This section describes how to configure Captive portal rules. You configure them at the users captive-portal level. For more details on the command structure, see Configuring Rules Using UPL.
Captive portal rule parameters:
Parameter |
Description |
---|---|
OK PASS |
Actions for a Captive portal rule:
|
enabled |
Enable/disable a rule:
|
name |
The name of the captive portal rule. Example: name("Captive rule example"). |
desc |
A description of the captive portal rule. Example rule specification: desc("Captive portal rule example set via CLI"). |
profile |
When using the Captive portal authentication, specify the Captive profile. Example: profile("Example Captive profile"). For more details about creating and configuring Captive profiles, see Configuring Captive Profiles. |
rule_log |
Enable/disable logging when a rule was triggered:
If this parameter is not specified, logging is disabled. |
src.zone |
Source zone To specify a source zone, such as Trusted: src.zone = Trusted. For more details about how to configure zones using CLI, see the Zones section. |
src.ip |
Add source IP address or domain lists. To specify a list of IP addresses: src.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section. To specify a source domain list: src.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section. |
src.geoip |
Source GeoIP. Specify a country code (for example, src.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! The maximum number of GeoIPs that can be specified is limited to 15. |
dst.zone |
Traffic destination zone. To specify a destination zone, such as Untrusted: dst.zone = Untrusted. For more details about how to configure zones using CLI, see the Zones section. |
dst.ip |
Add lists of destination IP addresses or domains. To specify a list of IP addresses: dst.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section. To specify a destination domain list: dst.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section. |
dst.geoip |
To specify a destination GeoIP, it is necessary to specify a country code (for example, dst.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! The maximum number of GeoIPs that can be specified is limited to 15. |
category |
Lists of categories and URL filtering categories for which the rule will be applied. You need to have the appropriate license for URL filtering. To specify a URL category list: category = lib.category(). Specify the URL category list name in parentheses. For more details about how to create and configure URL categories using CLI, see Configuring URL Categories. To specify a URL category: category = "URL category name". |
url |
The URL lists to which the rule will be applied. To specify a URL list: url = lib.url(). Specify a URL list name in parentheses. |
time |
Set a schedule for a rule. To set a schedule: time = lib.time(). Specify a time set group name in parentheses. For more details on configuring time sets, see Configuring time sets. |
Example of creating and adding a captive portal rule using UPL:
Admin@nodename# create users captive-portal 1 upl-rule OK \ ...profile("New captive profile") \ ...rule_log(true) \ ...name("Captive portal rule new") \ ... Admin@nodename# show users captive-portal 1 % ----------------- 1 ----------------- OK \ rule_log(yes) \ profile("New captive profile") \ enabled(false) \ id("676df2b1-03e9-42b2-8375-0b8f78c4c47c") \ name("Captive portal rule new") Admin@nodename# set users captive-portal 1 upl-rule OK \ ...src.zone = Trusted \ ...dst.zone = Untrusted ... Admin@nodename# show users captive-portal 1 % ----------------- 1 ----------------- OK \ src.zone = Trusted \ dst.zone = Untrusted \ rule_log(yes) \ profile("New captive profile") \ enabled(false) \ id("676df2b1-03e9-42b2-8375-0b8f78c4c47c") \ name("Captive portal rule new")