Cato Networks Knowledge Base

Local Routing at the Socket

  • Updated

For Socket sites, you can configure traffic between local network ranges and/or local host to be routed locally by the Socket and prevent it from going to the Cato Cloud and back. Traffic routed locally is NOT inspected and WAN Firewall rules are not applied to it.

The direction of a rule indicates to which direction the rule applies. For example, an allow rule in one direction from Host A to Host B, locally routes communication initiated by Host A only. An allow rule in both directions from Host A to Host B, routes communication locally initiated by either host.

localrouting.png

To define a local routing rule:

  1. From the navigation menu, click Network > Sites and select the site.

  2. From the navigation menu, click Site Settings > Local Routing.

  3. Click New. The Add Rule panel opens.

  4. In the General section:

    • Enter a Name for the new rule.

    • By default, the rule is Enabled. You can disable the rule using the slider.

    • Under Direction, select To to enable traffic in one direction only, or Both to enable traffic in both directions

  5. In the Source and Destination sections, define the traffic source and destination entities for this rule.

    For more information, see Source and Destination Objects.

  6. In the Protocols section, select the protocols that this rule applies to (TCP, UDP, or ICMP).

  7. In the Ports section, enter the port or port range for this rule.

  8. Click Apply, and then click Save.

Configuring NAT for a Local Routing Rule

There are scenarios that require using NAT between the LAN networks within a site, this can be between two (or more) directly connected networks, or between routed networks (static routes or BGP routes).

Configure a Local Routing rule with Dynamic NAT overload (Port Address Translation - PAT), so that the Socket translates the source IP address of a packet to the egress network range interface IP address and a random port number. The egress interface must belong to a network range (native range, routed range, or VLAN range).

Requirements for Local Routing Rules with NAT:

  • Supported for sites with Sockets version 13.0 and higher

  • You can only configure the rule in the To To_arrow.png direction

  • For SNAT configuration, you must use one of the following predicates as the Destination of the rule: Global Range, Interface Subnet, or a Host

  • After you save the configuration for the rule, the Cato Management Application automatically calculates the Outbound Network and Outbound IP for the rule

  • Known limitation: For local routing rules with NAT for FTP traffic, you must configure the Ports to Any

Local_PAT_Routing.png

These are the fields in the NAT column:

  • Outbound Network - name of the network range in this site

  • Outbound IP - translated egress IP address for this rule

To configure NAT for a local routing rule:

  1. From the navigation menu, click Network > Sites and select the site.

  2. From the navigation menu, click Site Settings > Local Routing.

  3. Click New. The Add Rule panel opens.

  4. Configure the settings for the rule as explained in the section above.

  5. Configure the NAT settings for the rule:

    1. Expand the NAT section.

    2. Click Enable NAT.

    3. For NAT Type, select Dynamic NAT (PAT).

  6. Click Apply, and then click Save.

    The local routing rule shows the Outbound IP (translated IP address) for the rule.

Disabling a Local Routing Rule

You can disable a rule to temporarily disable local routing for that traffic and resume sending it to the Cato Cloud. Cato recommends that you delete rules that you are no longer planning to use.

To disable a local routing rule:

  1. From the navigation menu, click Network > Sites and select the site.

  2. From the navigation menu, click Site Settings > Local Routing.

  3. Click the More icon ( More_icon.png ) on the rule line to disable and select Disable.

  4. Click Save. The rule is disabled.

Deleting a Local Routing Rule

To delete a rule:

  1. From the navigation menu, click Network > Sites and select the site.

  2. From the navigation menu, click Site Settings > Local Routing.

  3. Click the More icon ( More_icon.png ) on the rule line to delete and select Delete Rule.

  4. Click Save. The rule is deleted.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.