The Route Policy specifies where to direct flows.
By default, the Route Policy auto-optimizes all unicast IP traffic, automatically directing flows to the appropriate tunnel. Auto-optimization strategies reduce the need to create explicit route map entries for optimization.
The three strategies that auto-optimization uses are subnet sharing, TCP-based auto-opt, and IP-based auto-opt.
|
n
|
Subnet sharing is the appliance’s first choice for auto-optimization. When subnet sharing is disabled, the appliance defaults to using TCP-based auto-opt and IP-based auto-opt (as a shortcut, this document may refer to it as TCP/IP-based auto-optimization).
|
|
n
|
When might you choose to disable subnet sharing? If your network has numerous non-local LAN-side routers, you would need to manually enter each one into the appliance’s subnet table. With TCP-based or IP-based auto-opt, this is unnecessary; however, if your appliance is not deployed in-line, you would need to configure inbound redirection using either Policy-Based Routing (PBR), Filter-Based Forwarding (FBF), or Web Cache Communication Protocol (WCCP).
|
For a discussion of when you need inbound and outbound redirection, see “Determining the Need for Traffic Redirection”.|
n
|
Auto-optimization uses different mechanisms for TCP versus non-TCP traffic. Because both mechanisms ultimately require an exchange of packets between two appliances, unidirectional IP traffic will not trigger auto-optimization.
|
|
n
|
Auto-opt may not work with a firewall in the path. Some firewalls may be configured to strip out or block the TCP options in the initial SYN packet, which will break auto-optimization. Subnet sharing does not use the TCP options field, and thus avoids this issue. Therefore, use of subnet sharing is a recommended best practice.
|
|
n
|
You can, if you choose, modify the default entry’s SET action of auto-optimized.
|
|
•
|
You can, however, choose to forego auto-optimization and create any and all route policies manually.
Note 
IMPORTANT — A tunnel must exist before subnet sharing can proceed.
IMPORTANT — A tunnel must exist before subnet sharing can proceed. |
n
|
If you enable auto-tunnel on the Configuration - System page, then the initial TCP-based or IP-based handshaking creates the tunnel. That requires outbound and inbound redirection to be in place.
|
|
n
|
You can let the Initial Configuration Wizard create the tunnel to the remote appliance.
|
|
n
|
You can create a tunnel manually on the Configuration - Tunnels page.
|
