Default Policy Settings
  
Default Policy Settings
This appendix describes the default policy settings.
•  Default Policy Settings Summary
Default Policy Settings Summary
The following table summarizes the default settings for the initial default policy. For basic steps for deploying the Mobile Controller with the default policy and package, see Basic Steps for Deploying the SteelHead Mobile Package.
In most cases, the default policy does not need to be modified. However, if a Mobile Controller is on the public Internet, an unlicensed user can add the IP address of the Mobile Controller to his or her client controller list. The user will then receive the default acceleration policy associated with the Mobile Controller, and will consume a license when a connection is optimized.
Using a nondefault policy requires the user to know the policy name to specify in his or her endpoint policy— information that requires admin/monitor access. Therefore, if you have a Mobile Controller on the public Internet, Riverbed recommends that the default policy disable optimization.
The easiest way to disable optimization is to add an in-path rule that passes through all traffic. Although users can still connect to the Mobile Controller with a default policy that disables optimization, the user will not consume a license.
Parameter
Field or option
Default value
General Settings:
Policy Name
Initial
Description
None
Optimization Rules: In-Path Rule
Type
Auto Discover
Position
Start
Source Subnet
0.0.0.0/0
Destination Subnet
0.0.0.0/0
Port or Port Label
All
Preoptimization Policy
None
Optimization Policy
Normal
Latency Optimization Policy
Normal
Neural Framing Mode
Always
WAN Visibility Mode
Correct Addressing
Description
None
Protocol Settings: CIFS
Enable Latency Optimization
Enabled
Optimize Connections with Security Signatures (that do not require signing)
Enabled
Disable Write Optimization
Disabled
Enable Server Side Dynamic Write Throttling
Enabled
Buffer Size
2048 KB
Enable Overlapping Open Optimization
Disabled
Optimize Only the Following Extensions: sldasm, slddrw, slddwg, sldprt
Disabled
Optimize All Except the Following Extensions: ldb, mdb
Disabled
Protocol Settings: SMB2
Enable SMB2 Latency Optimization
Enabled
Do Not Optimize Connections that cannot be Down-Negotiated
Enabled
Enable SMB2 Latency Optimization on Connections that cannot be Down-Negotiated
Disabled
Protocol Settings: MAPI
Enable MAPI Optimization - Exchange Port
Enabled
Port 7830
Enable MAPI NSPI - NSPI Port
Disabled
Port 7840
Enable Encrypted Optimization
Disabled
Enable Outlook Anywhere Optimization
Disabled
Auto-Detect Outlook Anywhere Connections
Disabled
Protocol Settings: NFS (Mac clients only)
Enable NFS Optimization
Disabled
Protocol Settings: Oracle Forms
Enable Oracle Forms Optimization
Disabled
Protocol Settings: Lotus Notes
Enable Lotus Notes Optimization - Lotus Notes Port
Disabled
Port 1352
Protocol Settings: Citrix
Enable Citrix ICA Optimization
Disabled
ICA Port
Port 1494
Session Reliability (CGP) Port
Port 2598
Enable Secure ICA Encryption
Disabled
General Protocol Settings: Connection Settings
Maximum Connection Pooling Size
5
HTTP: Settings
Enable HTTP Optimization
Disabled
HTTP: Add New Prefetch Tag
Tag Name
None
Tag Attribute
None
HTTP: Add a Subnet
Server Subnet
None
Strip Compression
3.1.0 clients and newer
Enabled
Insert Cookie
3.1.0 clients and newer
Disabled
Insert Keep Alive
3.1.0 clients and newer
Disabled
URL Learning
Disabled
Parse and Prefetch
Disabled
Object Prefetch Table
Disabled
Reuse Auth
3.1.0 clients and newer
Disabled
Force NTLM
3.1.0 clients and newer
Disabled
Strip Auth Header
3.1.0 clients and newer
Disabled
Gratuitous 401
3.1.0 clients and newer
Disabled
SSL: General SSL Settings
Enable SSL Optimization
Disabled
SSL: Client Authentication
Enable Client Certificate Support
Disabled
SSL: SSL Secure Peering Settings
Traffic Type
SSL Only
Fallback to No Encryption
Enabled
SSL: SSL Peering
Trust All Pre-Configured Peering Certificates
Enabled
Trust Selected Peering Certificates
Disabled
Location Awareness
Enable Latency-based location awareness
Disabled
Latency Awareness
Enable Branch warming
Disabled
Adapters to Optimize: Add New Rule
Position
Start
Adapter
All Adapters
Optimize
Yes
Endpoint Settings: General Settings
Show Client in the System Tray
Enabled
Endpoint Settings: Data Store Settings
Data Store Size
10 GB
Endpoint Settings: Log Settings
Maximum Log Size
5000 KB
Maximum Number of Log Files
2
Endpoint Settings: Add a new Controller
Insert At
End
Hostname
Name of the current Mobile Controller.
Port
7870
Controller Options
Add a New Controller
Insert At - Select start, end, or a Mobile Controller number from the drop-down list. The default value is end.
Specify the order in which controllers connect with Mobile Controllers.
SteelHead Mobile clients connect according to the number you specify, starting with 1. If the system is unable to connect to 1 in the list, the system moves on to the next Mobile Controller in the list. For example, if the system is unable to connect to Mobile Controller 1, then Mobile Controller 2 is attempted. If Mobile Controller 2 is successful, no further Mobile Controllers in the list are attempted.
Hostname
Name of the current Mobile Controller.
Port
7870
Use Random Ordering of Controllers when Connecting
Disabled
Endpoint Settings: Windows-only Settings
Reorder Intermediate Drivers (Required for Check Point and Nortel VPN compatibility)
Disabled
Disable TCP/IP Checksum Offloading (Requires client reboot)
Disabled
The Initial policy contains the following pass-through rules to automatically pass through traffic that cannot be optimized. The three rules are:
•  Secure - For traffic on secure ports (for example, SSH, HTTPS, and SMTPS).
•  Interactive - For traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell).
•  RBT-Proto - Specifies well-known ports used by the system: 7744 (data store synchronization), 7800-7801 (in-path), 7810 (out-of-path), 7820 (failover), 7850 (connection forwarding), 7860 (SteelHead Interceptor), 7870 (Mobile Controller).