When are rules that include identity awareness access roles accelerated through
SecureXL?
A.
Rules using Identity Awareness are never accelerated.
B.
They have no bearing on whether the connection for the rule is accelerated.
C.
Only when ‘Unauthenticated Guests’ is included in the access role.
D.
Rules using Identity Awareness are always accelerated.
Using Identity Awareness in the Firewall Rule Base
In rules with access roles, you can add a property in the Action field to redirect traffic to the Captive Portal. If this property is added, when the source identity is unknown and traffic is HTTP, the user is redirected to the Captive Portal. If the source identity is known, the Action in the rule (Allow or Block) is enforced immediately and the user is not sent to the Captive Portal. After the system gets the credentials from the Captive Portal, it can examine the rule for the next connection.
In rules with access role objects, criteria matching works like this:
— When identity data for an IP is known:
– If it matches an access role, the rule is enforced and traffic is allowed or blacked based on the action.
– If it does not match an access role, it goes on to examine the next rule.
— When identity data for an IP is unknown and:
– All rule fields match besides the source field with an access role.
– The connection is http.
– The action is set to redirect to the Captive Portal.
– If all the conditions apply, the traffic is redirected to the Captive Portal to get credentials and see if there is a match. [You can only redirect http traffic to the Captive Portal.]
0
0