Peering rules are used in complex networks to configure peering connections based on various factors. While the default peering rules are sufficient for typical setups like in-path configurations, custom peering rules may be needed for more complex networks.

We recommend using in-path rules to optimize SSL connections on destination ports other than 443.

Peering rules control how the appliance responds to probe queries from other appliances. The appliance evaluates incoming SYN packets against rules based on fields like subnet, IP address, port, and peer relationship. Rules are applied in numerical order, starting with rule 1. If a rule matches, it is applied, and the appliance does not evaluate further rules. If a rule doesn't match, the appliance moves to the next rule. The type of rule determines the action taken on the connection.

Default peering rule number 1, with the SSL incapable flag, applies to any SSL connection with an IP address and port listed in the appliance's bypass list. The bypass list includes SSL servers that the appliance bypasses due to certificate issues or SSL handshake failures. Any subsequent connections to these IP addresses and ports will match rule number 1.

Default peering rule number 2, with the SSL capable flag, applies to SSL connections on port 443 that didn't match rule number 1. The appliance attempts to discover certificate matches and performs SSL acceleration and enhanced autodiscovery for these connections.