F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager: Network Access
  3. Creating Optimized Application Tunnels
Manual Chapter : Creating Optimized Application Tunnels

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.1, 16.0.0
Manual Chapter

Creating Optimized Application Tunnels

What is an optimized application?

An
optimized application
 is a set of compression characteristics that are applied to traffic flowing from the network access client to a specific IP address, network, or host, on a specified port or range of ports. An optimized tunnel provides a TCP Layer 4 connection to an application. You can configure optimized applications separately from the standard TCP Layer 3 network access tunnel specified on the
Network Settings
 page.
Optimized application tunnels are supported only for Windows client systems, and require administrative rights on the client system to install.
Optimized application tunnels take precedence over standard network access tunnels, so for specified destinations, an optimized connection is established, whether the network access tunnel is enabled or not. In cases where optimized application tunnels have overlapping addresses or ranges, tunnels are prioritized in the following order:
  • An address definition with a more specific network mask takes precedence.
  • An address definition with a scope defined by a more specific subnet takes precedence.
  • A tunnel defined by a host name takes precedence over a tunnel defined by an IP address.
  • A tunnel defined by a host name takes precedence over a tunnel defined by a host name with a wildcard. For example,
    web.siterequest.com
     takes precedence over
    *.siterequest.com
    .
  • A tunnel defined by a host name with a wildcard takes precedence over a tunnel defined by a network address. For example,
    *.siterequest.com
     takes precedence over
    1.2.3.4/16
    .
  • For equivalent tunnels with different port ranges, the tunnel with a smaller port range takes precedence. For example,
    web.siterequest.com:21-22
     takes precedence over
    web.siterequest.com:21-30
    .

Configuring an optimized application on a network access tunnel

You must create a Network Access resource, or open an existing resource, before you can perform this task.
You can configure the description of a network access resource with network access properties.
  1. On the Main tab, click
    Access
    Connectivity / VPN
    Network Access (VPN)
    Network Access Lists
    .
    The Network Access Lists screen opens.
  2. Click the name to select a network access resource on the Resource List.
    The Network Access editing screen opens.
  3. To configure optimization for a host with the network access resource, click
    Optimization
     on the menu bar.
  4. Click
    Add
     to add a new optimized application configuration.
  5. Configure the destination and port settings, and any required optimization characteristics.
  6. Click
    Finished
    .
    The optimized application configuration is added to the network access resource.
  7. Click the
    Update
     button.
    Your changes are saved and the page refreshes.

Optimized application settings

Use the following settings to configure an optimized application.
Setting
Value
Description
Optimized Application
Basic/Advanced
Select
Basic
 to show only destination and port settings, and
Advanced
 to show optimization settings for the application destination.
Destination Type: Host Name
Fully qualified domain name (FQDN)
Select this option to apply optimization to a specific named host. Specify a fully qualified domain name (FQDN) for the destination.
Destination Type: IP Address
IP Address
Select this option to apply optimization to a host at a specific IP address. Specify an IP address for the destination. This can be an IPv4 or IPv6 address.
Destination Network
Network IP address and network mask
Select this option to apply optimization to a network. Specify a network IP address and subnet mask for the destination. This can be an IPv4 or IPv6 address.
Port(s)
Specific numeric port, list selection, or port range
You can specify a single port on which to optimize traffic, or select
Port Range
 to specify an inclusive range. If you optimize traffic on a single port, you can type a port number, or you can select an application from the list of common applications to add the appropriate port, for example, FTP.
Deflate
Enabled/Disabled
Enable or disable Deflate compression. Deflate compression uses the least CPU resources, but compresses the least effectively.
LZO
Enabled/Disabled
Enable or disable LZO compression. LZO compression offers a balance between CPU resources and compression ratio, compressing more than Deflate compression, but with less CPU resources than Bzip2.
Bzip2
Enabled/Disabled
Enable or disable bzip2 compression. Bzip2 compression uses the most CPU resources, but compresses the most effectively.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information