How to Create Rules
Jun 11, 2018
Using the configuration editor, you can create rules for traffic flow and associate the rules with applications and classes. You can specify criteria to filter traffic for a flow, and can apply general behavior, LAN to WAN behavior, WAN to LAN behavior, and packet inspection rules.
To create rules:
1. In the Configuration Editor, navigate to Default Set > Virtual Path Default Set > New_Virtual_Path_Default_Sets > Rules and click the plus (+) icon to add a new custom rule.
2. In the Order field, enter the order value to define when the rule is applied in relation to other rules.
3. In the Application field, select an application. The statistics for rules with the same application name will be grouped together as a rule group and can be viewed together.
For viewing rule groups, navigate to Monitoring > Statistics, and in the Show field select Rule Groups.
You can also add custom applications. For more information, see How to add Rule Groups and Enable MOS.
4. In the Routing Domain field, choose one of the configured routing domains.
5. You can define rule matching criteria to filter services on the basis of the parameters listed below. After the filtering, the rule settings are applied to the services matching these criteria.
* Source IP Address: Source IP address and the subnet mask to match against the traffic.
* Destination IP Address: Destination IP address and the subnet mask to match against the traffic.
Select Dest=Src, if the source and destination IP address are the same.
* Protocol: Protocol to match against the traffic.
* Source Port: Source port number or port range to match against the traffic.
* Destination Port: Destination port number or port range to match against the traffic.
* DSCP: The DSCP tag in the IP header to match against the traffic.
* VLAN: The VLAN ID to match against the traffic.
6. Click the add (+) icon next to the new rule.
7. Click Initialize Properties Using Protocol to initialize the rule properties by applying the rule defaults and recommended settings for the protocol. This will populate the default rule settings. You can also customize the settings manually, as shown in the following steps.
8. Click the WAN General tile to configure the following properties.
* Transmit Mode: Select one of the following transmit modes.
- Load Balance Path: Traffic for the flow will be balanced across multiple paths for the service. Traffic will be sent through the best path until that path is completely used. Leftover packets will be sent through the next best path.
- Persistent Path: Traffic for the flow will remain on the same path until the path is no longer available.
- Duplicate Path: Traffic for the flow is duplicated across multiple paths, increasing reliability.
- Override Service: Traffic for the flow will override to a different service. In the Override Service field, select the service type to which the service will override. For example, a virtual path service could override to an intranet, internet, or pass-through service.
* Retransmit Lost Packets: Send traffic that matches this rule to the remote appliance over a reliable service and retransmit lost packets.
* Enable TCP Termination: Enable TCP termination of traffic for this flow. This reduces the round-trip time for acknowledgement packets and therefore improves throughput.
* Enable IP, TCP and UDP: Compress headers in IP, TCP and UDP packets.
* Enable GRE: Compress headers in GRE packets.
* Enable Packet Aggregation: Aggregate small packets into larger packets.
* Track Performance: Records performance attributes of this rule in a session data base (for example, loss, jitter, latency and bandwidth).
9. Click the LAN to WAN tile, to configure LAN to WAN behavior for this rule.
* Class: Select a class with which to associate this rule.
You can also customize classes before applying rules, for more information, see How to Customize Classes.
* Large Packet Size: Packets smaller than or equal to this size are assigned the Drop Limit and Drop Depth values specified in the fields to the right of the Class field.
Packets larger than this size are assigned the values specified in the default Drop Limit and Drop Depth fields in the Large Packets section of the screen.
* Drop Limit: Length of time after which packets waiting in the class scheduler are dropped. Not applicable for a bulk class.
* Drop Depth: Queue depth threshold after which packets are dropped.
* Enable RED: Random Early Detection (RED) ensures fair sharing of class resources by discarding packets when congestion occurs.
* Reassign Size: Packet length that, when exceeded, causes the packet to be reassigned to the class specified in the Reassign Class field.
* Reassign Class: Class used when the packet length exceeds the packet length specified in the Reassign Size field.
* Disable Limit: Time for which duplication can be disabled to prevent duplicate packets from consuming bandwidth.
* Disable Depth: The queue depth of the class scheduler, at which point the duplicate packets will not be generated.
* TCP Standalone ACK class: High priority class to which TCP standalone acknowledgements are mapped during large file transfers.
10. Click the WAN to LAN tile to configure WAN to LAN behavior for this rule.
* Enable Packets Resequencing: Sequences the packets into the correct order at the destination.
* Hold Time: Time interval for which the packets are held for resequencing, after which the packets are sent to the LAN.
* Discard Late Resequencing Packets: Discard out-of-order packets that arrived after the packets needed for resequencing have been sent to the LAN.
* DSCP Tag: DSCP tag applied to the packets that match this rule, before sending them to the LAN.
11. Click Deep Packet Inspection tile and select Enable Passive FTP Detection to allow the rule to detect the port used for FTP data transfer and automatically apply the rule settings to the detected port.
12. Click Apply.
Save the configuration, export it to the change management inbox, and initiate the change management process.