Edge Security Acceleration:Add an application for TCP/UDP acceleration

Usage notes

• TCP/UDP acceleration is available only in Enterprise plans.

• If you set the edge port and origin server port to different port ranges, map the edge ports to the corresponding origin server ports and configure request forwarding rules. For example, if you set the edge port to 3000-4000 and the origin server port to 5000-6000, and configure port mapping, requests that are sent to port 3050 are forwarded to port 5050.

• The following table describes the edge ports and origin server ports supported for Secure Shell (SSH), Remote Desktop Protocol (RDP), and Minecraft applications.

  Type	Port
  SSH	22
  RDP	3389
  Minecraft	25565

• Domains for which TCP/UDP acceleration is enabled can defend against Tbit/s-scale DDoS attacks, except for the following domains:

  • Domains for which you have enabled the proxy protocol (PP)

  • Domains whose POP IP addresses are of the IPv6+IPv4 dual-stack type

  • Additional domains that exceed the maximum number of domains with DDoS protection capabilities in Enterprise plans

  Domains that do not support Tbit/s-scale DDoS protection are marked with the icon, and those supported ones are marked with the icon.

Procedure

1. In the left-side navigation pane, click Websites.

2. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

3. In the left-side navigation tree, click TCP/UDP.

4. Click Settings.

5. Click Add Application and configure parameters based on your business requirements.

   Parameter	Description
   Protocol	The protocol that your application uses at Layer 4. Valid values: TCP, UDP, HTTP, SSH, RDP, HTTPS, and Minecraft.
   Domain Name	The domain name or hostname that clients access. The system resolves the domain name to the IP address assigned by Edge Security Acceleration (ESA) for clients to access over the Layer 4 protocol.
   Edge IP Version	The type of the IP address provided for the hostname. The type of the IP address provided for the ESA POP. Valid values: IPv4 + IPv6 and IPv4 Only.
   Edge Port	The port or port range used by clients to access ESA. Examples: 8080 and 1000-2000. Ports ranging from 1 to 65535 are supported. If you specify a port range for this parameter, the number of ports included in the origin server port range and the edge port range must be the same.
   Origin Server	The IP address or domain name of the origin server from which ESA pulls content. You can specify an IP address, domain name, or address of an origin pool or load balancer.
   Origin Port	The port or port range of the origin server. Examples: 8080 and 1000-2000. Ports ranging from 1 to 65535 are supported. If you specify a port range for this parameter, the number of ports included in the origin server port range and the edge port range must be the same.
   Edge TLS Termination	This feature is supported only for TCP-based applications. After you enable this feature, Transport Layer Security (TLS) termination is automatically supported on POPs. You can also specify one of the following TLS validation modes: 1. Disable: Traffic to the origin is not SSL/TLS-encrypted. 2. Enable: Traffic to the origin is SSL/TLS-encrypted, without validation of the origin certificate. 3. Enable and Force Validation: Traffic to the origin is SSL/TLS-encrypted, with forcible validation of the origin certificate.
   Pass Client IP	The proxy protocol over which the originating IP addresses and port information of clients are passed to the origin server. If you enable Proxy Protocol, you can select TOA, PROXY Protocol v1 or, PROXY Protocol v2.

6. Click OK.

Feature availability