Enable redirection to the original destination

Add the necessary Access rules to configure the redirection of unauthenticated HTTP or HTTPS connections from the status page to the destination that the user originally wanted to access.

Note: To redirect HTTPS traffic, you must enable TLS decryption for the traffic.

You must define the following IPv4 Access rules:

  • An Access rule that allows all clients to access destinations that do not require authentication.
  • An Access rule that allows authenticated users to establish HTTP or HTTPS connections.
  • An Access rule that redirects unauthenticated HTTP or HTTPS traffic to an Inspection rule.
  • An Access rule that refuses all HTTP or HTTPS traffic.

Using the HTTP_Request-with-redirect-capability Situation, you must also define the following IPv4 Inspection Exceptions in the Inspection Policy:

  • An Exception that permits all matching connections to access destinations that do not require authentication.
  • An Exception that permits authenticated users to establish HTTP connections.
  • An Exception that redirects unauthenticated HTTP traffic to the logon page using the original destination URL as a parameter in the redirection.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Open the Firewall Policy for editing, then add the following IPv4 Access rules:
    Table 1. Example Access rules for redirecting unauthenticated HTTP connections to the original HTTP destination
    Source Destination Service Action Authentication
    ANY IP addresses of services that do not require authentication.

    HTTP

    HTTPS

    Allow  
    ANY ANY

    HTTP

    HTTPS

    Allow Users/User Groups who are allowed to access services, and appropriate Authentication Methods.
    ANY IP addresses of network services that require authentication.

    HTTP

    HTTPS

    Allow

    Deep Inspection: on

     
    ANY ANY

    HTTP

    HTTPS

    Refuse  
    Note: Deep Inspection must be enabled in the Access rules for redirecting unauthenticated HTTP or HTTPS connections to the original destination. The redirection must be configured in the Inspection Policy using the HTTP_Request-with-redirect-capability Situation.
  2. Click Save.
  3. Open the Inspection Policy for editing.
  4. Add the following IPv4 Inspection Exceptions, then specify a User Response that redirects traffic terminated by the Inspection rules to the URL of the logon page and onwards to the original destination.
    Table 2. Example Inspection Exceptions for redirecting unauthenticated HTTP connections to the original HTTP destination
    Situation Severity Source Destination Protocol Action
    HTTP_Request-with-redirect-capability ANY ANY IP addresses of services that do not require authentication ANY Permit
    HTTP_Request-with-redirect-capability ANY Users/User Groups who are allowed to access services, and appropriate Authentication Methods. ANY ANY Permit
    HTTP_Request-with-redirect-capability ANY ANY ANY HTTP

    Terminate

    Response: redirect to the logon page, including the original URL as a parameter in the redirection

  5. Click Save and Install to transfer the changes to the engine.