This article discusses how to configure an IPsec site as a backhauling gateway and create network rules to route traffic to third-party cloud/proxy based security service.
Cato's Internet traffic backhauling lets you use network rules to backhaul the relevant traffic to a third-party cloud/proxy based security service via the IPsec VPN tunnel.
For more about Internet traffic backhauling with Cato, see Configuring Internet Traffic Backhauling.
This section shows the overview of configuring your account to backhaul Internet traffic to a gateway site.
Define one or more backhauling gateway sites.
Create Internet network rules that backhaul Internet traffic to the gateway sites.
Define an existing IPsec site as the backhauling gateway site.
For each gateway site, enable the site as a backhauling gateway. The PoP in the Cato Cloud forwards the matching backhauled Internet traffic via the IPsec tunnel to the remote end.
To define a site as a backhauling gateway:
From the navigation menu, select Network > Sites, and select the site.
From the navigation menu, select Site Settings > Backhauling.
Select Use this site as backhauling gateway.
Create an Internet network rule and configure the routing setting to route the traffic to the backhauling gateway. We recommend that you configure more than one backhauling gateway site, so in case the primary gateway site loses connectivity, the Cato PoP backhauls the traffic to the secondary gateway site (and so on if the secondary gateway site is also unreachable).
When you define a domain for the App/Category of a network rule, only the traffic for that specific domain is backhauled. Other related traffic flows for different domains aren’t backhauled.
For network rules that use the Backhaul via option, you can use a combination of Socket and IPsec backhauling gateway sites in a single rule.
Note: For users and sites located in China, make sure that the network rules for the backhauled traffic don't violate China's Internet regulations.
For more about the settings for network rules, see Configuring Network Rules.