Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-Advanced settings | 21.29 KB |
Advanced settings
Introduction
Bypass
The bypass feature disables the DPI engine so packets will not be processed by DPI. You can enable bypass when the CPU usage is high to guarantee device performance. By default, the DPI engine is enabled.
Activate
After you edit the policy and rule settings for DPI service modules, you must click Activate to validate the settings. The validation operation can cause temporary service disruptions. As a best practice, perform the operation after all DPI service policy and rule settings are complete.
DPI support for HA
Enable this feature on an HA system in dual-active mode for asymmetric-path traffic of DPI services to be processed correctly. This feature consumes system resources. As a best practice, enable this feature only when asymmetric-path traffic of DPI services exists.
Client IP identification
When a client uses a proxy to access servers, the value in the source IP address field will change. This feature enables the device to obtain the IP address of the originating client by inspecting specific fields of the request packets that have traveled through proxies.
Packet details
With this feature enabled, the device displays more HTTP packet details in WAF logs, including the response code in the response and the request header and body in the request.
Restrictions and guidelines
· When bypass is enabled, the system does not process received packets by DPI. DPI-based services might also be interrupted. For example, security policies cannot control access to applications.
· Activating configuration causes transient DPI service interruption. DPI-based services might also be interrupted. For example, security policies cannot control access to applications.
