Setting In-Path Rules

Control	Description

Out-of-Path	Enable Out-of-Path Support. Specify this option to enable out-of-path support. You
	enable out-of-path support on server-side HP EFS WAN Accelerators only.
	NOTE: If you set up an out-of-path configuration with failover support, you must set
	fixed target rules that specify the master and backup HP EFS WAN Accelerators. For
	detailed information, see “Setting In-Path Rules” on page 25.

Connection Limit	Per Source IP Connection Limit. Check this box to limit half-opened connections on a
	source IP address initiating connections (that is, the client machine). Set this feature to
	block a source IP address that is opening multiple connections to invalid hosts or ports
	simultaneously (for example, a virus or a port scanner). This feature does not prevent a
	source IP address from connecting to valid hosts at a normal rate. Thus a source IP
	address could have more established connections than the limit. The default value is
	4096.
	The appliance counts the number of half-opened connections for a source IP address
	(connections that check if a server connection can be established before accepting the
	client connection). If the count is above the limit, new connections from the source IP
	address are passed through unoptimized.
	NOTE: If you have a client connecting to valid hosts or ports at a very high rate, some of
	its connections might be passed through even though all the connections are valid.

2 CONFIGURING THE HP EFS WAN ACCELERATOR

3.Click Apply to apply your settings to the running configuration. (Apply your settings to test a new configuration before saving them permanently.)

4.Click Save to save your settings permanently or click Reset to return the settings to their previous values.

You set in-path configuration rules in the Optimization Service - In-Path Rules page.

An in-path rule defines the policies for intercepting traffic on specified ports for optimization.

You can create rules that apply to a single port or to a port label. A port label is a name that you assign to a set of ports so that you can reduce the number of configuration rules in your system. The following port labels are created by default in your system:

Interactive. Automatically passes through traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell).

Secure. Automatically pass-through traffic on commonly secure ports (for example, ssh, https, and smtps).

RBT-Proto. Specifies well-known ports used by the system: 7800-7801(in-path), 7810 (out-of-path), 7820 (failover), 7850 (connection forwarding), 7860 (Interceptor appliance).

If you do not want to automatically forward these ports, click Remove Selected Rules in the Optimization Service - In-Path Rules page.

For detailed information about how to configure port labels, see “Creating Port Labels” on page 113.

HP STORAGEWORKS EFS WAN ACCELERATOR MANAGEMENT CONSOLE USER GUIDE

HP Enterprise File Services WAN Accelerator manual Setting In-Path Rules, 4096

Models: Enterprise File Services WAN Accelerator

Control

detailed information, see “Setting In-Path Rules” on page 25.

4096.

Setting In-Path Rules