NAT and the Correction Layer on a Security Gateway
For optimal system performance, an entire session should be handled by the same SGM. With NAT, packets sent from the client to the server can be distributed to a different SGM than packets from the same session sent from the server to the client. The system Correction Layer then must forward the packet to the correct SGM.
Correctly configuring Distribution Modes keeps corrections situations to a minimum and optimizes system performance. To achieve optimal distribution between SGMs on the gateway:
- When not using NAT rules: Set the General Distribution Mode.
- When using NAT rules: Set the hidden network(s) to User Mode, and the destination network(s) to Network Mode.
|