The Outbound Policy section allows you to manage how your LAN-to-Internet traffic is routed according to the rule/algorithm options.
Before configuring Outbound Policies take note of the following:
• Only devices running firmware 8.0 or above support Outbound Policy rule sets created in InControl.
• Make sure the up and download bandwidth values for the network WAN connection(s) are configured for the outbound policies to work properly.
- A rule set refers to the entire set of rules as defined in the device’s outbound policy page (Network > Outbound Policy). Within the rule set, each rule applies to a name-specific WAN connection (e.g. WAN 1). When applying imported rule sets to selected devices, only WAN connections with matching names (e.g. WAN 1) will be imported. If the rule has no matching WAN connections, then the rule will not be applied to the selected device.
For example, to apply a rule that enforces traffic to “WAN 1”, each selected device also needs a WAN called “WAN 1”. For devices without a “WAN 1”, the rule will be excluded.
- The same logic applies to PepVPN profiles available in Priority and Enforced algorithms: the name of the rule’s PepVPN profile needs to match with the name of a PepVPN profile on the selected devices in order for the rule to be applied.
Select the tick box to manage Outbound policies on devices in the group.
Several rulesets containing one or more outbound policies can be created and applied to one or more devices in the group using tags.
Existing Outbound policy rule sets can be imported using a Peplink configuration file or can be newly configured.
Importing Outbound Policy rules
Outbound policies can be created on the local device and imported using the Pepllink configuration file.
To start Click the “Import Rule Set from Configuration File” button.
A window will pop up showing all the Outbound policies available in that configuration file.
This will create a new Outbound Policies Rule Set when saved.
Before saving select the options to enable or disable individual outbound policies.
Select if the rule set should be applied to All Balance and Max devices or a selection of your devices using ‘tags’.
After being saved the rule set will be available from the main Outbound Policy section in InControl.
Creating a new Outbound Policy rule set
Start creating a new rule set by selecting the “Create rule set” button.
Each new rule set contains a “HTTPS_Persistence” rule which makes sure HTTPS sessions are not interrupted when the originating IP address changes mid-session.
Create new rules by using the “Add rule” button.
Configure the following options to create a rule:
|Source||Choose between Any (all traffic), IP address, IP Network, MAC Address or Grouped Network as the traffic source.|
|Destination||Choose between Any, IP Address, IP Network, Domain Name, PepVPN Network, Grouped Network, SaaS or Region.|
|Protocol||Choose between Any, TCP, UDP or IP address to define the traffic kind. Port numbers for certain traffic can be configured using the port number or select the protocol from the drop-down list (for example FTP, Citrix, SMTP).|
|Algorithm||Choose the algorithms “weighted Balance”, “Persistence”, “Enforced”, “Priority”, “Overflow”, “Least Used”, “Lowest Latency” and “Fastest Response Time”|
|Load Distribution Weight||Add the Wan connections and Weight to distribute the traffic proportionally over several WAN connections.|
|When no Connections are available||This option allows you to configure which action to take when a rule set applied to a WAN that is disconnected or down. Choose between “Drop the traffic”, “Use any available connections or “fall-through to the next rule”|
Outbound policies configured on the local device are overwritten or preserved (default) depending on the configuration.
using the SaaS (Software as a Service) option as a destination in the Outbound Policy allows for controlling the way “G Suite” or “Microsoft Office 365” traffic is routed.
Using the region option as a destination allows for controlling traffic to servers in a specific country.