Add the necessary Access rules to configure the redirection of unauthenticated HTTP or HTTPS connections from the status page to the destination that the user originally wanted to access.
Note: To redirect HTTPS traffic, you must enable TLS decryption for the traffic.
You must define the following IPv4 or IPv6 Access rules:
- An Access rule that allows all clients to access destinations that do not require authentication.
- An Access rule that allows authenticated users to establish HTTP or HTTPS connections.
- An Access rule that redirects unauthenticated HTTP or HTTPS traffic to an Inspection rule.
- An Access rule that refuses all HTTP or HTTPS traffic.
Using the HTTP_Request-with-redirect-capability Situation, you must also define the following Inspection Exceptions in the Inspection Policy:
- An Exception that permits all matching connections to access destinations that do not require authentication.
- An Exception that permits authenticated users to establish HTTP connections.
- An Exception that redirects unauthenticated HTTP traffic to the logon page using the original destination URL as a parameter in the redirection.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Select
Configuration.
-
Browse to .
-
Open the Firewall Policy for editing, then add the following Access rules:
Table 1. Example Access rules for redirecting unauthenticated HTTP connections to the original HTTP destination
| Source |
Destination |
Service |
Action |
Authentication |
| ANY |
IP addresses of services that do not require authentication. |
HTTP
HTTPS
|
Allow |
|
| ANY |
ANY |
HTTP
HTTPS
|
Allow |
Users/User Groups who are allowed to access services, and appropriate Authentication Methods. |
| ANY |
IP addresses of network services that require authentication. |
HTTP
HTTPS
|
Allow
Deep Inspection: on
|
|
| ANY |
ANY |
HTTP
HTTPS
|
Refuse |
|
Note: Deep Inspection must be enabled in the Access rules for redirecting unauthenticated HTTP or HTTPS connections to the original destination. The redirection must be configured
in the Inspection Policy using the HTTP_Request-with-redirect-capability Situation.
-
Click
Save.
-
Open the Inspection Policy for editing.
-
Add the following Inspection Exceptions, then specify a User Response that redirects traffic terminated by the Inspection rules to the URL of the logon page and onwards to the
original destination.
Table 2. Example Inspection Exceptions for redirecting unauthenticated HTTP connections to the original HTTP destination
| Situation |
Severity |
Source |
Destination |
Protocol |
Action |
| HTTP_Request-with-redirect-capability |
ANY |
ANY |
IP addresses of services that do not require authentication |
ANY |
Permit |
| HTTP_Request-with-redirect-capability |
ANY |
Users/User Groups who are allowed to access services, and appropriate Authentication Methods. |
ANY |
ANY |
Permit |
| HTTP_Request-with-redirect-capability |
ANY |
ANY |
ANY |
HTTP |
Terminate
Response: redirect to the logon page, including the original URL as a parameter in the redirection
|
-
Click
Save and Install.