Engine Editor > Advanced Settings > Traffic Handling
Use this branch to change advanced parameters that control how the Secure SD-WAN Engine handles traffic.
Option | Definition |
---|---|
Layer 3 Connection Tracking Mode (Engines only) Connection Tracking Mode(IPS engines and Layer 2 Engines only) |
When connection tracking is enabled, reply packets are allowed as part of the allowed connection without an explicit Access rule. You can override this Secure SD-WAN Engine-specific setting and configure connection tracking for TCP, UDP, and ICMP traffic in Access rules.
|
Virtual Defragmenting
(Not Virtual Engines) (Not editable on IPS engines) |
When selected, fragmented packets are sent onwards using the same fragmentation as when they arrived at the Secure SD-WAN Engine. When the Secure SD-WAN Engine receives fragmented packets, it defragments the packets for inspection. The original fragments are queued until the inspection is finished. If the option is not selected, the packets are sent onwards as if they had arrived unfragmented. |
Strict TCP Mode for Deep Inspection
(Not Virtual Engines) |
This option is included for backward compatibility with legacy software versions. |
Concurrent Connection Limit
(Not Virtual Engines) |
A global limit for the number of open connections. When the set number of connections is reached, the Secure SD-WAN Engine stops the next connection attempts until a previously open connection is closed. |
Inspection CPU Balancing Mode (Not Virtual Engines) |
Specifies how inspected
connections are allocated between the CPUs. Select from the following options:
|
Active Wait Time Between Inspected Packets (Not Virtual Engines) |
Defines how long the inspection process stays active waiting for packets after it has inspected a packet.
|
Default Connection Termination in Access Policy
(IPS engines and Layer 2 Engines only) |
Defines how connections that match Access rules with the Discard action are handled.
|
Default Connection Termination in Inspection Policy | Defines how connections that match rules with the Terminate action in the Inspection Policy are handled.
|
Action When TCP Connection Does Not Start With a SYN Packet
(Not Master Engines) |
The Secure SD-WAN Engine refuses TCP connections if the TCP connection does not start with a SYN packet, even if the TCP connection
matches an Access rule with the Allow action. The Secure SD-WAN Engine does not send a TCP reset if the TCP connection begins with a
TCP reset packet.
|