Why must NAT rules be consistent across edges in SD-WAN when using multi-path connectivity?

• A. To ensure consistent addressing across all tunnels and that return traffic follows the intended path
• B. NAT is not used in SD-WAN
• C. To ensure return traffic uses the correct path
• D. NAT is only for inbound traffic

Answer: (A)

In SD-WAN with multiple paths, NAT rules must be the same on every edge so the translated (public) source address stays consistent for a given session. When a flow can exit through different tunnels, the edge that handles the egress needs to present a predictable public address and port mapping. If NAT differs between edges, the remote peer might see different source information for what is actually the same session, which can lead to the return traffic taking a different path, getting misrouted, or being dropped due to state mismatches or firewall/policy checks. Consistent NAT ensures the session remains identifiable and that replies come back along the intended path, preserving end-to-end connectivity and state.

NAT is indeed used in SD-WAN for outbound egress address translation, so the notion that NAT isn’t used isn’t accurate. NAT is not solely for inbound traffic, and while ensuring the return path uses the correct path is part of the outcome, the key reason this choice captures is the need for consistent addressing across all tunnels to support reliable multi-path operation.