System Template
Use this template to configure system-level features.
Optimization
Field | Description |
---|---|
IP ID auto optimization | Enables any IP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies). |
TCP auto optimization | Enables any TCP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies). |
Flows and tunnel failure | If there are parallel tunnels and one fails, Dynamic Path Control determines where to send the flows. There are three options: fail-stick – When the failed tunnel comes back up, the flows do not return to the original tunnel. They stay where they are. fail-back – When the failed tunnel comes back up, the flows return to the original tunnel. disable – When the original tunnel fails, the flows are not routed to another tunnel. |
Network Memory
Field | Description |
---|---|
Encrypt data on disk | Enables encryption of all the cached data on the disks. Disabling this option is not recommended. |
Excess Flow Handling
Field | Description |
---|---|
Excess flow policy | Specifies what happens to flows when the appliance reaches its maximum capacity for optimizing flows. The default is to bypass flows. Or, you can choose to drop the packets. |
NextHop Health Check
Field | Description |
---|---|
Enable Health check | Activates pinging of the next hop router. |
Retry count | Specifies the number of ICMP echoes to send without receiving a reply before declaring that the link to the WAN next hop router is down. |
Interval | Specifies the number of seconds between each ICMP echo sent. |
Hold down count | If the link has been declared down, this specifies how many successful ICMP echoes are required before declaring that the link to the next hop router is up. |
Miscellaneous
Field | Description |
---|---|
SSL optimization for non-IPSec tunnels | Specifies whether the appliance should perform SSL optimization when the outbound tunnel for SSL packets is not encrypted (for example, a GRE or UDP tunnel). To enable Network Memory for encrypted SSL-based applications, you must provision server certificates by using the Orchestrator. This activity can apply to the entire distributed network of EdgeConnect appliances or just to a specified group of appliances. |
Bridge Loop Test | Only valid for virtual appliances. When enabled, the appliance can detect bridge loops. If it detects a loop, the appliance stops forwarding traffic and raises an alarm. Appliance alarms include recommended actions. |
Always send pass-through traffic to original sender | If the tunnel goes down when using WCCP and PBR, traffic that was intended for the tunnel is sent back the way it came. |
Enable default DNS lookup | Enables the default DNS server to be included with other configured DNS servers for associating cloud portal domain names to network IP addresses. |
Enable HTTP/HTTPS snooping | Enables a more granular application classification of HTTP/HTTPS traffic by inspection of the HTTP/HTTPS header, Host. This is enabled by default. |
Quiescent tunnel keep alive time | Specifies the rate at which to send keep alive packets after a tunnel has become idle (quiescent mode). The default is 60 seconds. |
UDP flow timeout | Specifies how long to keep the UDP session open after traffic stops flowing. The default is 120 seconds (2 minutes). |
Non-accelerated TCP Flow Timeout | Specifies how long to keep the TCP session open after traffic stops flowing. The default is 1800 seconds (30 minutes). |
Maximum TCP MSS | Maximum Segment Size. The default value is 9000 bytes. This ensures that packets are not dropped for being too large. You can adjust the value (500 to 9000) to lower a packet’s MSS. |
NAT-T keep alive time | If a device is behind a NAT, this specifies the rate at which to send keep alive packets between hosts to keep the mappings in the NAT device intact. |
Tunnel Alarm Aggregation Threshold | Specifies the number of alarms to allow before alerting the tunnel alarm. |
Maintain end-to-end overlay mapping | Enforces the same overlay to be used end-to-end when traffic is forwarded on multiple nodes. |
IP Directed Broadcast | Allows an entire network to receive data that only the target subnet initially receives. |
Allow WAN to WAN routing | Redirects inbound LAN traffic back to the WAN. |