Skip to content

tunnel global

The following operations can be performed on "tunnel global":

bind| unbind| show

bind tunnel global

p{white-space: pre-wrap;}

Activates an existing tunnel traffic policy globally.

Synopsys

bind tunnel global (<policyName> [-priority <positive_integer>] [-gotoPriorityExpression <expression>]) [-state ( ENABLED | DISABLED )] [-type <type>]

Arguments

policyName

Name of the tunnel traffic policy to activate or bind.

priority

Integer specifying the policy's priority. The lower the number, the higher the priority. Policies are evaluated in the order of their priority numbers.

Minimum value: 0

Maximum value: 2147483647

gotoPriorityExpression

Expression or other value specifying the next policy to evaluate if the current policy evaluates to TRUE. Specify one of the following values:

  • NEXT - Evaluate the policy with the next higher priority number.

  • END - End policy evaluation.

  • USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy l

abel performs a NEXT.

  • An expression that evaluates to a number.

If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows:

  • If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next.

  • If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next.

  • If the expression evaluates to a number that is larger than the largest numbered priority, policy evaluation ends.

An UNDEF event is triggered if:

  • The expression is invalid.

  • The expression evaluates to a priority number that is smaller than the current policy's priority number.

  • The expression evaluates to a priority number that is between the current policy's priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression ev

aluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.

state

Current state of the binding. If the binding is enabled, the policy is active.

Possible values: ENABLED, DISABLED

Default value: ENABLED

type

Global bind point, specifying where to bind the policy. This is relevant for advanced (default-syntax) policies only.

Possible values: REQ_OVERRIDE, REQ_DEFAULT, RES_OVERRIDE, RES_DEFAULT, NONE

Default value: NONE

Example

add tunnel trafficpolicy cmp_all_destport "REQ.TCP.DESTPORT == 0-65535" GZIP

After creating above tunnel policy, it can be activated by binding it globally: bind tunnel global cmp_all_destport

After binding cmp_all_destport compression policy globally, the policy gets activated and the Citrix ADC will compress all TCP traffic accessed through ssl-vpn tunnel.

Globally active tunnel policies can be seen using command: > show tunnel global 1 Globally Active Tunnel Policies: 1) Policy Name: cmp_all_destport Priority: 0 Done

unbind tunnel global

p{white-space: pre-wrap;}

Deactivates an active tunnel traffic policy.

Synopsys

unbind tunnel global <policyName> [-type <type>] [-priority <positive_integer>]

Arguments

policyName

Name of the tunnel traffic policy to unbind or deactivate.

type

Bind point, specifying from where to unbind the policy. Applicable only to advanced (default-syntax) policies.

Possible values: REQ_OVERRIDE, REQ_DEFAULT, RES_OVERRIDE, RES_DEFAULT, NONE

priority

Priority of the policy to be unbound.

Minimum value: 1

Maximum value: 2147483647

Example

Globally active tunnel policies can be seen using command: > show tunnel global 1 Globally Active Tunnel Policies: 1) Policy Name: cmp_all_destport Priority: 0 Done

The globally active tunnel traffic policy can be deactivated on the Citrix ADC system by issuing the command: unbind tunnel global cmp_all_destport

show tunnel global

p{white-space: pre-wrap;}

Displays globally active tunnel policies.

Synopsys

show tunnel global [-type <type>]

Arguments

type

Bind point to which the policy is bound.

Possible values: REQ_OVERRIDE, REQ_DEFAULT, RES_OVERRIDE, RES_DEFAULT

Outputs

policyName

Policy name.

priority

Priority.

gotoPriorityExpression

Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

state

Current state of the binding. If the binding is enabled, the policy is active.

numpol

The number of policies bound to the bindpoint.

builtin

Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

feature

The feature to be checked while applying this config

stateflag

policyType

Policy type (Classic/Advanced) to be bound.Used for display.

globalBindType

devno

count

Example

> sh tunnel global 1) Policy Name: cmp_all_destport Priority: 0 2) Policy Name: local_sub_nocmp Priority: 500 Done