Backhauling Traffic to a LAN Device behind a Socket

This article discusses how to configure a Socket site as a backhauling gateway and create network rules to route traffic to a LAN device that is behind the Socket for that site.

This feature is currently in General Availability (GA).

Overview

Cato's Internet traffic backhauling lets you use network rules to backhaul the relevant traffic to an on-premise appliance behind a backhauling gateway Socket site.

For more about Internet traffic backhauling with Cato, see Configuring Internet Traffic Backhauling.

Prerequisites for Internet Traffic Backhauling

  • The backhauling gateway site must be Socket version 12.0 or higher

    • There is no minimum Socket version for the source sites

Diagram of Internet Traffic Backhauling to a LAN Device

This section is an example of Internet traffic backhauling from sites and SDP users to the on-premise LAN device for the primary or secondary gateway site.

Internet_Backhauling_Callouts.png

Item

Name

Description

1

Source sites

Sites defined as the source in the network rules that backhaul traffic to data center 1 as the primary gateway site (item 2a)

2a

Gateway site (data center 1)

Data center 1 is defined as a gateway site, and the backhauled Internet traffic is forwarded to the on-premise appliances for further processing.

2b

Gateway site (data center 2)

Data center 2 is also defined as a gateway site, and the backhauled Internet traffic is forwarded to the on-premise appliances for further processing.

3

SDP users

SDP users defined as the source in the network rules that backhaul traffic to data center 2 as the primary gateway site (item 2b)

Configuring Internet Backhauling for the Account

This section shows the overview of configuring your account to backhaul Internet traffic to a gateway site.

  1. Define one or more backhauling gateway sites.

  2. Create Internet network rules that backhaul Internet traffic to the gateway sites.

Defining a Site as a Backhauling Gateway for a LAN Device

Define an existing Socket site as the backhauling gateway site where the Local gateway IP is the destination for the traffic. Make sure that this site meets the prerequisites above.

For each gateway site, enable the site as a backhauling gateway and then configure the destination as the Local Gateway IP of the site's LAN device, a firewall or layer-3 appliance. The Socket forwards the matching backhauled Internet traffic to the specified Local Gateway IP address.

Note

Note: The Local Gateway IP must be within a configured network range for the gateway site.

GatewaySite_LocalIP.png

To define a site as a backhauling gateway for a LAN device:

  1. From the navigation menu, select Network > Sites, and select the site.

  2. From the navigation menu, select Site Settings > Backhauling.

  3. Select Use this site as backhauling gateway.

  4. In Select the destination for the traffic, select Local gateway IP.

  5. Enter the Local Gateway IP for the LAN device.

  6. Click Save.

Configuring Network Rules to Backhaul Traffic to a LAN Device

Create an Internet network rule and configure the routing setting to route the traffic to the backhauling gateway. We recommend that you configure more than one backhauling gateway site, so in case the primary gateway site loses connectivity, the Cato PoP backhauls the traffic to the secondary gateway site (and so on if the secondary gateway site is also unreachable).

When you define a domain for the App/Category of a network rule, only the traffic for that specific domain is backhauled. Other related traffic flows for different domains aren't backhauled.

Note

Note: For users and sites located in China, make sure that the network rules for the backhauled traffic don't violate China's Internet regulations.

For more about the settings for network rules, see Configuring Network Rules.

For more information about routing options, you can also watch this video tutorial.

Was this article helpful?

1 out of 1 found this helpful

1 comment

  • Comment author
    Jon McNamara

    If backhauling traffic from a source IP that resides in the same site as the Cato Socket, which is configured as the backhauling site, is the backhauling bandwidth restricted to the license applied to that site?

    I have a specific appliance which needs to upload backup data to the cloud and have a fast connection for this but I am not getting the full speed I expected via backhauling the traffic. In fact, it's even slightly slower than when not backhauling! Sending internet traffic directly through the backhauling device (excluding Cato altogether), I get full speed, as expected.

Add your comment