Setting in-path rules – HP StorageWorks Enterprise File Services WAN Accelerator User Manual
Page 25
HP S
TORAGE
W
ORKS
EFS WAN A
CCELERATOR
M
ANAGEMENT
C
ONSOLE
U
SER
G
UIDE
25
2 C
ONF
IGUR
ING
TH
E
HP
EF
S
WA
N
A
CC
EL
ERA
T
O
R
3. Click Apply to apply your settings to the running configuration. (Apply your
settings to test a new configuration before saving them permanently.)
4. Click Save to save your settings permanently or click Reset to return the settings
to their previous values.
Setting In-Path
Rules
You set in-path configuration rules in the Optimization Service - In-Path Rules page.
An in-path rule defines the policies for intercepting traffic on specified ports for
optimization.
You can create rules that apply to a single port or to a port label. A port label is a name
that you assign to a set of ports so that you can reduce the number of configuration
rules in your system. The following port labels are created by default in your system:
Interactive. Automatically passes through traffic on interactive ports (for
example, Telnet, TCP ECHO, remote logging, and shell).
Secure. Automatically pass-through traffic on commonly secure ports (for
example, ssh, https, and smtps).
RBT-Proto. Specifies well-known ports used by the system: 7800-7801 (in-path),
7810 (out-of-path), 7820 (failover), 7850 (connection forwarding), 7860
(Interceptor appliance).
If you do not want to automatically forward these ports, click Remove Selected Rules
in the Optimization Service - In-Path Rules page.
For detailed information about how to configure port labels, see
Out-of-Path
Enable Out-of-Path Support. Specify this option to enable out-of-path support. You
enable out-of-path support on server-side HP EFS WAN Accelerators only.
NOTE: If you set up an out-of-path configuration with failover support, you must set
fixed target rules that specify the master and backup HP EFS WAN Accelerators. For
detailed information, see
“Setting In-Path Rules” on page 25
Connection Limit
Per Source IP Connection Limit. Check this box to limit half-opened connections on a
source IP address initiating connections (that is, the client machine). Set this feature to
block a source IP address that is opening multiple connections to invalid hosts or ports
simultaneously (for example, a virus or a port scanner). This feature does not prevent a
source IP address from connecting to valid hosts at a normal rate. Thus a source IP
address could have more established connections than the limit. The default value is
4096.
The appliance counts the number of half-opened connections for a source IP address
(connections that check if a server connection can be established before accepting the
client connection). If the count is above the limit, new connections from the source IP
address are passed through unoptimized.
NOTE: If you have a client connecting to valid hosts or ports at a very high rate, some of
its connections might be passed through even though all the connections are valid.
Control
Description