Configuration Mode Commands : SteelCentral Controller for SteelHead Mobile Commands : Policy Commands : policy id in-path rule auto-discover
  
policy id in-path rule auto-discover
Adds an auto-discovery rule to a policy.
Syntax
policy id <id> in-path rule auto-discover [srcaddr <subnet>] [dstaddr <subnet>] [dstport <port>] [optimization {normal | sdr-only | sdr-m |compr-only | none}] [preoptimization {ssl | none}] [latency-opt {citrix | http | outlook-anywhr |normal | none}] [neural-mode {always | dynamic | never | tcphints}] [wan-visibility {correct | port | full {wan-vis-opt fwd-reset | none}] [description <description>] [rulenum <rule-number>]
Parameters
<id>
Policy ID number.
srcaddr <subnet>
Specifies the source subnet, in the format XXX.XXX.XXX.XXX/XX.
dstaddr <subnet> dstport <port>
Specifies the destination subnet and port.
For the subnet address, use the format XXX.XXX.XXX.XXX/XX.
For the port, you can specify a single port (number), a port label, or all to specify all ports.
optimization <policy>
Specifies an optimization policy:
•  normal - The normal optimization policy is the default. The normal process performs LZ compression and SDR.
•  sdr-only - Specify this option to turn off LZ compression.
•  sdr-m - Performs data reduction entirely in memory, which prevents the SteelHead Mobile from reading and writing to and from the disk. Enabling this option can yield high LAN-side throughput, because it eliminates all disk latency.
•  compr-only - Specify this option to turn off SDR but perform LZ compression.
•  none - Specify this option to turn off LZ compression and SDR.
preoptimization <policy>
Specifies a preoptimization policy:
•  ssl - Enables SSL preoptimization processing for traffic via SSL secure ports.
•  oracle-forms - Enables preoptimization processing for the Oracle Forms browser plug-in.
•  oracle-forms+ssl - Enables preoptimization processing for both the Oracle Forms browser plug-in and SSL encrypted traffic through SSL secure ports on the client-side SteelHead Mobile.
•  none - Preoptimization processing is set to none by default. If SSL or Oracle Forms preoptimization processing is turned on and you want to turn it off for a port, specify none.
latency-opt <policy>
Specifies a latency-optimization policy:
•  citrix - Always use Citrix optimization on connections matching this rule. Citrix optimizations are ICA/CGP over SSL optimizations. For Citrix latency optimization to work, set the preoptimization policy to the preoptimization ssl option.
•  http - Performs HTTP optimization on connections matching this rule.
•  normal - Performs HTTP optimization on ports 80, 8080, and (with SSL preoptimization) 443. This is the default setting.
•  outlook-anywhr - Always use Outlook-Anywhere optimization on the connection.
•  none - Do not perform latency optimization on connections matching this rule.
neural-mode <mode>
Enables neural framing in the SteelHead Mobile. Enabling neural framing makes your WAN more efficient by gathering data to select the optimal packet framing boundaries for SDR.
If you specify a neural mode, your network experiences a trade-off between the compression and SDR performance, and the latency added to the connection. For different types of traffic, one algorithm might be better than others.
Specify one of the following modes:
•  always - Always use the Nagle algorithm. This is the default setting (always wait 6 ms). All data is passed to the codec, which attempts to coalesce consume calls (if needed) to achieve better fingerprinting. A timer (6 ms) backs it up and causes leftover data to be consumed. Neural heuristics are computed in this mode but are not used.
•  dynamic - Dynamically adjust the Nagle parameters. The SteelHead Mobile picks the best algorithm to use by learning which algorithm is best and adapting if the traffic characteristic changes.
•  never - Never use the Nagle algorithm. All the data is immediately encoded without waiting for timers to fire or application buffers to fill past a specified threshold. Neural heuristics are computed in this mode but are not used.
•  tcphints - Bases the setting on TCP hints. If data is received from a partial frame packet or a packet with the TCP PUSH flag set, the encoder encodes the data instead of immediately coalescing it. Neural heuristics are computed in this mode but are not used.
To configure neural framing for an FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. To configure neural framing for a MAPI connection, define an in-path rule with the destination port 7830 and set its optimization policy.
wan-visibility {correct | port |full [wan-vis-opt fwd-reset | none]}
Enables WAN visibility, which pertains to how packets traversing the WAN are addressed. There are three types of WAN visibility modes: correct addressing, port transparency, and full address transparency.
You configure WAN visibility on the client-side SteelHead Mobile (where the connection is initiated). The server-side SteelHead must also support WAN visibility.
•  correct - Turns off WAN visibility. Correct addressing uses SteelHead Mobile IP addresses and port numbers in the TCP/IP packet header fields for optimized traffic in both directions across the WAN. This is the default setting.
•  port - Enables port address transparency, which preserves your server port numbers in the TCP/IP header fields, for optimized traffic in both directions across the WAN. Traffic is optimized, while the server port number in the TCP/IP header field appears to be unchanged. Routers and network monitoring devices deployed in the WAN segment between the communicating SteelHead Mobiles can view these preserved fields.
Use port transparency if you want to manage and enforce QoS policies that are based on destination ports. If your WAN router is following traffic classification rules written in terms of client and network addresses, port transparency enables your routers to use existing rules to classify the traffic without any changes.
Port transparency enables network analyzers deployed within the WAN to monitor network activity and to capture statistics for reporting by inspecting traffic according to its original TCP port number.
Port transparency does not require dedicated port configurations on your SteelHead Mobiles.
Note: Port transparency provides only server port visibility. It does not provide client and server IP address visibility, nor does it provide client port visibility.
•  full - Preserves your client and server IP addresses and port numbers in the TCP/IP header fields for optimized traffic, in both directions across the WAN. It also preserves VLAN tags. Traffic is optimized, while these TCP/IP header fields appear to be unchanged. Routers and network monitoring devices deployed in the WAN segment between the communicating SteelHead Mobiles can view these preserved fields.
If both port transparency and full address transparency are acceptable solutions, port transparency is preferable. Port transparency avoids potential networking risks that are inherent to enabling full address transparency. For details, see the SteelHead Deployment Guide.
However, if you must see your client or server IP addresses across the WAN, full transparency is your only configuration option.
description <description>
Specifies a description of the rule.
rulenum <rule-number>
Specifies the order in which the rule is consulted: 1-N or start or end.
The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 becomes #4, and subsequent rules, if any, also move down the list.
Specify start for the rule to be the first rule and end for the rule to be the last rule.
If you do not specify a rule number, the rule is added to the end of the list.
Usage
For detailed information about in-path rules, see the SteelHead Management Console User’s Guide.
Example
amnesiac (config) # policy id 1 in-path rule auto-discover srcaddr 10.10.10.1/24 port 2121 dstaddr 10.24.24.24.1/24 rulenum 2
Product
Mobile Controller
Related Commands
show policy id