Note
Note: This feature is only available for limited release. For more information, contact your Cato Networks support.
To improve resiliency of your network, the Recovery via Alt. WAN feature provides support if there are connectivity problems in the Cato Cloud. This feature automatically sends traffic over the Alt. WAN links for a Socket site to recover connectivity. The destination Socket then sends the traffic to the Cato Cloud. When the original Socket re-establishes connectivity to the Cato Cloud, it automatically resumes regular operation.
You can configure the site to send WAN or Internet traffic over the Alt. WAN links during recovery. In addition, you can select a priority threshold for traffic that is recovered.
All traffic that is not configured for recovery, is dropped. For example, if you configure to recover only WAN traffic, then all Internet traffic for the original site is dropped.
During network recovery, the destination Socket sends the traffic to the Cato Cloud. However, if WAN traffic is intended for the destination Socket, then it bypasses the Cato Cloud and these are the changes to the traffic:
-
The WAN firewall is not applied to the traffic
-
The Threat Protection services are not applied to the traffic
-
The Cato Management Application does not analyze data for connectivity and does not generate alerts for network health or quality
When connectivity is restored, these changes are no longer relevant.
You can configure each Socket site to use the Alt. WAN links to recover connectivity for Internet and WAN traffic. If you choose to select a traffic priority for recovery, configure the lowest priority traffic that is recovered. For example, if you select P20, then traffic that is a lower priority (such as P30) is not recovered over the Alt. WAN link.
When you select which recovery Method the site uses, these are the options:
-
Auto - Automatically chooses the destination site based on the lowest site-to-site latency.
-
Specific Site - Assign the sites that will recover the traffic using Alt. WAN links. When there are multiple sites configured for Alt. WAN recovery, the site that is physically closest to the original site is used. For example, if site A is in recovery and site B has a 500 kilometers distance from site A, and site C is 1000 kilometers away- then site B is used for the Alt. WAN recovery.
To configure Alt. WAN Recovery for a site:
-
From the navigation menu, click Network > Sites and select the site.
-
From the navigation menu, click Site Configuration > Recovery via Alt. WAN.
-
Select the options to Enable recovery for WAN traffic, for Internet traffic, or for both.
-
For the WAN and Internet traffic, configure the traffic that is recovered over the Alt. WAN links:
-
All traffic
-
Selected traffic -from the Lowest traffic priority for recovery drop-down menu, select the lowest priority traffic that is recovered.
-
-
In Method, select Auto or Specific Site to define the destination sites for the traffic.
-
For Specific Site, click and select the destination sites that are used for Alt. WAN recovery.
-
Click Save.
-
Recovery via Alt. WAN is supported from Socket version 6.1 and higher
-
Sites that are connected to BGP peers can't be recovered by Alt. WAN links
-
Sites that use Static Range Translation can't be recovered by Alt. WAN links
-
During recovery, the Network Topology window shows sites as disconnected
-
During recovery, QoS and PBR rules are not applied to the traffic
4 comments
What is greatly missing here is recovery of DNS and DHCP functionality over Alt WAN. Nice if you can recover via the Alt WAN routing wise, however without DNS and DHCP the functionality is pretty useless. For example if clients have DNS server 10.254.254.1 configured you need to somehow facilitate routing to the Cato DNS over Alt WAN...
In addition using Cato as DHCP server or using DHCP relay does not seem to recover via Alt WAN so what is the point to have this feature? Or am I missing something?
Can not find in new Dashboard
Hello Brian!
This feature is in Early Availability. Have you requested access to this feature?
Kind Regards,
Dermot Doran
Hello Bert-Jan!
I checked out this with our development team and they have informed me that both DHCP and DNS services should still continue to function. The local socket will act as the DHCP server and DNS will also work (via some form of redirect). I can try to get more details on this if needed.
Kind Regards,
Dermot Doran
Please sign in to leave a comment.