CLI: Policies
You can use the policy
command to create a new Optimizer policy. Policies can then be used in Optimizer virtual circuits.
policy <policy-name> {action|enable|filter|schedule}
action {discard|ignore|optimize|redirect type {http_redirect|html_response}}
To configure the policy's action to discard (block):
policy <policy-name> action discard {first-packet}
action discard first-packet
- Discard only the first packet in a connection
To configure the policy's action to ignore (monitor):
policy <policy-name> action ignore
- This allows the packets to pass through the appliance unaffected, which monitors the traffic.
To configure the policy's action to optimize by shaping the bandwidth:
policy <policy-name> action optimize qos {bandwidth|enable|priority}
qos bandwidth guaranteed <num> {kbps|%}
- Configure the policy's guaranteed bandwidth either as kbps or as a percentage of the parent's virtual circuitlogical definitions that partition a a physical network circuit and used to determine what traffic passes through it and how much's bandwidthqos bandwidth burst <num> {kbps|%}
- Configure the policy's burst bandwidth either as kbps or as a percentage of the parent's virtual circuit's bandwidthqos enable
- Enable the QoSQuality of Service action for the policyqos priority <priority (1-10)>
- Set the burst priority ranging from 1 (high) to 5 (normal) to 10 (low). If excess bandwidth is available, the burst priority is used to decide how excess bandwidth is distributed. Policies with a higher burst priority will be preferred when allocating excess bandwidth.
EXAMPLE
Create an Optimizer Policy that matches all traffic belonging to the 'Web' Application Group and guarantees 20% of the bandwidth to that traffic, allowing it to burst to 100%.
policy Policy_1
policy Policy_1 schedule ALWAYS
policy Policy_1 action optimize
policy Policy_1 action optimize qos bandwidth burst 100 %
policy Policy_1 action optimize qos bandwidth guaranteed 20 %
policy Policy_1 action optimize qos priority 2
policy Policy_1 action optimize qos enable
policy Policy_1 filter 1
policy Policy_1 filter 1 app-group Web
policy Policy_1 filter 1 network-object destination ALL
policy Policy_1 filter 1 direction both
policy Policy_1 filter 1 network-object source ALL
To configure the policy's action to optimize by accelerating:
policy <policy-name> action optimize aa {enable|reductionmeasures the amount of redundant data that has been removed from the network, increasing capacity-type|type}
aa enable
- Enable application acceleration for this policy.aa reduction-type {disk|lz|none}
- Specify the reduction technique
disk
- De-duplicate the traffic. The appliance's hard disk drive is used to store the deduplication patterns.lz
- Crompress the traffic using a network optimized LZ compression algorithm.none
- Do not attempt to reduce the traffic. The traffic will still be acclerated.
aa type {acceleration|compression|edge-cache}
- Specify the type of acceleration
acceleration
- Enable full application accelerationcompression
- Enable legacy compressionedge-cache
- Enable Edge Cache
To configure the policy's action to optimize by marking packets:
policy <policy-name> action optimize mark {dscp|tos|vlan}
mark dscp <DSCPDifferentiated Services Code Point mark (0-63)>
- Specify which DSCP mark to put in the IPInternet protocol header of each packetmark tos {normal|min-cost|max-reliability|max-throughput|min-delay}
- Set the ToS mark to put in the IP header of each packetmark vlan {id <VLAN id (0-4094)>} {priority <VLAN priority (0-7)>}
- Specify which VLAN ID and priority to rewrite for each packet. Rewrite the 802.1Q VLAN ID and/or Priority only if an existing VLAN header is present. This is a packet based VLAN rewrite feature. Only packets matching this policy will be rewritten. Other packets that do not match this policy may be required to be rewritten in order for this feature to work (including non-IP packets such as ARPAddress Resolution Protocol, which are not even processed by the Optimizer). Ensure that your topology supports this method of rewriting VLAN IDs before using this feature.
To configure the policy's action to redirect to a webpage (HTTP Redirect):
policy <policy-name> action redirect type http_redirect
policy <policy-name> action redirect value <url>
value <url>
- Specify the URL that you want to redirect the traffic to
EXAMPLE
Redirect traffic to http://mysystem.mycompany.com/login
policy myPolicy
policy myPolicy action redirect
policy myPolicy action redirect type http_redirect
policy myPolicy action redirect value "http://mysystem.mycompany.com/login"
policy myPolicy filter 3
policy myPolicy filter 3 app-name HTTP
policy myPolicy filter 3 app-name HTTP-ALT
policy myPolicy filter 3 app-name HTTPS
To configure the policy's action to return a HTML response:
policy <policy-name> action redirect type html_response
policy <policy-name> action redirect value <url>
value <url>
- Specify the html to send back to the client
EXAMPLE
Redirect traffic to http://mysystem.mycompany.com/login
policy myPolicy
policy myPolicy action redirect
policy myPolicy action redirect type html_response
policy myPolicy action redirect value "Two Hours Exceeded"
policy myPolicy filter 3
policy myPolicy filter 3 app-name HTTP
policy myPolicy filter 3 app-name HTTP-ALT
policy myPolicy filter 3 app-name HTTPS
Note that "Two Hours Exceeded" is the name of a pre-defined HTML Response object.
To configure the policy to only be active for a particular schedule:
policy <policy-name> schedule <schedule-name>
schedule <schedule-name>
- Specify the schedule by name for when this policy will be active. Note the default is 'ALWAYS'.
To configure the rules that will be used to filter the traffic to determine if this policy will apply to the traffic:
policy <policy-name> filter <filter-num>
filter <filter-num>
- Specify the order number of the filter. The numbered filter allows you to tie together several CLICommnad line interface commands into a single filter.
policy <policy-name> filter <filter-num> {app-group|app-name|direction|dscp|network-object|tos|vlan}
app-group <name>
- Specify an application group to match against the trafficapp-name <name>
- Specify a single application to match against the trafficdirection {inbound|outbound|both}
- Specify the traffic direction relative to the appliance. Options are inbound, outbound, or bi-directional.dscp <num>
- Specify a DSCP value to match against the trafficnetwork-object {destination|source} <name>
- Specify the source or destination network objecta logical definition created and stored in the Exinda lilbrary, can represent any network component to match against the traffictos {normal|min-cost|max-reliability|max-throughput|min-delay}
- Specify a ToS name to match against the trafficvlan <name>
- Specify a VLAN object to match against the traffic
To enable the policy:
policy <policy-name> enable