Configuring the General Information of a DAF Policy
- Alex Mandel
Specify the following in the General tab:
State: Set the toggle switch to Enabled or Disabled.
Name: Create a name that does not exceed 64 characters in length. Use numbers, any special characters, uppercase and lowercase letters, and even spaces. Start and end a name with any character but not a space. Leading and trailing spaces will be trimmed off automatically.
Description: Enter a description that does not exceed 256 characters in length.
Log DAF violations: Enable this option to log DAF violations to the service logs and to drop all violation packets. For BloxOne Service Edge to drop packets, you must disable DAF learn-only mode.
DAF learn only mode: Enable this option to log all DAF violations without dropping violation packets. If you select this option, BloxOne Service Edge will log all DAF violations to the service log and will not drop any packets, even if you have selected the Log DAF violations option.
Route DAF violation: Enable this option to reroute traffic to a different destination when DAF violation happens. When you enable this, choose one of the following from the Egress drop-down menu:
Network Interface: Enter the network interface and the next hop to which you want to reroute the DAF traffic..
Tunnel Interface: From the drop-down list, choose the OSPF remote peer to which you want to route the DAF traffic.
Third Party Tunnel: Enter the IP address of the third-party tunnel, such as the zScaler VPN tunnel, to which you want to reroute the DAF traffic.
For information about monitoring DAF traffic, see Monitoring DAF Violations.
TRUSTED DNS SERVERS: Click Add and specify a valid IPv4 address.
Click Next.