rulenum <rule-number> | Specifies the rule number to edit: 1-N or start or end. |
srcaddr <ip-address> | Specifies the source subnet IP address and netmask. Use the format XXX.XXX.XXX.XXX/XX for IPv4 and X:X:X::X/XXX for IPv6. |
srcaddr all-ip | Specifies all IPv4 and all IPv6 addresses. This is the default. |
srcaddr all-ipv4 | Specifies all IPv4 addresses. |
srcaddr all-ipv6 | Specifies all IPv6 addresses. |
srcport <port> | Specifies a single port (number), a port label, or all to specify all ports. |
dst-domain <domain-label> | Specifies a destination domain label for this rule. You configure the domain label settings using the domain-label command. When you add a domain label to an existing in-path rule that is using all-ip, you must change the destination address to all-ipv4. Domain labels are only compatible with IPv4. Domain labels and cloud acceleration are mutually exclusive. To use cloud acceleration with domain labels, place the domain label rules lower than cloud acceleration rules in your rule list so the cloud rules match before the domain label rules. We recommend positioning domain label rules as the last in the list, so RiOS matches all previous rules before matching the domain label rule. We recommend using host labels as the destination IP address for a rule configured with domain labels. The host label limits the connections for the extra processing needed for the domain label check. If you rely on the default rule in the in-path rule set for optimization and would like to incorporate domain-label optimization, see the SteelHead Deployment Guide for best practices. Enter an empty string, represented by two quotation marks (""), to remove a domain label. |
dst-host <host-label> | Specifies a destination host label for this rule. You configure the host label settings using the host-label command. A destination IP address and host label cannot be specified in the same rule. A host label can be used instead of a destination IP address. Enter an empty string, represented by two quotation marks (""), to remove a host label. |
dstaddr <ip-address> | Specifies the destination subnet IP address and netmask. Use the format XXX.XXX.XXX.XXX/XX for IPv4 and X:X:X::X/XXX for IPv6. |
dstaddr all-ip | Specifies all IPv4 and all IPv6 addresses. This is the default. |
dstaddr all-ipv4 | Specifies all IPv4 addresses. |
dstaddr all-ipv6 | Specifies all IPv6 addresses. |
dstport <port> | Specifies a single port (number), a port label, or all to specify all ports. If you are using domain labels, specifying all defaults to ports 80 and 443 for optimization. |
protocol <protocol> | Specifies the protocol traffic to pass through: • tcp - Passes through TCPv4 and TCPv6 traffic. • udp - Passes through UDPv4 and UDPv6 traffic. • any - Passes through all TCP and UDP traffic. |
vlan <vlan-tag-id> | Specifies the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0 to 4094. Specify 0 to mark the link untagged. |
web-proxy <mode> | Specifies the web proxy optimization mode for this rule: • auto - Automatically directs all Internet-bound traffic destined to a public IP address on ports 80 and 443 through the web proxy. This is the default setting. An in-path cloud acceleration rule (cloud_accel <mode> option) for SaaS takes priority over a web proxy auto mode rule when they are configured together. Only IPv4 traffic is supported. • force - Forwards any IP address and port matching this rule to the web proxy service. This is a pass-through rule. No address in an SCA server list is web-proxied unless the web-proxy force mode is configured. • none - Does not direct traffic matching this rule through the web proxy service. Web proxy enables a client-side appliance with an autodiscovery or pass-through rule to use a single-ended web proxy to transparently intercept all traffic bound to the Internet. Enabling the web proxy improves performance by providing optimization services such as web object caching and SSL decryption to enable content caching and logging services. You can use host labels and domain labels to define more granular traffic with the web proxy service. |
description <description> | Specifies a description to facilitate communication about network administration. |
rule-enable true | Enables a pass-through in-path rule. |
rule-enable false | Disables a pass-through in-path rule. |