Silver Peak SD-WAN Deployment Guide

Deploying in NAT Environments

If the appliance is behind a Network Address Translation (NAT) interface, select NAT (without the strike-through).

Figure 10. NAT Deployment

For deployments in the cloud, best practice is to NAT all traffic — either inbound (WANWide Area Network-to-LANLocal Area Network.) or outbound (LANLocal Area Network.-to-WANWide Area Network), depending on the direction of initiating request. This avoids black-holing that can result from cloud-specific IPInternet Protocol. Network layer protocol in the TCP/IP stack that enables a connectionless internetwork service. address requirements.

• Enabling NAT applies NAT policies to all traffic—pass-through as well as optimized traffic—which ensures that black-holing doesn't occur. NAT on outbound only applies to pass-through trafficTraffic that is sent to the WAN without being optimized..
• If Fallback is enabled, the appliance moves to the next IPInternet Protocol. Network layer protocol in the TCP/IP stack that enables a connectionless internetwork service. (if available) when ports are exhausted on the current NAT IPInternet Protocol. Network layer protocol in the TCP/IP stack that enables a connectionless internetwork service..

In general, when applying NAT policies, configure separate WANWide Area Network and LANLocal Area Network. interfaces to ensure that NAT works properly. Do this by deploying the appliance in Router modeOut-of-path deployment, where data traffic is redirected by using policy-based routing (PBR), Web Cache Coordination Protocol (WCCP), or Virtual Router Redundancy Protocol (VRRP). in-path with two (or four) interfaces.

For more information:

• See the Unity Orchestrator Operator's Guide for a more thorough discussion of this topic.
• Within OrchestratorFormerly GMS. Silver Peak global management software. Manages, provisions, and monitors Silver Peak devices within a network., click the Question Mark on the page for details about each field.