Redirection Policies and Role

The following procedure describes how to configure the redirection policies and user role.

1.To configure user roles to redirect the required traffic to the server(s), in theManaged Networknode hierarchy, navigate to theConfiguration > Roles & Policies > Rolestab.

2.Click+to create a new user role.

3.Enterguestfor Role Name.

4.ClickSubmit.

5.Selectguest的角色。

6.ClickShow Advanced View.

7.Click+inRoles > guesttable.

8.Click波利奇iestab. Click+to create a new policy.

9.In theAdd Policypop-up, select theCreate a new policyoption. Enter the波利奇y Nameasfortinetand select波利奇y typeasSessionfrom the drop-down list.

10.ClickSubmit.

11.Select thefortinetpolicy under theRoles > guesttable.

12.Click+in theguest Policies > fortinettable.

13.SelectAccess Controlas theRule TypeinNew Rule for guestpopup.

14.Enter the following information in theRoles > fortinet > New forwarding Ruletable.

IP version asIPv4.

源Any.

Destination asAny.

Service/appShort form for application. It generally refers to the application that is downloaded and used on mobile devices.asProtocoland the Protocol assvc-http (tcp 80).

Action asRedirect.

EnterRedirect toasESI Group.

EnterEsi groupasfortinet.

SelectEsi directionasBoth.Forwardrefers to the direction of traffic from the untrusted client or user to the trusted server, such as theHTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands.server or email server.

15.ClickSubmit.

16.Repeat the steps to configure additional rules. This example adds a rule that specifiesany, any, any, permit.

17.ClickSubmit.

18.ClickPending Changes.

19.In thePending Changeswindow, select the check box and clickDeploy changes.

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands define the redirection filter for sending traffic to theESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance.server and apply thefirewallFirewall is a network security system used for preventing unauthorized access to or from a private network.policy to a user role in the route-modeESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance.topology example.

(host) [md] (config) #ip access-list sessionpolicy

any any any redirect esi‑groupgroup方向都是黑名单

//For any incoming traffic, going to any destination,
//redirect the traffic to servers in the specified ESI group.

any any any permit

//For everything else, allow the traffic to flow normally.

(host) [md] (config) #user-rolerole

access‑list {eth | mac | session}

bandwidth‑contractname

captive‑portalname

dialername

pool {l2tp | pptp}

reauthentication‑intervalminutes

session‑aclname

vlanvlan_id