Add the necessary Access rules to configure the redirection of unauthenticated HTTP or HTTPS connections from the status page to the destination that the user originally wanted to access.
Note: To redirect HTTPS traffic, you must enable TLS decryption for the traffic.
You must define the following IPv4 Access rules:
- An Access rule that allows all clients to access destinations that do not require authentication.
- An Access rule that allows authenticated users to establish HTTP or HTTPS connections.
- An Access rule that redirects unauthenticated HTTP or HTTPS traffic to an Inspection rule.
- An Access rule that refuses all HTTP or HTTPS traffic.
Using the HTTP_Request-with-redirect-capability Situation, you must also define the following IPv4 Inspection Exceptions in the Inspection Policy:
- An Exception that permits all matching connections to access destinations that do not require authentication.
- An Exception that permits authenticated users to establish HTTP connections.
- An Exception that redirects unauthenticated HTTP traffic to the logon page using the original destination URL as a parameter in the redirection.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
Open the Firewall Policy for editing, then add the following IPv4 Access rules:
Table 1. Example Access rules for redirecting unauthenticated HTTP connections to the original HTTP destination
Source |
Destination |
Service |
Action |
Authentication |
ANY |
IP addresses of services that do not require authentication. |
HTTP
HTTPS
|
Allow |
|
ANY |
ANY |
HTTP
HTTPS
|
Allow |
Users/User Groups who are allowed to access services, and appropriate Authentication
Methods. |
ANY |
IP addresses of network services that require authentication. |
HTTP
HTTPS
|
Allow
Deep Inspection: on
|
|
ANY |
ANY |
HTTP
HTTPS
|
Refuse |
|
Note: Deep Inspection must be enabled in the Access rules for redirecting unauthenticated HTTP or HTTPS connections to the original destination. The redirection must be configured in the
Inspection Policy using the HTTP_Request-with-redirect-capability Situation.
-
Click Save.
-
Open the Inspection Policy for editing.
-
Add the following IPv4 Inspection Exceptions, then specify a User Response that redirects traffic terminated by the Inspection rules to the URL of the logon page and onwards to
the original destination.
Table 2. Example Inspection Exceptions for redirecting unauthenticated HTTP connections to the original HTTP destination
Situation |
Severity |
Source |
Destination |
Protocol |
Action |
HTTP_Request-with-redirect-capability |
ANY |
ANY |
IP addresses of services that do not require authentication |
ANY |
Permit |
HTTP_Request-with-redirect-capability |
ANY |
Users/User Groups who are allowed to access services, and appropriate Authentication Methods. |
ANY |
ANY |
Permit |
HTTP_Request-with-redirect-capability |
ANY |
ANY |
ANY |
HTTP |
Terminate
Response: redirect to the logon page, including the original URL as a parameter in the redirection
|
-
Click Save and
Install to transfer the changes to the engine.