definitions are an ordered list, a definition that is an exception to a general
case must precede the more general definition on the service-class page. The
first definition whose rule matches the traffic is the one that is applied. For
- Service classes based on
URLs must precede the HTTP service classes in the service-class list, because
any URL-based rule also matches the HTTP service class. Therefore, putting the
HTTP service class first would prevent the URL-based rules or published
application-based rules from ever being used.
- Similarly, service classes
based on ICA (XenApp/XenDesktop) published applications must precede the Citrix
URL-based rules match the HTTP service class, putting the HTTP service class
above them would result in the URL-based rules or published application-based
rules never being used.
Figure 1. Default
Service Class List
- To create an RPC over HTTP service class and bind the SSL profile
- Navigate to the
- In the Name field,
type a name for the service class.
- Make sure that the
Enabled option is selected.
- From the
Acceleration Policy list, select an acceleration policy.
Disk specify where to store the traffic history used for
Disk is usually the best choice, because the appliance
automatically selects disk or memory, depending on which is more appropriate
for the traffic.
Memory specifies memory only.
None is used only for uncompressible encrypted traffic
and real-time video.
a QoS policy option.
- In the traffic shaping policy list, make sure that
Default Policy option is selected.
Traffic shaping policies have a weighted priority and other attributes that
determine how matching traffic will be treated, relative to other traffic. Most
service classes are set to
Default Policy, but higher-priority traffic
can be assigned a higher-priority traffic-shaping policy, and lower-priority
traffic can be assigned a lower-priority policy.
- In the Filter Rules section, click
Add to create filter rule that has Any
as the default value for all parameters. If a rule is evaluated as TRUE for a
given connection, the connection is assigned to that service class. Filter
rules for most service classes consist solely of a list of applications, but
rules can also include IP addresses, VLAN tags, DSCP values, and SSL profile
names. All the fields in a rule default to Any (a wildcard). Fields within a
rule are ANDed together.
- From the Application Group list, select Email
- From the
Available list, select the required applications.
- Move the selected applications to the
- In the Source IP Addresses field, add the
client IP addresses.
- From the Direction list, select the direction
of the traffic.
- In the Destination IP Addresses field, type
the IP address of the server.
- From the SSL
Profiles list, select the SSL profile you have created.
Note: You must configure and bind an SSL profile to the service
class only on the datacenter-side appliance.