When reflect-client-ip is enabled, the ProxySG is able to detect asymmetric routing for intercepted connections. New connections from the same source and destination IP pair are dynamically bypassed after asymmetric routing is detected (detection occurs on the first reset packet). The IP pairs are added to a table that contains the list of dynamically bypassed asymmetric routes.

 

To configure the maximum number of entries allowed in the asymmetric route bypass list, access the Command Line Interface on the ProxySG appliance and enter the configuration mode. Then enter the following commands:

#(config) asymmetric-route-bypass

#(config asymmetric-route-bypass) max-entries <number_of_entries>

 

Enter a value between 1 and 255. This will set maximum number of entries allowed in the asymmetric route bypass list.