System Template
使用这个模板来配置系统级features.
优化
| 场地 | Description |
|---|---|
| IP ID auto optimization | Enables any IP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies). |
| TCP auto optimization | Enables any TCP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies). |
| Flows and tunnel failure | 如果有平行的隧道和一条故障,动态路径控制determines where to send the flows. There are three options: fail-stick– When the failed tunnel comes back up, the flows do not return to the original tunnel. They stay where they are. fail-back- 当失败的隧道恢复后,流动返回原始隧道。 禁用– When the original tunnel fails, the flows are not routed to another tunnel. |
Network Memory
| 场地 | Description |
|---|---|
| Encrypt data on disk | Enables encryption of all the cached data on the disks. Disabling this option is not recommended. |
过多的流动处理
| 场地 | Description |
|---|---|
| 过剩的流政策 | Specifies what happens to flows when the appliance reaches its maximum capacity for optimizing flows. The default is tobypass流。或者,您可以选择drop数据包。 |
Nexthop健康检查
| 场地 | Description |
|---|---|
| 启用健康检查 | 激活下一个啤酒花路由器的平台。 |
| Retry count | Specifies the number of ICMP echoes to send without receiving a reply before declaring that the link to the WAN next hop router is down. |
| 间隔 | Specifies the number of seconds between each ICMP echo sent. |
| 保持计数 | If the link has been declared down, this specifies how many successful ICMP echoes are required before declaring that the link to the next hop router is up. |
各种各样的
| 场地 | Description |
|---|---|
| SSL optimization for non-IPSec tunnels | Specifies whether the appliance should perform SSL optimization when the outbound tunnel for SSL packets is not encrypted (for example, a GRE or UDP tunnel). To enable Network Memory for encrypted SSL-based applications, you must provision server certificates by using the Orchestrator. This activity can apply to the entire distributed network of EdgeConnect appliances or just to a specified group of appliances. |
| Bridge Loop Test | Only valid for virtual appliances. When enabled, the appliance can detect bridge loops. If it detects a loop, the appliance stops forwarding traffic and raises an alarm. Appliance alarms include recommended actions. |
| 始终向原始发送者发送通行流量 | 如果使用WCCP和PBR时隧道倒塌,则打算用于隧道的流量会以其降落方式发送回。 |
| Enable default DNS lookup | Allows the appliance to snoop the DNS requests to map domains to IP addresses. This mapping then can be used in ACLs for traffic matching. |
| Enable HTTP/HTTPS snooping | Enables a more granular application classification of HTTP/HTTPS traffic by inspection of the HTTP/HTTPS header, Host. This is enabled by default. |
| 静止的隧道保持活力 | 指定隧道变成闲置之后发送存放数据包的速率(静止模式)。默认值为60秒。 |
| UDP flow timeout | Specifies how long to keep the UDP session open after traffic stops flowing. The default is 120 seconds (2 minutes). |
| Non-accelerated TCP Flow Timeout | 指定在流量停止流动后保持TCP会话打开多长时间。默认值为1800秒(30分钟)。 |
| Maximum TCP MSS | Maximum Segment Size. The default value is 9000 bytes. This ensures that packets are not dropped for being too large. You can adjust the value (500 to 9000) to lower a packet’s MSS. |
| Nat-T保持活力 | 如果设备在NAT后面,则指定在主机之间发送存放数据包的速率,以使NAT设备中的映射保持完整。 |
| Tunnel Alarm Aggregation Threshold | Specifies the number of alarms to allow before alerting the tunnel alarm. |
| 维护端到端覆盖映射 | 当在多个节点上转发流量时,强制执行相同的覆盖层以端到端使用。 |
| IP指示广播 | Allows an entire network to receive data that only the target subnet initially receives. |
| Allow WAN to WAN routing | 重定向进入LAN流量回到WAN。 |