NAT and the Correction Layer on a Security Gateway
For optimal system performance, one Security Group Member handles all traffic for a session.
With NAT, packets sent from the client to the server can be distributed to a different Security Group Member than packets from the same session sent from the server to the client.
The system Correction Layer must then forward the packet to the correct Security Group Member.
Configuring the Distribution Mode correctly keeps correction situations to a minimum and optimizes system performance.
To achieve optimal distribution between Security Group Members in a Security Group in Gateway mode:
|
NAT Rules |
Guidelines |
|---|---|
|
Not using NAT rules |
Set the Distribution Mode to General. |
|
Using NAT rule |
|