SaaS remote internet breakout is used when branch traffic needs to route a SaaS application (for example, a VoIP solution) through the HUB.
You can use this configuration to enable SaaS remote internet breakout on the branch devices. This allows branch devices to access cloud applications through the hub device. The spoke device routes only Ringcentral VoIP traffic through hub overlays. The SD-WAN rule is set to set gateway enable to override the route table and send traffic that matches this application through the hub.
Following is a summary of configuring SaaS remote internet breakout:
- Create an SD-WAN rule for cloud applications. See Creating an SD-WAN rule for cloud applications.
- Create a policy to allow traffic on the hub. See Creating a policy to allow traffic on the hub .
- Go to Device Manager > Provisioning Templates > SD-WAN Templates.
- Double-click the Branches template to open it for editing.
- Under SD-WAN Rules, click +Create New. The Create New SD-WAN Rule pane is displayed.
- Complete the following options, and click OK to save the new rule:
- Select Internet Service.
- Click the box beside Application Group, and click + to create a new application group.
- Set Name to Cloud_Applications.
- Set Application to Ringcentral (ID: 42635).
- Click OK to save the application group.
Lowest Cost (SLA)
Required SLA Target
- Move the rule to the position two (2) below Corporate_Traffic.
- Click OK to save the SD-WAN template.
- Go to Policy & Objects.
- Select the HUB policy package, and click +Create New to define a new policy.
- Set the following options, and click OK:
Remote Internet Breakout
IPv4 Source Address
IPv4 Destination Address
- Install the branch and hub policy packages.