Link Search Menu Expand Document

System Template

Use this template to configure system-level features.

Optimization

FieldDescription
IP ID auto optimizationEnables any IP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies).
TCP auto optimizationEnables any TCP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies).
Flows and tunnel failureIf there are parallel tunnels and one fails, Dynamic Path Control determines where to send the flows. There are three options:
  • fail-stick – When the failed tunnel comes back up, the flows do not return to the original tunnel. They stay where they are.
  • fail-back – When the failed tunnel comes back up, the flows return to the original tunnel.
  • disable – When the original tunnel fails, the flows are not routed to another tunnel.

Network Memory

FieldDescription
Encrypt data on diskEnables encryption of all the cached data on the disks. Disabling this option is not recommended.

Excess Flow Handling

FieldDescription
Excess flow policySpecifies what happens to flows when the appliance reaches its maximum capacity for optimizing flows. The default is to bypass flows. Or, you can choose to drop the packets.

NextHop Health Check

FieldDescription
Enable Health checkActivates pinging of the next hop router.
Retry countSpecifies the number of ICMP echoes to send without receiving a reply before declaring that the link to the WAN next hop router is down.
IntervalSpecifies the number of seconds between each ICMP echo sent.
Hold down countIf the link has been declared down, this specifies how many successful ICMP echoes are required before declaring that the link to the next hop router is up.

Miscellaneous

FieldDescription
SSL optimization for non-IPSec tunnelsSpecifies whether the appliance should perform SSL optimization when the outbound tunnel for SSL packets is not encrypted (for example, a GRE or UDP tunnel). To enable Network Memory for encrypted SSL-based applications, you must provision server certificates by using the Orchestrator. This activity can apply to the entire distributed network of EdgeConnect appliances or just to a specified group of appliances.
Bridge Loop TestOnly valid for virtual appliances. When enabled, the appliance can detect bridge loops. If it detects a loop, the appliance stops forwarding traffic and raises an alarm. Appliance alarms include recommended actions.
Always send pass-through traffic to original senderIf the tunnel goes down when using WCCP and PBR, traffic that was intended for the tunnel is sent back the way it came.
Enable default DNS lookupEnables the default DNS server to be included with other configured DNS servers for associating cloud portal domain names to network IP addresses.
Enable HTTP/HTTPS snoopingEnables a more granular application classification of HTTP/HTTPS traffic by inspection of the HTTP/HTTPS header, Host. This is enabled by default.
Quiescent tunnel keep alive timeSpecifies the rate at which to send keep alive packets after a tunnel has become idle (quiescent mode). The default is 60 seconds.
UDP flow timeoutSpecifies how long to keep the UDP session open after traffic stops flowing. The default is 120 seconds (2 minutes).
Non-accelerated TCP Flow TimeoutSpecifies how long to keep the TCP session open after traffic stops flowing. The default is 1800 seconds (30 minutes).
Maximum TCP MSSMaximum Segment Size. The default value is 9000 bytes. This ensures that packets are not dropped for being too large. You can adjust the value (500 to 9000) to lower a packet’s MSS.
NAT-T keep alive timeIf a device is behind a NAT, this specifies the rate at which to send keep alive packets between hosts to keep the mappings in the NAT device intact.
Tunnel Alarm Aggregation ThresholdSpecifies the number of alarms to allow before alerting the tunnel alarm.
Maintain end-to-end overlay mappingEnforces the same overlay to be used end-to-end when traffic is forwarded on multiple nodes.
IP Directed BroadcastAllows an entire network to receive data that only the target subnet initially receives.
Allow WAN to WAN routingRedirects inbound LAN traffic back to the WAN.

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.