srcaddr <ip-address> | Specifies the source subnet IP address and netmask. Use the format XXX.XXX.XXX.XXX/XX for IPv4 and X:X:X::X/XXX for IPv6. |
srcaddr all-ip | Specifies all IPv4 and all IPv6 addresses. This is the default. |
srcaddr all-ipv4 | Specifies all IPv4 addresses. |
srcaddr all-ipv6 | Specifies all IPv6 addresses. |
srcport <port> | Specifies a single port (number), a port label, or all to specify all ports. |
dstaddr <ip-address> | Specifies the destination subnet IP address and netmask. Use the format XXX.XXX.XXX.XXX/XX for IPv4 and X:X:X::X/XXX for IPv6. |
dstaddr all-ip | Specifies all IPv4 and all IPv6 addresses. This is the default. |
dstaddr all-ipv4 | Specifies all IPv4 addresses. |
dstaddr all-ipv6 | Specifies all IPv6 addresses. |
dstport <port> | Specifies a single port (number), a port label, or all to specify all ports. |
dst-domain <domain-label> | Specifies a destination domain label for this rule. You configure the domain label settings using the domain-label command. When you add a domain label to an existing in-path rule that is using all-ip, you must change the destination address to all-ipv4. Domain labels are only compatible with IPv4. Domain labels and cloud acceleration are mutually exclusive. To use cloud acceleration with domain labels, place the domain label rules lower than cloud acceleration rules in your rule list so the cloud rules match before the domain label rules. We recommend positioning domain label rules as the last in the list, so RiOS matches all previous rules before matching the domain label rule. We recommend using host labels as the destination IP address for a rule configured with domain labels. The host label limits the connections for the extra processing needed for the domain label check. If you rely on the default rule in the in-path rule set for optimization and would like to incorporate domain-label optimization, see the SteelHead Deployment Guide for best practices. Enter an empty string, represented by two quotation marks (""), to remove a domain label. |
dst-host <host-label> | Specifies a destination host label for this rule. You configure the host label settings using the host-label command. A destination IP address and host label cannot be specified in the same rule. A host label can be used instead of a destination IP address. Enter an empty string, represented by two quotation marks (""), to remove a host label. |
protocol <protocol> | Specifies the protocol traffic to pass through: • tcp - Passes through TCPv4 and TCPv6 traffic. • udp -Passes through UDPv4 and UDPv6 traffic. • any - Passes through all TCP and UDP traffic. |
vlan <vlan-tag-id> | Specifies the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0 to 4094. Specify 0 to mark the link untagged. |
cloud-accel <mode> | Specifies a cloud-acceleration action mode for this rule. After you subscribe to a SaaS platform and enable it, ensure that cloud acceleration is ready and enabled. If cloud acceleration is enabled, then by default, connections to the subscribed SaaS platform will be optimized by the SteelHead SaaS. You do not need to add an in-path rule unless you want to optimize specific users and not others. Then, select one of these modes: • auto - If the in-path rule matches, the connection is optimized by the SCA connection. • passthru - If the in-path rule matches, the connection is not optimized by the SteelHead SaaS, but it follows the rule’s other parameters so that the connection might be optimized by this SteelHead with other SteelHeads in the network, or it might be passed through. |
web-proxy <mode> | Specifies the web proxy optimization mode for this rule: • auto - Automatically directs all Internet-bound traffic destined to a public IP address on ports 80 and 443 through the web proxy. This is the default setting. An in-path cloud acceleration rule (cloud_accel <mode> option) for SaaS takes priority over a web proxy auto mode rule when they are configured together. Only IPv4 addressing is supported. • force - Forwards any IP address and port matching this rule to the web proxy service. This is a pass-through rule. No address in an SCA server list is web-proxied unless the web-proxy force mode is configured. • none - Does not direct traffic matching this rule through the web proxy service. Web proxy enables a client-side appliance with an autodiscovery or pass-through rule to use a single-ended web proxy to transparently intercept all traffic bound to the Internet. Enabling the web proxy improves performance by providing optimization services such as web object caching and SSL decryption to enable content caching and logging services. You can use host labels and domain labels to define more granular traffic with the web proxy service. |
description <description> | Specifies a description to facilitate communication about network administration. |
rule-enable true | Enables the rule. |
rule-enable false | Disables the rule. |
rulenum <rule-number> | Specifies the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be 3, the old rule 3 will become 4, and subsequent rules will also move down the list. Specify start for the rule to be the first rule and end for the rule to be the last rule. If you do not specify a rule number, the rule is added to the end of the list. |
email-notify {yes | no} | Specifies whether an email reminder is needed for a pass-through rule. Choose one of the following: • yes - Sends email reminders every 15 days (the default) or at a frequency you specify (by using the email notify passthrough rule notify-timer command). • no - Does not send email reminders. The email reminders are sent to the addresses shown in the event email recipients field of the show email command. |