Configuring Intelligent Application Bypass

Caution

Not all deployments require IAB, and those that do might use it in a limited fashion. Do not enable IAB unless you have expert knowledge of your network traffic, especially application traffic, and system performance, including the causes of predictable performance issues. Before you run IAB in bypass mode, make sure that trusting the specified traffic does not expose you to risk.

Before you begin

For Classic devices, you must have the Control license.

Procedure

Step 1

In the access control policy editor, click Advanced Settings from the More drop-down arrow at the end of the packet flow line. Then, click Edit (edit icon) next to Intelligent Application Bypass Settings.

Step 2

Configure IAB options:

  • State—Turn IAB Off or On, or enable IAB in Test mode.
  • Performance Sample Interval—Enter the time in seconds between IAB performance-sampling scans. If you enable IAB, even in test mode, enter a non-zero value. Entering 0 disables IAB.
  • Bypassable Applications and Filters—Choose from:

    • Click the number of bypassed applications and filters and specify the applications whose traffic you want to bypass; see Configuring Application Conditions and Filters.

    • Click All applications including unidentified applications so that, when an inspection performance threshold is exceeded, IAB trusts all traffic that exceeds any flow bypass threshold, regardless of the application type.

  • Inspection Performance Thresholds—Click Configure and enter at least one threshold value.
  • Flow Bypass Thresholds—Click Configure and enter at least one threshold value.

You must specify at least one inspection performance threshold and one flow bypass threshold; both must be exceeded for IAB to trust traffic. If you enter more than one threshold of each type, only one of each type must be exceeded. For detailed information, see IAB Options.

Step 3

Click OK to save IAB settings.

Step 4

Click Save to save the policy.

What to do next