAN by hovering over the gray “X”.

Alternatively, a red “X” means that there are no settings using the VLAN.
You can delete that VLAN by clicking the red “X”

Clicking any of the existing LAN interfaces (or creating a new one) will show the following:

Drop-in mode (or transparent bridging mode) eases the installation of the Surf SOHO on a live network between the firewall and router, such that changes to the settings of existing equipment are not required.

The following diagram illustrates drop-in mode setup:

Check the box Enable to enable the Drop-in Mode. After enabling this feature and selecting the WAN for Drop-in mode, various settings including the WAN’s connection method and IP address will be automatically updated.

When drop-in mode is enabled, the LAN and the WAN for drop-in mode ports will be bridged. Traffic between the LAN hosts and WAN router will be forwarded between the devices. In this case, the hosts on both sides will not notice any IP or MAC address changes.

After successfully setting up the Surf SOHO as part of the network using drop-in mode, it will, depending on model, support one or more WAN connections. Some  SOHO units also support multiple WAN connections after activating drop-in mode, though a SpeedFusion license may be required to activate more than one WAN port. 

Please note the Drop-In Mode is mutually exclusive with VLAN.

* – Advanced feature, please click the   button on the top right-hand corner to activate.

n case of a network address conflict with remote peers (i.e. PepVPN / IPsec VPN / IP Forwarding WAN are considered as remote connections), you can define Virtual Network Mapping to resolve it.

Note: OSPF & RIPv2 settings should be updated as well to avoid advertising conflicted network.

For further details on virtual network mapping watch this video: https://youtu.be/C1FMdZCn3Z8

* – Advanced feature, please click the button on the top right-hand corner to activate.

Click  to configure port settings, navigate to Network > LAN > Port Settings

On this screen, you can enable specific ports, name the LAN ports, as well as determine the speed of the LAN ports.

You can enable DoH (DNS over HTTPS) support in this section. 

This setting advice how WAN Quality information is being gathered.

By default, WAN Quality information will always be collected automatically for all WAN connections.

With a customized choice of WAN connections, the router will only collect the WAN Quality information of those selected WAN connections. 

WAN connection details need to be configured to connect the router to the internet or another WAN

To start configuring the WAN connection choose Network > WAN from the menu and choose a WAN connection and then click it.            

To ensure traffic is routed to healthy WAN connections only, the Pepwave router can periodically check the health of each WAN connection. The health check settings for each WAN connection can be independently configured.

The Bandwidth Allowance Monitor helps to keep track of your network usage.
To enable this function, connect to the Web Admin Interface and go to Network > WAN.
Check the box Enable next to Bandwidth Allowance Monitor and you can see the following:

The IP Address list represents the list of fixed Internet IP addresses assigned by the ISP, in the event that more than one Internet IP address is assigned to this WAN connection.

Enter the subnet IP Address and Subnet Mask, press the down arrow button, and the list will be populated by the IP addresses of the specified subnet. You should delete the WAN connection’s primary IP address and the gateway address from the list by pressing the Delete button after selecting them in the list.

These additional IP addresses can be assigned to a device on the LAN using NAT Mappings

Pepwave Surf SOHO routers allow registering domain name relationships to dynamic DNS service providers.  Through registration with dynamic DNS service provider(s), the default public Internet IP address of each WAN connection can be associated with a hostname. 

With dynamic DNS service enabled for a WAN connection, you can connect to your WAN’s IP address externally even if its IP address is dynamic.

You must register for an account from the listed dynamic DNS service providers before enabling this option.

If the WAN connection’s IP address is a reserved private IP address (i.e., behind a NAT router), the public IP of each WAN will be automatically reported to the DNS service provider.

Either upon a change in IP addresses or every 23 days without link reconnection, the Pepwave Surf SOHO will connect to the dynamic DNS service provider to update the provider’s IP address records.

If your desired provider is not listed, you may check with DNS-O-Matic. This service supports updating 30 other dynamic DNS service providers. (Note: Peplink is not affiliated with DNS-O-Matic.)

To access Wi-Fi WAN settings, click Network > WAN > Wireless network connection.

The WiFi-WAN and USB WiFi Network connection configuration is similar to the Ethernet WAN configuration, but has a few unique options that are shown in this section.

The options that are the same as  the ethernet WAN connection configuration are shown in the Ethernet WAN section. 

You can manually create a profile to connect to a Wi-Fi connection. This is useful for creating a profile for connecting to hidden-SSID access points. Click Network > WAN Connection Name > Create Profile… to get started.

This will open a window similar to the one shown below:

If signal threshold is defined, this connection will be treated as down when a weaker than threshold signal is determined.

The signal threshold can also be configured using values (this option can be enabled after selecting the question mark)

Indication of WiFi strength values:

If your device supports it, you can specify the priority of WAN connections to be used for making VPN connections. WAN connections set to OFF will never be used. Only available WAN connections with the highest priority will be used. 

To enable asymmetric connections, connection mapping to remote WANs, cut-off latency, and packet loss suspension time, click the   button.

This feature allows you to redirect all traffic to a specified PepVPN connection. Click the button to select your connection and the following menu will appear:

You can (optionally) specify a DNS server to resolve incoming DNS requests. 

Handshake Port

Click the   icon to customize the handshake port (TCP) used to initialize the SpeedFusion VPN connection.

The handshake uses TCP port 32015 by default.

Link Failure Detection Time

The bonded VPN can detect routing failures on the path between two sites over each WAN connection. Failed WAN connections will not be used to route VPN traffic. Health check packets are sent to the remote unit to detect any failure. The more frequently checks are sent, the shorter the detection time, although more bandwidth will be consumed.

• When Recommended (default) is selected, a health check packet is sent every five seconds, and the expected detection time is 15 seconds.
• When Fast is selected, a health check packet is sent every three seconds, and the expected detection time is six seconds.
• When Faster is selected, a health check packet is sent every second, and the expected detection time is two seconds.
• When Extreme is selected, a health check packet is sent every 0.1 second, and the expected detection time is less than one second.

Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. A GRE tunnel is similar to IPSec or SpeedFusion VPN.

To configure a GRE Tunnel, navigate to Advanced > GRE Tunnel.

Click the New Profile button to create new GRE tunnel profiles that establish tunnel connections to remote tunnel endpoints via available WAN connections. To edit the profiles, click on its associated connection name in the leftmost column.

OpenVPN is a site to site VPN mode that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. 

To configure a OpenVPN, navigate to Advanced > OpenVPN and click the New Profile.  

Pepwave routers can flexibly manage and load balance outbound traffic among WAN connections.

The settings for managing and load balancing outbound traffic are located at Advanced > Outbound Policy

The screenshot below shows the Outbound Policy window with Expert mode enabled.

The bottom-most rule HTPS_Peristence is Default. This rule manages the device’s default manner of controlling outbound traffic for all connections that do not match any of the rules above it.
To rearrange the priority of outbound rules, drag and drop them into the desired sequence.

Under Expert Mode, a special rule is displayed on the Custom Rules table which is “SpeedFusion VPN Routes”. It presents all PepVPN routes learned from remote VPN peers. By default, this bar is on the top of all custom rules. That means traffic for remote VPN subnets will be routed to its corresponding VPN peer. You can create custom Priority or Enforced rules and move them above the bar to override the PepVPN Routes.

Upon disabling the Expert Mode, all rules above the bar will be deleted. 

Adding new Custom Outbound Policies

To add new custom rules (Outbound Policies) select Add Rule.

Expert Mode is available on some Pepwave routers for use by advanced users. To enable the feature, click on the help icon and click turn on Expert Mode.

In Expert Mode, a new special rule, SpeedFusionTM Routes, is displayed in the Custom Rules table. This rule represents all SpeedFusionTM routes learned from remote VPN peers. By default, this bar is on the top of all custom rules. This position means that traffic for remote VPN subnets will be routed to the corresponding VPN peer. You can create custom Priority or Enforced rules and move them 

above the bar to override the SpeedFusionTM routes.

Upon disabling Expert Mode, all rules above the bar will be removed.

UPnP and NAT-PMP are network protocols which allow a computer connected to a LAN port or WiFi AP to automatically configure the router to allow parties on the WAN port to connect to itself. That way, the process of inbound port forwarding becomes automated. 

When a computer creates a rule using these protocols, the specified TCP/UDP port of all WAN connections’ default IP address will be forwarded.

Check the corresponding box(es) to enable UPnP and/or NAT-PMP. Enable these features only if you trust the computers connected to a LAN port or WiFi AP. 

When the options are enabled, a table listing all the forwarded ports under these two protocols can be found at Status>UPnP / NAT-PMP.

In the example above, the UPnP device is running. When the UPnP device is disconnected, the router will suspend the service and incoming traffic will be dropped (without error/notification message). The UPnP rule will remain for an interval after the UPnP device is disconnected before being removed.

LAN and PPTP clients can be categorized into three user groups: Manager, Staff, and Guest. This menu allows you to define rules and assign client IP addresses or subnets to a user group. You can apply different bandwidth and traffic prioritization policies on each user group in the Bandwidth Control and Application sections (note that the options available here vary by model).

The table is automatically sorted by rule precedence. The smaller and more specific subnets are put towards the top of the table and have higher precedence; larger and less specific subnets are placed towards the bottom. 

Click the Add button to define clients and their user group. Click the  button to remove the defined rule. Two default rules are pre-defined and put at the bottom. They are All DHCP reservation clients and Everyone, and they cannot be removed. The All DHCP reservation client represents the LAN clients defined in the DHCP Reservation table on the LAN settings page. Everyone represents all clients that are not defined in any rule above. Click on a rule to change its group.

Once users have been assigned to a user group, their internet traffic will be restricted by rules defined for that particular group. Please refer to the following two sections for details.

This section is to define how much minimum bandwidth will be reserved to each user group when a WAN connection is in full load. When this feature is enabled, a slider with two indicators will be shown. You can move the indicators to adjust each group’s weighting. The lower part of the table shows the corresponding reserved download and uploads bandwidth value of each connection.

By default, 50% of bandwidth has been reserved for Manager, 30% for Staff, and 20% for Guest.

The default download and upload limits are set to unlimited (set as 0).  This can be changed as necessary to restrict the speeds to individual devices connected to the router, either wired or wireless.  Note, this limit is applied to all devices.

This section is to define the QoS Application Queue. You can set guaranteed bandwidth for a queue and assign it to applications.

Click the Add button to create the QoS Application Queue. 

Three application priority levels can be set: ↑High,━ Normal, and↓Low. Pepwave routers can detect various application traffic types by inspecting the packet content. Select an application by choosing a supported application, or by defining a custom application manually. The priority preference of supported applications is placed at the top of the table. Custom applications are at the bottom.

Click the Add button to define a custom application. Click the button in the Action column to delete the custom application in the corresponding row.

When Supported Applications is selected, the Pepwave router will inspect network traffic and prioritize the selected applications. Alternatively, you can select Custom Applications and define the application by providing the protocol, scope, port number, and DSCP value.

DSL/cable-based WAN connections have lower upload bandwidth and higher download bandwidth. When a DSL/cable circuit’s uplink is congested, the download bandwidth will be affected. Users will not be able to download data at full speed until the uplink becomes less congested. DSL/Cable Optimization can relieve such an issue. When it is enabled, the download speed will become less affected by the upload traffic. By default, this feature is enabled.

Enable this option to grant PepVPN traffic the highest priority when WAN is congested.

Outbound Firewall Rules

The outbound firewall settings are located at Advanced > Firewall > Access Rules.

To enable or disable the Outbound Firewall to manage device local network traffic, click on the help icon and click here, the sceen will shown below. 

Click Add Rule to display the following screen:

Inbound Firewall Rules

Inbound firewall settings are located at Advanced > Firewall > Access Rules.

Click Add Rule to display the following screen:

Internal Firewall Rules

Internal Network Firewall settings are located at Advanced > Firewall > Access Rules.

Click Add Rule to display the following screen:

Click Save to store your changes. To create an additional firewall rule, click the Add Rule and repeat the above steps.

To change a rule’s priority, simply drag and drop the rule:

• Hold the left mouse button on the rule.
• Move it to the desired position.
• Drop it by releasing the mouse button.

To remove a rule, click the   button.

Rules are matched from top to bottom. If a connection matches any one of the upper rules, the matching process will stop. If none of the rules match, the Default rule will be applied. By default, the Default rule is set as Allow for Outbound, Inbound and Internal Network access.

Intrusion Detection and DoS Prevention

Pepwave routers can detect and prevent intrusions and denial-of-service (DoS) attacks from the Internet. To turn on this feature, click , check the Enable check box, and press the Save button.

When this feature is enabled, the Pepwave router will detect and prevent the following kinds of intrusions and denial-of-service attacks.

• Port scan
  • NMAP FIN/URG/PSH
  • Xmas tree
  • Another Xmas tree
  • Null scan
  • SYN/RST
  • SYN/FIN

• SYN flood prevention
• Ping flood attack prevention

Local Service Firewall settings are located at Advanced > Firewall > Access Rules.

Click Add Rule to display the following window:

Click the Advanced  tab from the top bar, and then click the Routing Protocols > OSPF & RIPv2 item on the sidebar to reach the following menu.

To access RIPv2 settings, click .

BGP (Border Gateway Protocol) is a protocol that manages how packets are routed across the internet through the exchange of routing and reachability information between edge routers. BGP directs packets between autonomous systems (AS) — networks managed by a single enterprise or service provider.

Click the Network tab from the top bar, and then click the BGP item on the sidebar to configure BGP.

Click “x” to delete a BGP profile

Click “Add” to add a new BGP profile

L2TP with IPsec
Pre-shared Key	Enter your pre shared key in the text field. Please note that remote devices will need this preshared key to access the Balance.
Disable Weak Ciphers	Click the   button to show and enable this option. When checked, weak ciphers such as 3DES will be disabled.
Listen On	This setting is for specifying the WAN IP addresses that allow remote user access.

Continue to configure the authentication method.

Select OpenVPN and continue to configure the authentication method.

The OpenVPN Client  profile can be downloaded from the Status > device page after the configuration has been saved.

You have a choice between 2 different OpenVPN Client profiles.

• “route all traffic” profile :Using this profile, VPN clients will send all the traffic through the OpenVPN tunnel
• “split tunnel” profile: Using this profile, VPN clients will ONLY send those traffic designated to the untagged LAN and VLAN segment through the OpenVPN tunnel.

No additional configuration required.

The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues

Continue to configure authentication methods.

RADIUS Server settings are located at Advanced > Misc. Settings > RADIUS Server.

Click New Profile to display the following screen:

This section allows you to assign certificates for the local VPN, OpenVPN, Captive Portal, Mediafast, Contenthub, Wi-Fi WAN (Client and CA) and web admin SSL for extra security. 

Read the following knowledgebase article for full instructions on how to create and import a self-signed certificate: https://forum.peplink.com/t/how-to-create-a-self-signed-certificate-and-import-it-to-a-peplink-product/

Service forwarding settings are located at Advanced > Misc. Settings > Service Forwarding.

Some ISPs require their users to send emails via the ISP’s SMTP server. All outgoing SMTP connections are blocked except those connecting to the ISP’s. Pepwave routers support intercepting and redirecting all outgoing SMTP connections (destined for TCP port 25) via a WAN connection to the WAN’s corresponding SMTP server.

To enable the feature, select Enable under SMTP Forwarding Setup. Check Enable Forwarding for the WAN connection(s) that needs forwarding. Under SMTP Server, enter the ISP’s email server hostname or IP address. Under SMTP Port, enter the TCP port number for each WAN. 

The Pepwave router will intercept SMTP connections. Choose a WAN port according to the outbound policy, and then forward the connection to the SMTP server if the chosen WAN has enabled forwarding. If the forwarding is disabled for a WAN connection, SMTP connections for the WAN will be simply be forwarded to the connection’s original destination.

When this feature is enabled, the Pepwave router will intercept all outgoing connections destined for the proxy server specified in Web Proxy Interception Settings, choose a WAN connection with reference to the outbound policy, and then forward them to the specified web proxy server and port number. Redirected server settings for each WAN can be set here. If forwarding is disabled for a WAN, web proxy connections for the WAN will be simply forwarded to the connection’s original destination.

When DNS forwarding is enabled, all clients’ outgoing DNS requests will also be intercepted and forwarded to the built-in DNS proxy server.

After clicking the enable checkbox, enter your TCP port for traffic heading to the router, and then specify the IP Address and Port of the server you wish to forward the service to.

Service passthrough settings can be found at Advanced > Misc. Settings > Service Passthrough.

Some Internet services need to be specially handled in a multi-WAN environment. Pepwave routers can handle these services such that Internet applications do not notice being behind a multi-WAN router. Settings for service passthrough support are available here.

Using “Grouped Networks” you can group and name a range of IP addresses, which can then be used to define firewall rules or outbound policies.

Start by clicking on “add group” then fill in the appropriate fields.

In this example we’ll create a group “accounting”
Click save when you have finished adding the required networks.

The grouped network “accounting” can now be used to configure a group policy or firewall rule.

The SIM Toolkit, accessible via Advanced>Settings>SIM Toolkit  supports two functionalities, USSD and SMS.

Unstructured Supplementary Service Data (USSD) is a protocol used by mobile phones to communicate with their service provider’s computers. One of the most common uses is to query the available balance.

Enter your USSD code under the USSD Code text field and click Submit.

You will receive a confirmation. To check the SMS response, click Get.

After a few minutes you will receive a response to your USSD code

The SMS option allows you to read SMS (text) messages that have been sent to the SIM in your Peplink routers.

You may define the UDP reply by clicking the Advanced > Misc Setting > UDP Relay. You can click to enable the UPD Broadcast or Multicast traffic for LAN/VLAN/SpeedFusion VPN.

Click “New UDP Relay Rule” to define the relay rule. 

Wireless network settings, including the name of the network (SSID) and security policy can be defined and managed in this section via AP > Wireless SSID

Click New SSID to create a new network profile, or click the existing network profile to modify its settings.

When the RADIUS MAC Authentication is selected in Restricted Mode, the RADIUS Settings will be showing: 

Wireless Mesh Support is available on devices running 802.11ac (Wi-Fi 5) and above. Along with the AP Controller, mesh network extensions can be established, which can expand network coverage. Note that the Wireless Mesh settings need to match the Mesh ID and Shared Key of the other devices on the same selected frequency band.

To create a new Wireless Mesh profile, go to AP > Wireless Mesh, and click Add.

Navigating to AP>Settings displays a screen similar to the one shown below:

A – Advanced feature. Click the   button on the top right-hand corner to activate.

A detailed breakdown of data usage for each AP is available at AP > Access Point.

Access Point
AP Name/Serial Number	This field allows you to quickly find your device if you know its name or serial number. Fill in the field to begin searching. Partial names and serial numbers are supported.
AP Status	This table shows the detailed information of each AP, including channel, number of clients, upload traffic, and download traffic. On the right-hand side of the table, you will see the following icons: . Clicking on the icon displays a table with a list of clients and their usage. Clicking on the icon allows you to configure the AP device’s details. For easier network management, you can give each client a name and designate its location. You can also designate which firmware pack (if any) that this client will follow, as well as the channels that the client will broadcast on. Clicking on the icon displays usage in the form of graphs. Click on any point in the graphs to display detailed usage and client information for that device, using that SSID, at that point in time. On the Data Usage by menu, you can display the information by SSID or by AP send/receive rate. Click the Event tab next to Wireless Usage to view a detailed event log for that particular device.

In-depth wireless SSID reports are available under AP > Wireless SSID.

Click the blue arrow on any SSID to obtain more detailed information on usage for each SSID.

You can search for specific Wi-Fi users by navigating to AP > Wireless Client.

Here, you will be able to see your network’s heaviest users as well as search for specific users. Clicking on the icon bookmarks the specific user, and clicking on the icon displays additional details about the user.

Mesh / WDS allows you to monitor the status of your wireless distribution system (WDS) or mesh network. Track activity by MAC address by navigating to AP > Mesh / WDS. This table shows the detailed information of each AP, including protocol, transmit rate (sent / received), signal strength, and duration.

A list of nearby devices can be accessed by navigating to AP > Nearby Device.

Suspected Rogue Devices

Hovering over a device’s MAC address will result in a popup with information on how the device was detected. Clicking on the icons will mark the device and move them to the table of identified devices.

You can access the AP Controller Event log by navigating to AP > Event Log.

The Admin Settings section allows you to set up your access point’s name, password, security settings, and other options

Upgrading firmware can be done in one of three ways.
Using the router’s interface to automatically check for an update, using the router’s interface to manually upgrade the firmware, or using InControl2 to push an upgrade to a router. 

The automatic upgrade can be done from System > Firmware.

If an update is found the buttons will change to allow you to Download and Update the firmware.

Click on the Download and Upgrade button. A prompt will be displayed advising to download the Current Active Configuration. Please click on the underlined download text. After downloading the current config click the Ok button to start the upgrade process.

The router will download and then apply the firmware. The time that this process takes will depend on your internet connection’s speed.

The firmware will now be applied to the router*. The amount of time it takes for the firmware to upgrade will also depend on the router that’s being upgraded.

*Upgrading the firmware will cause the router to reboot.

Web admin interface : install  updates manually

In some cases, a special build may be provided via a ticket or it may be found in the forum. Upgrading to the special build can be done using this method, or using IC2 if you are using that to manage your firmware upgrades. A manual upgrade using the GA firmware posted on the site may also be recommended or required for a couple of reasons.

All of the Peplink/Pepwave GA firmware can be found here Navigate to the relevant product line (ie. Balance, Max, FusionHub, SOHO, etc). Some product lines may have a dropdown that lists all of the products in that product line. Here is a screenshot from the Balance line.

If the device has more than one firmware version the current hardware revision will be required to know what firmware to download.

Navigate to System > Firmware and click the Choose File button under the Manual Firmware Upgrade section. Navigate to the location that the firmware was downloaded to select the “.img” file and click the Open button.

Click on the Manual Upgrade button to start the upgrade process.

A prompt will be displayed advising to download the Current Active Configuration. Please click on the underlined download text. After downloading the current config click the Ok button to start the upgrade process. The firmware will now be applied to the router*. The amount of time it takes for the firmware to upgrade will depend on the router that’s being upgraded.

*Upgrading the firmware will cause the router to reboot.

The InControl method

Described in this knowledgebase article on our forum.

Time Settings enables the system clock of the Pepwave router to be synchronized with a specified time server. Time settings are located at System>Time.

Enable and disable different functions (such as WAN connections, outbound policy, and firewalls at different times, based on a user-scheduled configuration profile. The settings for this are located at System > Schedule

Enable scheduling, and then click on your schedule name or on the New Schedule button to begin.

Email notification functionality provides a system administrator with up-to-date information on network status. The settings for configuring email notifications are found at System > Email Notification.

After you have finished setting up email notifications, you can click the Test Email Notification button to test the settings before saving. After Test Email Notification is clicked, you will see this screen to confirm the settings:

Click Send Test Notification to confirm. In a few seconds, you will see a message with detailed test results.

Event log functionality enables event logging at a specified remote syslog server. The settings for configuring the remote system log can be found at System>Event Log.

SNMP or simple network management protocol is an open standard that can be used to collect information about the Pepwave router. SNMP configuration is located at System>SNMP.

To add an SNMP community, click the Add SNMP Community button in the Community Name table; the following screen will be  displayed:

To define a username for SNMPv3, click Add SNMP User in the SNMPv3 User Name table, upon which the following screen is displayed:

InControl is a cloud-based service which allows you to manage all of your Peplink and Pepwave devices with one unified system. With it, you can generate reports, gather statistics, and configure your devices automatically. All of this is now possible with InControl.

When this checkbox is checked, the device’s status information will be sent to the Peplink InControl system. This device’s usage data and configuration will be sent to the system if you enable the features in the system.

When the box Restricted to Status Reporting Only is ticked, the router will only report its status, but can’t be managed or configured by InControl.

Alternatively, you can also privately host InControl. Simply check the “Privately Host InControl” box and enter the IP Address of your InControl Host. If you have multiple hosts,  you may enter the primary and backup IP addresses for the InControl Host and tick the “Fail over to InControl in the cloud” box. The device will connect to either the primary InControl Host or the secondary/backup ICA/IC2.

You can sign up for an InControl account at https://incontrol2.peplink.com/. You can register your devices under the account, monitor their status, see their usage reports, and receive offline notifications.

Backing up Pepwave router settings immediately after successful completion of initial setup is strongly recommended. The functionality to download and upload Pepwave router settings is found at System>Configuration. Note that the available options vary by model.

Some Pepwave routers have features that can be activated upon purchase. Once the purchase is complete, you will receive an activation key. Enter the key in the Activation Key field, click Activate, and then click Apply Changes.

This page provides a reboot button for restarting the system. For maximum reliability, the Pepwave router can equip with two copies of firmware. Each copy can be a different version. You can select the firmware version you would like to reboot the device with. The firmware marked with (Running) is the current system boot up firmware.

Please note that a firmware upgrade will always replace the inactive firmware partition.

The ping test tool sends pings through a specific Ethernet interface or a SpeedFusion™ VPN connection. You can specify the number of pings in the field Number of times, to a maximum number of 10 times. Packet Size can be set to a maximum of 1472 bytes. The ping utility is located at System > Tools > Ping, illustrated below:

The traceroute test tool traces the routing path to the destination through a particular Ethernet interface. The traceroute test utility is located at System > Tools > Traceroute.

Peplink routers can send special “magic packets” to any client specified from the Web UI. To access this feature, navigate to System > Tools > Wake-on-LAN.

Select a client from the drop-down list and click Send to send a “magic packet”

The WAN Analysis feature allows you to run a WAN to WAN speed test between 2 Peplink devices .
You can set a device up as a Server or a Client. One device must be set up as a server to run the speed tests and the server must have a public IP address. 

The default port is 6000 and can be changed if required. The IP address of the WAN interface will be shown in the WAN Connection Status section.

The client side has a few more settings that can be changed. Make sure that the Control Port matches what’s been entered on the server side. Select the WAN(s) that will be used for testing and enter the Servers WAN IP address. Once all of the options have been set, click the Start Test button.

The test output will show the Data Streams Parameters, the Throughput as a graph, and the Results.

The test can be run again once it’s complete by clicking the Start button or you can click Close and change the parameters for the test.

System information is located at Status > Device.

The second table shows the MAC address of each LAN/WAN interface connected. To view your device’s
End User License Agreement (EULA), follow the Legal link

Information on active sessions can be found at Status>Active Sessions>Overview.

This screen displays the number of sessions initiated by each application. Click on each service listing for additional information. This screen also indicates the number of sessions initiated by each WAN port. In addition, you can see which clients are initiating the most sessions.

You can also perform a filtered search for specific sessions. You can filter by subnet, port, protocol, and interface.
To perform a search, navigate to Status > Active Sessions > Search.

This Active Sessions section displays the active inbound/outbound sessions of each WAN connection on the Pepwave router. A filter is available to sort active session information. Enter a keyword in the field or check one of the WAN connection boxes for filtering. 

The client list table is located at Status > Client List. It lists DHCP and online client IP addresses, names (retrieved from the DHCP reservation table or defined by users), current download and upload rate, and MAC address. Clients can be imported into the DHCP reservation table by clicking the  button on the right. You can update the record after import by going to Network > LAN.

Information on OSPF and RIPv2 can be found in this section.

Information on BGP can be found in this section.

PepVPN Status shows the current connection status of each connection profile and is displayed at Status> PepVPN/SpeedFusion. 

Click on the corresponding peer name to explore the WAN connection(s) status and subnet information of each VPN peer.

Click button for a chart displaying real-time throughput, latency, and drop-rate information for each WAN connection.

When pressing the button the following menu will appear:

The Speedfusion status page shows all related information about the PepVPN connection.
This screen also allows you to run PepVPN Tests allowing throughput tests.

Peplink also published a whitepaper about Speedfusion which can be downloaded from the following url:
http://download.peplink.com/resources/whitepaper-speedfusion-and-best-practices-2019.pdf

Event log information is located at Status > Event Log

The log section displays a list of events that has taken place on the Pepwave router. Check Auto Refresh to refresh log entries automatically. Click the Clear Log button to clear the log.

WAN Quality allows you to select each WAN and view current WAN Quality.

Detailed information can be seen when selecting a point on the graph.

This section shows bandwidth usage statistics and is located at Status>Bandwidth. Bandwidth usage at the LAN while the device is switched off (e.g., LAN bypass) is neither recorded nor shown.

Real Time

The Data transferred since installation table indicates how much network traffic has been processed by the device since the first bootup. The Data transferred since last reboot table indicates how much network traffic has been processed by the device since the last boot up. 

Hourly

This page shows the hourly bandwidth usage for all WAN connections, with the option of viewing each individual connection. Select the desired connection to check from the drop-down menu.

Daily

This page shows the daily bandwidth usage for all WAN connections, with the option of viewing each individual connection.

Select the connection to check from the drop-down menu. If you have enabled the Bandwidth Monitoring feature, the Current Billing Cycle table for that WAN connection will be displayed.

Click on a date to view the client bandwidth usage of that specific date. This feature is not available if you have selected to view the bandwidth usage of only a particular WAN connection. The scale of the graph can be set to display megabytes (MB) or gigabytes (GB).

Monthly

This page shows the monthly bandwidth usage for each WAN connection. If you have enabled the Bandwidth Monitoring feature, you can check the usage of each particular connection and view the information by Billing Cycle or by Calendar Month.

Click the first two rows to view the client bandwidth usage in the last two months. This feature is not available if you have chosen to view the bandwidth of an individual WAN connection. The scale of the graph can be set to display megabytes (MB) or gigabytes (GB).