Backhaul is a feature that enables you to aggregate all of your application network locations' Internet traffic and have it exit outbound to the Internet and enter inbound to your network via either a single location, or multiple locations. Backhaul requires at least two active Locations in your Corente Services domain. One must be designated as a Backhaul Server and the other as a Backhaul Client.
A Corente Services Gateway that is administered as a Backhaul Client will encrypt all Internet traffic and send it to a Corente Services Gateway designated as a Backhaul Server. The Backhaul Server will route Internet traffic from these Locations to the Internet. This traffic will be routed through whatever devices exist on the Backhaul Server’s network to filter Internet traffic. All application network traffic will continue to use the appropriate tunnels for each partner.
No Backhaul: This Location will not participate in backhaul. This is the default setting for backhaul.
Backhaul Client via server: If you select this option, you must select a Backhaul Server from the selection box beside this option. All Internet traffic for this gateway's LAN will be routed to and from the selected Backhaul Server. Routers behind this Corente Services Gateway will need to be modified to send all outgoing Internet packets to the Corente Services Gateway. The Corente Services Gateway will then send the packets to the gateway designated as the Backhaul Server.
Backhaul Server: This will be a Location to which the Locations designated as Backhaul Clients will send and receive Internet traffic.
Optional Default Gateway: When the Backhaul Server option is selected, you can supply an IP address or DNS name of a server that this Corente Services Gateway will send all of the Internet traffic that has been routed to it. This enables you to specify the server that the traffic will be sent to for filtering and other such services, so that you do not have to change the default Internet Gateway for this gateway in the Network Interfaces section of the Network Tab.
If you enable Backhaul, it is important to define a Special Internal Network Description User Group on the User Groups tab that includes all IP addresses on the corporate network. This will allow the Corente Services Gateway to distinguish between the Internet, subnets participating in the application network, and subnets not participating in the application network, so that traffic will not have the opportunity to be routed to the wrong location and create a security risk. For example, if a Special User Group is not defined, a Corente Services Gateway designated as a Backhaul Server might route non-application network traffic from a Backhaul Client to one of its own non-participating subnets, mistaking the subnet's address as part of the Internet.
If a subnet behind a Corente Services Gateway is on a public, world-routable public IP address space, then NAT must occur some place outside the Corente Services Gateway at the Backhaul Server site. If NAT does not occur, return packets will not flow back through the server and tunnels properly to the subnet.