Configuring Rule-Based Redirection

Deciding how to configure HTTP Redirection depends on the type of traffic you are allowing and the default Access Control value you configure on the role. You must configure the policy rules in the following order:

  • Allow policies
  • Redirect policies (if using Rule-based Redirection)
  • Deny policies.
Allow Policies

You can configure five Allow policies or any combination of Allow and Deny policies on a single role. The following are ways to implement policy rules:

  • Allow All Policy.

    If you opt to allow all traffic. You only need one policy rule indicating that all traffic is allowed.

    Click to expand in new window
    Allow All Policy Configuration
    Graphics/allow_all_policy.png
  • Combination of Allow and Deny policies, allowing specific traffic.
    Click to expand in new window
    Policy Rules Configuration
    Graphics/Policy_Allow_Deny_Combo.png
  • Deny All Policy.

    When opting to deny all traffic, you must first configure the 5 Allow policies to gather the parameters that direct the client to the FFECP. First configure the specific Allow policies, then configure the Deny All policy.

    Click to expand in new window
    Deny All Policy Configuration
    Graphics/deny_all_policy.png
  • Redirect Policy
    • If Rule-based Redirection is enabled, configure at least one policy rule where the Access Control is set to HTTP Redirect.
    • If Rule-based Redirection is disabled, configure at least one policy rule where the Access Control is set to Deny.
    Note

    Note

    You cannot configure Captive Portal Redirection using IPv6 classifiers. While you can http to IPv6 websites, you cannot apply Captive Portal redirection to http [s] over IPv6 .

For more information on configuring policy rules, see Understanding the Filter Rule Definition Dialog in the User Guide.