You can configure Internet network rules to NAT the specific type of traffic and egress from a static public IP address for a PoP. All traffic that matches this rule egresses from that static IP address towards the destination.
We recommend these best practices when you configure network rules with NAT egress IP addresses:
-
Generally, use at least two egress IP addresses for a network rule to provide failover in case the destination isn’t reachable from the first priority.
-
For network rules that only route traffic with sensitive applications, such as VoIP, configure one egress IP address.
When you have a rule that is configured with more than one egress IP address, how do you know which one is used? The following screenshot shows an example of a network rule with two egress IP addresses:
For network rules with multiple egress IP addresses, the Cato Cloud uses the egress IP address for the first PoP shown. If the client can’t reach the destination via the first egress IP address, it uses the second egress IP address.
For example, a network rule can egress the traffic from the New York PoP or from the Chicago PoP with the New York PoP appearing first. Cato tries to egress the specific traffic for this rule from the PoP in New York. If the destination isn’t reachable from the New York PoP, then Cato egresses the traffic from the Chicago PoP.
For network rules that only route traffic with sensitive applications, such as VoIP or ERP, we recommend that you configure these settings:
-
Only ONE egress IP address
-
Enable the Preferred IP for SIP Traffic advanced setting to always use the same egress IP address
These settings force the PoP to only use the egress IP. If that IP isn't available, it waits until the egress IP address is reachable again and makes sure that the connection state is maintained.
0 comments
Please sign in to leave a comment.