Internet Breakout

Internet breakout controls whether a tenant's traffic on a Shared Gateway can reach the public internet through the gateway's WAN connection. This setting is configured per tenant, per MTGE.

How It Works

Each tenant on a Shared Gateway operates within an isolated VRF. By default, traffic stays within that VRF with no path to the internet.

When internet breakout is enabled for a tenant:

• NAT rules are configured to translate the tenant's private addresses to the gateway's WAN IP
• An inter-VRF default route is created, allowing the tenant's traffic to reach the gateway's WAN interface
• The tenant's devices can access the public internet through the gateway

When internet breakout is disabled:

• No NAT rules exist for the tenant's traffic
• No inter-VRF route is created
• The tenant's traffic stays entirely within its VRF (private connectivity only)

Toggling Internet Breakout

1. Navigate to the Shared Gateway Detail page.
2. Select the Tenants tab.
3. Find the tenant and toggle the Internet Breakout switch.
4. The configuration change is pushed to the MTGE immediately.

Per-Tenant, Per-Gateway Setting

Internet breakout is configured independently for each tenant on each gateway. This means:

• Tenant A can have internet breakout enabled on MTGE-1 but disabled on MTGE-2
• Tenant B can have it disabled everywhere
• Each combination is controlled separately

This flexibility supports scenarios where some sites need local internet access while others route all traffic through a central hub.

Use Cases

Scenario	Breakout Setting
Branch office needs local web access	Enabled
All traffic must route through a central firewall	Disabled
Site has a local SaaS application that requires direct internet	Enabled
Strict compliance requires all egress through a single point	Disabled

tip

Internet breakout adds NAT processing overhead on the gateway. Only enable it for tenants that need direct internet access at the gateway site. Tenants that route traffic back to their hub edge do not need breakout enabled.