Use this template to configure system-level features.
|IP ID auto optimization||Enables any IP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies).|
|TCP auto optimization||Enables any TCP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies).|
|Flows and tunnel failure||If there are parallel tunnels and one fails, Dynamic Path Control determines where to send the flows. There are three options:
fail-stick – When the failed tunnel comes back up, the flows do not return to the original tunnel. They stay where they are.
fail-back – When the failed tunnel comes back up, the flows return to the original tunnel.
disable – When the original tunnel fails, the flows are not routed to another tunnel.
|Encrypt data on disk||Enables encryption of all the cached data on the disks. Disabling this option is not recommended.|
Excess Flow Handling
|Excess flow policy||Specifies what happens to flows when the appliance reaches its maximum capacity for optimizing flows. The default is to bypass flows. Or, you can choose to drop the packets.|
NextHop Health Check
|Enable Health check||Activates pinging of the next hop router.|
|Retry count||Specifies the number of ICMP echoes to send without receiving a reply before declaring that the link to the WAN next hop router is down.|
|Interval||Specifies the number of seconds between each ICMP echo sent.|
|Hold down count||If the link has been declared down, this specifies how many successful ICMP echoes are required before declaring that the link to the next hop router is up.|
|SSL optimization for non-IPSec tunnels||Specifies whether the appliance should perform SSL optimization when the outbound tunnel for SSL packets is not encrypted (for example, a GRE or UDP tunnel). To enable Network Memory for encrypted SSL-based applications, you must provision server certificates by using the Orchestrator. This activity can apply to the entire distributed network of EdgeConnect appliances or just to a specified group of appliances.|
|Bridge Loop Test||Only valid for virtual appliances. When enabled, the appliance can detect bridge loops. If it detects a loop, the appliance stops forwarding traffic and raises an alarm. Appliance alarms include recommended actions.|
|Always send pass-through traffic to original sender||If the tunnel goes down when using WCCP and PBR, traffic that was intended for the tunnel is sent back the way it came.|
|Enable default DNS lookup||Enables the default DNS server to be included with other configured DNS servers for associating cloud portal domain names to network IP addresses.|
|Enable HTTP/HTTPS snooping||Enables a more granular application classification of HTTP/HTTPS traffic by inspection of the HTTP/HTTPS header, Host. This is enabled by default.|
|Quiescent tunnel keep alive time||Specifies the rate at which to send keep alive packets after a tunnel has become idle (quiescent mode). The default is 60 seconds.|
|UDP flow timeout||Specifies how long to keep the UDP session open after traffic stops flowing. The default is 120 seconds (2 minutes).|
|Non-accelerated TCP Flow Timeout||Specifies how long to keep the TCP session open after traffic stops flowing. The default is 1800 seconds (30 minutes).|
|Maximum TCP MSS||Maximum Segment Size. The default value is 9000 bytes. This ensures that packets are not dropped for being too large. You can adjust the value (500 to 9000) to lower a packet’s MSS.|
|NAT-T keep alive time||If a device is behind a NAT, this specifies the rate at which to send keep alive packets between hosts to keep the mappings in the NAT device intact.|
|Tunnel Alarm Aggregation Threshold||Specifies the number of alarms to allow before alerting the tunnel alarm.|
|Maintain end-to-end overlay mapping||Enforces the same overlay to be used end-to-end when traffic is forwarded on multiple nodes.|
|IP Directed Broadcast||Allows an entire network to receive data that only the target subnet initially receives.|
|Allow WAN to WAN routing||Redirects inbound LAN traffic back to the WAN.|