Cato Networks Knowledge Base

Backhauling Traffic via a Socket's WAN Interface IP Address

  • Updated

This article discusses how to configure a site as a backhauling gateway and create network rules to egress traffic to the Internet via the Socket's WAN interface IP address.

Overview

In some scenarios, such as migrating to Cato, you may want to keep using an existing public IP address to access specific Internet applications. For example, the IP address is allowlisted in various SaaS applications, and you are not ready to change it yet. You can configure a gateway site to egress the backhauled traffic directly to the Internet from the Socket WAN interface. In this case, the Socket performs source NAT on the traffic to the WAN interface IP address.

Each backhauling gateway site can be configured for one of the following destinations:

  • Local gateway IP - Sends the backhauled traffic to a LAN device

  • Internet breakout - Egresses the backhauled traffic via the Socket WAN interface

Prerequisites for Internet Traffic Backhauling

  • The backhauling gateway site must be Socket version 16.0 or higher

    • There is no minimum Socket version for the source sites

Diagram of Internet Traffic Backhauling via a Socket WAN IP Address

This is an example of Internet traffic backhauling from sites and SDP users, to egress to the Internet using the WAN interface IP address of the primary or secondary gateway site.

InternetBreakoutDiagram.png

Configuring Internet Backhauling for the Account

This section shows the overview of configuring your account to backhaul Internet traffic to a gateway site.

  1. Define one or more backhauling gateway sites.

  2. Create Internet network rules that backhaul Internet traffic to the gateway sites.

Defining a Site as a Backhauling Gateway for Internet Breakout

Define an existing Socket site as the backhauling gateway site where the Internet traffic is egressed using the IP address for the WAN Socket port. Make sure that this site meets the prerequisites above.

For each gateway site, enable the site as a backhauling gateway. Then set the destination as Internet breakout and select the Socket WAN Port that egresses the Internet traffic.

GW_Internet_breakout.png

To define a site as a backhauling gateway for Internet breakout:

  1. From the navigation menu, select Network > Sites, and select the site.

  2. From the navigation menu, select Site Settings > Backhauling.

  3. Select Use this site as backhauling gateway.

  4. In Select the destination for the traffic, select Internet breakout.

  5. Select the Preferred Socket Port for the Internet traffic.

  6. Click Save.

Configuring Network Rules to Backhaul Traffic via a Socket WAN IP Address

Create an Internet network rule and configure the routing setting to route the traffic to the backhauling gateway. We recommend that you configure more than one backhauling gateway site, so in case the primary gateway site loses connectivity, the Cato PoP backhauls the traffic to the secondary gateway site (and so on if the secondary gateway site is also unreachable).

When you define a domain for the App/Category of a network rule, only the traffic for that specific domain is backhauled. Other related traffic flows for different domains aren’t backhauled.

Note

Note: For users and sites located in China, make sure that the network rules for the backhauled traffic don't violate China's Internet regulations.

For more about the settings for network rules, see Configuring Network Rules.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.