The Cato service includes three different firewalls for distinct use cases:
-
Internet firewall
-
WAN firewall
-
LAN firewall
To understand the role of each firewall and its relationship to other policies, it’s important to understand that Cato identifies traffic as one of three different types: LAN, WAN, or Internet. Understanding the distinctions and characteristics of these types of traffic is crucial for optimal policy planning and utilization of the different Cato firewall policies. The following table describes the traffic types:
|
Traffic Type |
Description |
Policy Configuration |
How the Traffic is Processed |
|---|---|---|---|
|
Internet |
Traffic to external Internet destinations |
Internet Firewall |
Sent over the WAN to the PoP, and the PoP applies the Internet Firewall policy |
|
WAN |
Traffic to other Cato Cloud destinations, sites or SDP users |
WAN Firewall |
Sent over the WAN to the PoP, and the PoP applies the WAN Firewall policy |
|
LAN |
Traffic between hosts (e.g VLANs) behind the same Socket. In other words, traffic where both the source and the destination IP addresses of a flow belong to the same Socket site. |
LAN Firewall Note: If no LAN firewall rule is configured for traffic within the same site, it is by default considered WAN traffic and sent to the PoP for evaluation by the WAN firewall. For more information, see What is the Socket Next Gen LAN Firewall. |
The Socket applies the LAN Firewall policy The traffic remains local and isn’t sent to the PoP |
0 comments
Article is closed for comments.