CLI: Policies

You can use the policy command to create a new Optimizer policy. Policies can then be used in Optimizer virtual circuits.

policy <policy-name> {action|enable|filter|schedule}

  • action {discard|ignore|optimize|redirect type {http_redirect|html_response}}

To configure the policy's action to discard (block):

policy <policy-name> action discard {first-packet}

  • action discard first-packet - Discard only the first packet in a connection

To configure the policy's action to ignore (monitor):

policy <policy-name> action ignore

  • This allows the packets to pass through the appliance unaffected, which monitors the traffic.

To configure the policy's action to optimize by shaping the bandwidth:

policy <policy-name> action optimize qos {bandwidth|enable|priority}

EXAMPLE

Create an Optimizer Policy that matches all traffic belonging to the 'Web' Application Group and guarantees 20% of the bandwidth to that traffic, allowing it to burst to 100%.

policy Policy_1
policy Policy_1 schedule ALWAYS
policy Policy_1 action optimize
policy Policy_1 action optimize qos bandwidth burst 100 %
policy Policy_1 action optimize qos bandwidth guaranteed 20 %
policy Policy_1 action optimize qos priority 2
policy Policy_1 action optimize qos enable
policy Policy_1 filter 1
policy Policy_1 filter 1 app-group Web
policy Policy_1 filter 1 network-object destination ALL
policy Policy_1 filter 1 direction both
policy Policy_1 filter 1 network-object source ALL

To configure the policy's action to optimize by accelerating:

policy <policy-name> action optimize aa {enable|reductionmeasures the amount of redundant data that has been removed from the network, increasing capacity-type|type}

  • aa enable - Enable application acceleration for this policy.
  • aa reduction-type {disk|lz|none} - Specify the reduction technique
  • disk - De-duplicate the traffic. The appliance's hard disk drive is used to store the deduplication patterns.
  • lz - Crompress the traffic using a network optimized LZ compression algorithm.
  • none - Do not attempt to reduce the traffic. The traffic will still be acclerated.
  • aa type {acceleration|compression|edge-cache} - Specify the type of acceleration
  • acceleration - Enable full application acceleration
  • compression - Enable legacy compression
  • edge-cache - Enable Edge Cache

To configure the policy's action to optimize by marking packets:

policy <policy-name> action optimize mark {dscp|tos|vlan}

  • mark dscp <DSCPDifferentiated Services Code Point mark (0-63)> - Specify which DSCP mark to put in the IPInternet protocol header of each packet
  • mark tos {normal|min-cost|max-reliability|max-throughput|min-delay} - Set the ToS mark to put in the IP header of each packet
  • mark vlan {id <VLAN id (0-4094)>} {priority <VLAN priority (0-7)>} - Specify which VLAN ID and priority to rewrite for each packet. Rewrite the 802.1Q VLAN ID and/or Priority only if an existing VLAN header is present. This is a packet based VLAN rewrite feature. Only packets matching this policy will be rewritten. Other packets that do not match this policy may be required to be rewritten in order for this feature to work (including non-IP packets such as ARPAddress Resolution Protocol, which are not even processed by the Optimizer). Ensure that your topology supports this method of rewriting VLAN IDs before using this feature.

To configure the policy's action to redirect to a webpage (HTTP Redirect):

policy <policy-name> action redirect type http_redirect

policy <policy-name> action redirect value <url>

  • value <url> - Specify the URL that you want to redirect the traffic to

EXAMPLE

Redirect traffic to http://mysystem.mycompany.com/login

policy myPolicy
policy myPolicy action redirect
policy myPolicy action redirect type http_redirect
policy myPolicy action redirect value "http://mysystem.mycompany.com/login"
policy myPolicy filter 3
policy myPolicy filter 3 app-name HTTP
policy myPolicy filter 3 app-name HTTP-ALT
policy myPolicy filter 3 app-name HTTPS

To configure the policy's action to return a HTML response:

policy <policy-name> action redirect type html_response

policy <policy-name> action redirect value <url>

  • value <url> - Specify the html to send back to the client

EXAMPLE

Redirect traffic to http://mysystem.mycompany.com/login

policy myPolicy
policy myPolicy action redirect
policy myPolicy action redirect type html_response
policy myPolicy action redirect value "Two Hours Exceeded"
policy myPolicy filter 3
policy myPolicy filter 3 app-name HTTP
policy myPolicy filter 3 app-name HTTP-ALT
policy myPolicy filter 3 app-name HTTPS

Note that "Two Hours Exceeded" is the name of a pre-defined HTML Response object.

To configure the policy to only be active for a particular schedule:

policy <policy-name> schedule <schedule-name>

  • schedule <schedule-name> - Specify the schedule by name for when this policy will be active. Note the default is 'ALWAYS'.

To configure the rules that will be used to filter the traffic to determine if this policy will apply to the traffic:

policy <policy-name> filter <filter-num>

  • filter <filter-num> - Specify the order number of the filter. The numbered filter allows you to tie together several CLICommnad line interface commands into a single filter.

policy <policy-name> filter <filter-num> {app-group|app-name|direction|dscp|network-object|tos|vlan}

  • app-group <name> - Specify an application group to match against the traffic
  • app-name <name> - Specify a single application to match against the traffic
  • direction {inbound|outbound|both} - Specify the traffic direction relative to the appliance. Options are inbound, outbound, or bi-directional.
  • dscp <num> - Specify a DSCP value to match against the traffic
  • network-object {destination|source} <name> - Specify the source or destination network objecta logical definition created and stored in the Exinda lilbrary, can represent any network component to match against the traffic
  • tos {normal|min-cost|max-reliability|max-throughput|min-delay} - Specify a ToS name to match against the traffic
  • vlan <name> - Specify a VLAN object to match against the traffic

To enable the policy:

policy <policy-name> enable