Upgrading the Local Routing Policy to the LAN Firewall

This article describes how to automatically migrate the Local Routing rules for a site to the LAN Firewall policy.


The LAN Firewall policy enhances the existing Local Routing capabilities that control the LAN communication between hosts and networks behind a Socket site. As part of the process to upgrade the Local Routing policy to the LAN Firewall, Cato automatically migrates the existing Local Routing rules to the LAN Firewall policy format. All the Local Routing functionality and settings are maintained after the migration without any further actions. For more about the LAN Firewall, see Configuring the Socket LAN Firewall Policy.

No impact is expected during the migration process, however as a standard precaution, we recommend that you upgrade the policy during a maintenance window.


You can only use the migration tool for sites that meet the following requirements for the LAN Firewall:

  • All Sockets in the site are running Socket version 18.0 or higher

    The upgrade option is only available for sites that meet the prerequisistes.

Upgrading Local Routing Policy to the LAN Firewall Policy

When you start the process to upgrade Local Routing policy to the LAN firewall, the Cato Management Application automatically migrates all the rules to the new LAN Firewall format. When the migration is complete, the rules appear as follows:

  • The Local Routing screen is now called LAN Firewall

  • Rules keep the same priority, order, and rule name

  • The Protocols and Ports for Local Routing rules are migrated to a single entity in the Service/Port in the LAN Firewall

  • Local Routing rules with no defined Protocol, are assigned the value Any in the LAN Firewall

  • The action is set to Allow locally

The following screenshot shows an example of the Local Routing policy (before the migration):


This screenshot shows the LAN Firewall policy after the migration is completed:


To migrate the Local Routing rules to the LAN Firewall:

  1. From the navigation pane, select Configuration > Sites and select the site.

  2. From the navigation menu, click Site Configuration > Local Routing.

  3. Click Upgrade to LAN FW.

  4. In the confirmation window, click Confirm. The rules are migrated to the LAN Firewall policy.


Question: Can the LAN Firewall policy be reverted to the Local Routing policy?

Answer: Yes. Please contact Support to revert back to the Local Routing Policy. You can only revert rules with the Allow locally action.

Was this article helpful?

1 out of 1 found this helpful


Add your comment