This article discusses how to configure a site as a backhauling gateway and create network rules to egress traffic to the Internet via the Socket's WAN interface IP address.
In some scenarios, such as migrating to Cato, you may want to keep using an existing public IP address to access specific Internet applications. For example, the IP address is allowlisted in various SaaS applications, and you are not ready to change it yet. You can configure a gateway site to egress the backhauled traffic directly to the Internet from the Socket WAN interface. In this case, the Socket performs source NAT on the traffic to the WAN interface IP address.
Each backhauling gateway site can be configured for one of the following destinations:
-
Local gateway IP - Sends the backhauled traffic to a LAN device
-
Internet breakout - Egresses the backhauled traffic via the Socket WAN interface
-
The backhauling gateway site must be Socket version 16.0 or higher
-
There is no minimum Socket version for the source sites
-
This section shows the overview of configuring your account to backhaul Internet traffic to a gateway site.
-
Define one or more backhauling gateway sites.
-
Create Internet network rules that backhaul Internet traffic to the gateway sites.
Define an existing Socket site as the backhauling gateway site where the Internet traffic is egressed using the IP address for the WAN Socket port. Make sure that this site meets the prerequisites above.
For each gateway site, enable the site as a backhauling gateway. Then set the destination as Internet breakout and select the Socket WAN Port that egresses the Internet traffic.
To define a site as a backhauling gateway for Internet breakout:
-
From the navigation menu, select Network > Sites, and select the site.
-
From the navigation menu, select Site Settings > Backhauling.
-
Select Use this site as backhauling gateway.
-
In Select the destination for the traffic, select Internet breakout.
-
Select the Preferred Socket Port for the Internet traffic.
-
Click Save.
Create an Internet network rule and configure the routing setting to route the traffic to the backhauling gateway. We recommend that you configure more than one backhauling gateway site, so in case the primary gateway site loses connectivity, the Cato PoP backhauls the traffic to the secondary gateway site (and so on if the secondary gateway site is also unreachable).
When you define a domain for the App/Category of a network rule, only the traffic for that specific domain is backhauled. Other related traffic flows for different domains aren't backhauled.
Note
Note: For users and sites located in China, make sure that the network rules for the backhauled traffic don't violate China's Internet regulations.
For more about the settings for network rules, see Configuring Network Rules.
For more information about routing options, you can also watch this video tutorial.
3 comments
If I have a 10Gb circuit w/ a pair of x1700 sockets with the 4 port 10Gb module connected at the 10Gb on WAN1 and my license is for 2Gbs, Does the traffic that breaks out locally count against my 2Gb license?
Oscar Cuevas I checked with the Product team and this information should answer your question:
I set up the backhauling gateway, but the download is still being blocked...
Please sign in to leave a comment.