Bulk Configuration of Airwall Edge Services

Configure certain settings in bulk for Airwall Edge Services or Airwall groups.

Supported Versions

Conductor 2.2.10 and later

Required Role
System Administrators, and Network administrators with permissions to change the selected Airwall Edge Services
Supported on these Airwall Edge Services
Provisioned and managed
CAUTION: For most options, bulk editing overwrites any existing values on the selected Airwall Edge Services. There are a few that you must specifically choose overwrite.

To configure Airwall Gateways in bulk

  1. On the Airwalls page, select the Airwall Edge Services or Airwall groups you want to configure.
  2. Select Airwall actions > Configure selected Airwalls.
  3. Select the options you want to change for all selected Airwall Edge Services. You can select all of the options you want first, and then fill them all in:
    Bulk edit options
  4. Fill in the values for the options you’ve chosen.
    Screenshot showing dialog with some options selected and some filled in
  5. For most options, bulk editing by default overwrites any existing values on the selected Airwall Edge Services. On options that do not automatically overwrite values, you have the option to overwrite. Check Overwrite if you want to also overwrite these option values.
  6. Select Update to apply the bulk configuration.

Bulk Edit Settings Descriptions

Here are descriptions for the Airwall Edge Service settings you can configure in bulk.

CAUTION: Most of these options overwrite the current setting on selected Airwall Edge Services. A few options (*starred) will not overwrite by default, and instead only apply the change if the setting is blank or has not been changed from the default. For these options, check Overwrite to overwrite these option values.
Note: If an option doesn’t apply to a particular Airwall Edge Service, it is ignored.

Basic

  • Location* – Physical location of the Airwall Edge Services.

Airwall agent/server

  • Overlay device IP (CIDR)* – Assign IPs to the selected Airwall Agents in order from the specified IP CIDR.

Reporting

Set reporting intervals. All of these settings default to 5 minutes:

  • Airwall traffic stats reporting interval – How often to report traffic stats to the Conductor. Traffic stats are shown on the page for each Airwall Edge Service under Reporting > Traffic stats.
  • Airwall tunnel stats reporting interval – How often to report tunnel stats. Tunnel stats are shown on the page for each Airwall Edge Service under Reporting > HIP tunnel stats.
  • Device activity reporting interval – How often to report device activity.
  • Health data reporting interval – How often to report health data. Health data is shown on the page for each Airwall Edge Service under Reporting > Health data.

Advanced

  • Auto-connect enabled – Enable to build secure tunnels between devices even if there is no traffic. Useful when devices are behind NAT. Default: Enabled
  • Conductor session renew timeout – Number of seconds before a Conductor session times out. Default: 120 seconds.
  • Inactive tunnels timeout – Number of seconds before an inactive tunnel is closed.
  • Max file transfer bandwidth – Limit the bandwidth used for large file downloads (such as firmware updates). Default: 1000 Kb/second.
  • Overlay path MTU – Maximum transmission unit (MTU) in bytes sent through the overlay. Must be between 1280 and 9022. Default: 1400 bytes.
  • Path MTU discovery enabled – Check to have the Airwall Edge Service adjust packet sizes if the intermediate routings only support limited maximum transmission unit (MTU) settings. Default: Disabled.
  • Preferred cipher suite – Select the cipher suite to use when encrypting traffic. Default: Use Global setting (set in Conductor Settings under Advanced > Global Airwall settings).
  • Relay probe interval – If enabled, the Airwall Gateway periodically sends probe packets to all of its relays and uses the closest relay when initiating secure tunnels. This option can reduce the amount of network traffic used to build new tunnels and allows auto-connect to be turned off. Default: 30 seconds.
  • Tunnel keep-alive timeout –Enable to have the Airwall send keep-alive packets to peer Airwalls to keep the tunnel from expiring if no device traffic is available. Default: 75 seconds.
  • Use compression – Turn on to have Airwall Edge Services compress encrypted traffic before sending. Default: Use Global setting (set in Conductor Settings under Advanced > Global Airwall settings).