Inquiry About Application Traffic Routing and Network Rules in CATO SASE

Question

Hi all,I have a question regarding configuring application traffic routing in the CATO SASE platform. Specifically, I would like to direct some application traffic to the CATO Cloud while routing other application traffic locally. I understand that this can be achieved using Bypass or Split Tunnel Policies, but I noticed that only five applications can be selected in these policies.Given that the Network Rules function offers a broader selection of applications, can Network Rules be used to achieve the same routing objectives? If so, I’d appreciate guidance on how to configure this effectively.Thank you for your assistance, and I look forward to your insights.

bizzle90 · Answer

Hi IO,So in the use case above, you could use Off-Cloud; please kindly see the KB below, which explains this in&nbsp; detail:https://support.catonetworks.com/hc/en-us/articles/4413265642257-Routing-Traffic-to-an-Off-Cloud-Link&nbsp;

lo · Answer

Thank you for sharing the information!😀 I have a question regarding the bandwidth when using the Off-Cloud function. For example, if my company has a 1000 Mbps internet speed and we have purchased 25 Mbps bandwidth on the CATO Cloud, will using the Off-Cloud function allow us to revert to 1000 Mbps, bypassing the 25 Mbps limit? We are concerned about maintaining optimal speed. Alternatively, is there any other function we can use to meet this requirement?

bizzle90 · Answer

Hi Io,So the answer to your question is yes you should be able to do that. When the traffic is not traversing through the Cato Cloud like Off-Cloud, as I have mentioned, it's not subject to license enforcement.To re-confirm, the WAN traffic traversing via off-cloud receives the configured WAN interface BW configuration,&nbsp;not the bandwidth license.So you can configure higher bandwidth on your WAN interface for these types of traffic, exceeding the license bandwidth that you purchase.Thanks,

jm · Answer

Isn't Off-Cloud just for direct traffic between Cato sockets? For Internet traffic I'd assume Bypass was the appropriate feature.

bizzle90 · Answer

So, in this use case, it does depend. If the IO has some of these services housed on an internal server on the Cato WAN, then&nbsp;Off-Cloud&nbsp;would be the way to go; however,&nbsp;if this traffic is internet-based, then yes, as you mentioned, the bypass feature would be the right solution.&nbsp;&nbsp;

Forum Discussion

Inquiry About Application Traffic Routing and Network Rules in CATO SASE

Related Content

Bypass Hulu Traffic?

You Ask a Good Question: Top 5 Applications Per Site, by Total Bandwidth

Inquiry About Remote Port Forwarding on IPsec Tunnel

Restricting traffic to PoP based out of the country

Use Case- Bypass internal application access through CATO when in office

Recent Discussions

IPS Whitelist GEO_RESTRICTION using domain name

Setting up custom email alerts for changes in CMA

Allow Only Specific Channels in YouTube

LAN Firewall rules - missing "IP range" in src/dst

App catalog categorizations?