SaaS remote internet breakout
SaaS remote internet breakout is used when branch traffic needs to route a SaaS application (for example, a VoIP solution) through the HUB.
You can use this configuration to enable SaaS remote internet breakout on the branch devices. This allows branch devices to access cloud applications through the hub device. The spoke device routes only Ringcentral VoIP traffic through hub overlays. The SD-WAN rule is set to set gateway enable to override the route table and send traffic that matches this application through the hub.
Following is a summary of configuring SaaS remote internet breakout:
- Create an SD-WAN rule for cloud applications. See Creating an SD-WAN rule for cloud applications.
- Create a policy to allow traffic on the hub. See Creating a policy to allow traffic on the hub .
Creating an SD-WAN rule for cloud applications
To create an SD-WAN rule:
- Go to Device Manager > Provisioning Templates > SD-WAN Templates.
- Double-click the Branches template to open it for editing.
- Under SD-WAN Rules, click +Create New. The Create New SD-WAN Rule pane is displayed.
- Complete the following options, and click OK to save the new rule:
Name
Cloud Applications
Destination
- Select Internet Service.
- Click the box beside Application Group, and click + to create a new application group.
- Set Name to Cloud_Applications.
- Set Application to Ringcentral (ID: 42635).
- Click OK to save the application group.
Strategy
Lowest Cost (SLA)
Interface Preference
HUB1-VPN1, HUB1-VPN2
Required SLA Target
Hub1_HC Advanced Options
Enable gateway.
- Move the rule to the position two (2) below Corporate_Traffic.
- Click OK to save the SD-WAN template.
Creating a policy to allow traffic on the hub
To create a policy to allow traffic on the hub device:
- Go to Policy & Objects.
- Select the HUB policy package, and click +Create New to define a new policy.
- Set the following options, and click OK:
Name
Remote Internet Breakout
Incoming Interface
Branches
Outgoing Interface
WAN1, WAN2
IPv4 Source Address
Branch network
IPv4 Destination Address
all Action
Accept
NAT
Enabled
- Install the branch and hub policy packages.