Product Documentation

Non-Inline Links

May 09, 2013

For other than simple inline deployments (which serve only one WAN per accelerated bridge), use IP subnets instead of bridge ports to distinguish LAN traffic from WAN traffic. This approach is essential for one-arm deployments, which use only a single bridge port. IP subnets are sometimes useful for inline deployments as well, especially when the appliance serves more than one WAN. For simple inline deployments, however, port based links are easier to define.

The traffic classifier applies a specialized convention when examining the Src IP and Dst IP:

This convention can sometimes be confusing, but it allows the direction of packet travel to be implicitly considered as part of the definition.

Example: Using IP Addresses in Link Definitions
For the configuration shown in the above figure, you can define the LAN and WAN links without specifying the Ethernet ports at all, using the LAN subnet instead:
Example: WCCP and Virtual Inline Modes

Configuration of the WCCP link in the above figure, using IP addresses, is the same as in Example 1, because the LAN and WAN IP subnets are identical.

When WCCP-GRE is used, the GRE headers are ignored and the IP headers within the encapsulated data packets are used. Therefore, this same link definition works for WCCP-L2, WCCP-GRE, inline, and virtual inline modes.

(WCCP and virtual inline modes require configuration of your router. WCCP also requires configuration on the Configuration: Advanced Deployments page.)