An administrator can define application and traffic policies. These policies help to enable traffic steering, Quality of Service (QoS), and filtering capabilities for applications. Specify whether a defined rule can be applied globally across all the sites in the network or on certain specific sites.
Policies are defined in the form of multiple rules which get applied in the user-defined order.
Create new rule
An administrator needs to place the defined rule based on the priority. The priorities such as Top of the List, Bottom of the List, or in between two existing entries.
It is recommended to have more specific rules for applications or sub applications at the top, followed by less specific rules for the ones representing broader traffic.
For example, you can create specific rules for both Facebook Messenger (sub application) and Facebook (application). Put a Facebook Messenger rule on top of the Facebook rule so that the Facebook Messenger rule gets hit. If the order is reversed, Facebook Messenger being a subapplication of Facebook application, Facebook Messenger rule would not get hit. It is important to get the order right.
Select traffic for a defined rule such as:
- An application
- Custom defined application
- Group of applications or IP protocol based rule
Specify whether a defined rule can be applied globally across all the sites in the network or on certain specific sites.
Specify how the traffic needs to be steered.
+ New Custom App: Select a match criteria from the list. The administrator can add new custom application by giving a name to:
- Custom application
- protocol (such as TCP, UDP, ICMP)
- Network IP/Prefix
- DSCP tag
You can also create a domain name based custom application.
Click Verify Config to validate any audit error.
The Quality of Service (QoS) section helps to create QoS profile by using the + QoS Profile option. The QoS profile provides improved service to certain traffic. The goal of QoS is to provide priority including traffic type (Real-time, Interactive, and Bulk classes) and dedicated bandwidth. The bandwidth breakups are available in % values. This also improved loss characteristics.
Click Verify Config to validate any audit error.
HDX incorporates advanced optimization and acceleration capabilities to deliver the best performance over any network, including low-bandwidth and high-latency WAN connections.
HDX profiles, along with HDX rules allow to optimize HDX traffic. You can view the following three default profiles:
Global Default: The Global profile is active for all the sites by default.
The Global Default profile now enables single stream HDX globally in the initial case. This profile supports Single-stream or Multi-stream QoS for HDX, depends on the QoS profile selection.
If the selected QoS profile is Standard (default case), then the global default profile will be single stream HDX. In this case, multi-stream QoS for HDX is unchecked and the profile mode is single-Stream.
If the selected QoS profile is HDX, then multi-stream QoS and Deep packet inspection (DPI) are enabled.
To view the QoS profile selection, go to Configuration > QoS > QoS profiles.
You can also view the Global QoS Bandwidth Default Profile under Global Rules in QoS policies and under HDX rules in global rules section.
- You can provide up to five HDX IP and port range.
- No other settings can be modified.
Only the Global Default is a global profile and other profiles are the site level which can override the global profile. So if you want to enable the single stream HDX mode for all the sites in the network, you must make the changes in the global profile. This ensures that this setting is not only applicable to all the available sites but also to any newly added sites.
The available site can be attained by adding all sites to the single-stream profile that essentially overrides global profile at all existing sites.
HDX disabled: Both DPI and multi-stream QoS for HDX are disabled. You can add sites to this profile.
HDX Single Stream: Multi-stream QoS is disabled. You can add sites to this profile.
The default profiles (Global Default, HDX Disabled, and HDX Single Stream) are cannot be deleted.
Either value in a Custom HDX IP-Port Pair or Sites, can be empty (but not both) for all the profiles where you can provide an IP-port pair. Independent Computing Architecture (ICA) ports 1494 and 2598 are not allowed (either by themselves or in range: true for all port fields in HDX profiles). This limitation is applicable to all profiles where ports can be added.
A site can only be part of a single profile. The Global Default profile is applicable to all sites which are not part of any other profile.
The Global Default, HDX Disabled, and HDX Single Stream profiles are also known as Profile Modes.
You can only create new profiles of HDX Multi-Stream type. For any other behavior (for example – HDX single-stream), use the default profile.
You can specify the site names and IP and Port pairs for all three profiles. The IP-Port Pair option is available only if the profile mode is HDX Multi-Stream.
While creating site level HDX rules (under QoS Policies), you need to select the Site HDX Profile Mode.
Based on this selection, all the sites that fall under the Profile Mode are available for selection for the rule.