- Direct Internet Breakout at Branch with Integrated Firewall
- Direct Internet Breakout at Branch forwarding to Secure Web Gateway
- Backhaul Internet to Data Center MCN
The NetScaler SD-WAN solution provides the ability to backhaul Internet traffic to the MCN site or other NetScaler SD-WAN client-node sites for access to the Internet. The term “backhaul” indicates traffic destined for the Internet will be sent back to another predefined site which has access to the Internet via a WAN link. This may be the case for networks that do not allow Internet access directly at a branch office because of security concerns, or due to the underlay networks topology. An example would be a remote site that lacks an external firewall where the on-board NetScaler SD-WAN firewall does not meet the security requirements for that site. For some environments, backhauling all remote site internet traffic through the hardened DMZ at the Data Center may be the most desired approach to providing Internet access to users at remote offices. This approach does however have its limitations to be aware of following and the underlay WAN links size appropriately.
Backhaul of internet traffic adds latency to internet connectivity and is variable depending on the distance of the branch site with respect to the data center
Backhaul of internet traffic will consume bandwidth on the Virtual Path and should be accounted for in sizing of WAN links
Backhaul of internet traffic may over-subscribe the Internet WAN link at the Data Center
All NetScaler SD-WAN devices can terminate up to 8 distinct Internet WAN links into a single device. Licensed throughput capabilities for the aggregated WAN links are listed per respective appliance on the NetScaler SD-WAN datasheet.
The NetScaler SD-WAN solution supports the backhaul of internet traffic with the following configuration.
Enable Internet Service at the MCN site node, or any other site note where Internet Service is desired.
2. On the branch nodes where internet traffic will be backhauled, manually add a 0.0.0.0/0 route to default all default traffic to the Virtual Path Service with the next hop denoted as the MCN, or intermediary site.
3. Verify that the route table of the branch site does not have any other lower cost routes that would steer traffic other than the desired backhaul route through the Virtual Path.