Reset Search
 

 

Article

KB44837 - Implications of using Single NAT in Pulse Connect Secure (PCS) deployments.

« Go Back

Information

 
Last Modified Date6/28/2021 4:34 PM
Synopsis
This article describes the demerits of using NAT in PCS deployments.
Problem or Goal
When Load Balancer or a Firewall is configured with Single NAT, all the end user connections reaching PCS would show the same Source IP Address.

End Point Device -> Internet -> DMZ (LB/FW) Single NAT -> PCS

PCS will in turn treat all the incoming connections as coming from the same source and direct all these requests to a Single CPU core. This overloads a single CPU core affecting the performance and sometimes can cause an outage too.
Cause
Solution
Configure the LB/Firewall to use multiple Source IP Addresses or enable Source IP transparency.
Related Links
Attachment 1 
Created ByRaghu Kumar

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255