You can configure Internet network rules to NAT the specific type of traffic and egress from a static public IP address for a PoP. All traffic that matches this rule egresses from that static IP address towards the destination.
We recommend these best practices when you configure network rules with NAT egress IP addresses:
-
Generally, use at least two egress IP addresses for a network rule to provide failover in case the destination isn’t reachable from the first priority.
-
For network rules that only route traffic with sensitive applications, such as VoIP, configure one egress IP address.
When you have a rule that is configured with more than one egress IP address, the PoP determines which of the addresses to use.
For network rules that only route traffic with sensitive applications, such as VoIP or ERP, we recommend that you configure these settings:
-
Only ONE egress IP address
-
Enable the Preferred IP for SIP Traffic advanced setting to always use the same egress IP address
These settings force the PoP to only use the egress IP. If that IP isn't available, it waits until the egress IP address is reachable again and makes sure that the connection state is maintained.
Some applications might block access if the same NAT IP is used by many users or sites at once. Cato recommends that if there is no need for specific NAT IP for a specific domain, you should use Route Via, which will route the traffic using dynamic POP IPs for the connections.
0 comments
Please sign in to leave a comment.