Configure a policy label or virtual server policy bank
After you have created policies, and created policy banks by binding the policies, you can perform additional configuration of policies within a label or policy bank. For example, before you configure invocation of an external policy bank, you might want to wait until you have configured that policy bank.
This topic includes the following sections:
- Configure a policy label
- Configure a policy bank for a virtual server
Configure a policy label
A policy label consists of a set of policies and invocations of other policy labels and virtual server-specific policy banks. An Invoke parameter enables you to invoke a policy label or a virtual server-specific policy bank from any other policy bank. A special-purpose NoPolicy entry enables you to invoke an external bank without processing an expression (a rule). The NoPolicy entry is a “dummy” policy that does not contain a rule.
For configuring policy labels from the Citrix ADC command line, note the following elaborations of the command syntax:
- gotoPriorityExpression is configured as described in Table 2. Format of Each Entry in a Policy Bank of the section “Entries in a Policy Bank” in Bind policies using advanced policy.
- The type argument is required. This is unlike binding a conventional policy, where this argument is optional.
- You can invoke the bank of policies that are bound to a virtual server by using the same method as you use for invoking a policy label.
Configure a policy label by using the CLI
At the command prompt, type the following commands to configure a policy label and verify the configuration:
- bind cache|rewrite|responder policylabel <policylabelName> -policyName <policyName> -priority <priority> [-gotoPriorityExpression <gotopriorityExpression>] [-invoke reqvserver|resvserver|policylabel <policyLabelName>|<vserverName>]
- show cache|rewrite|responder policylabel <policylabelName>
<!--NeedCopy-->
Example:
bind cache policylabel _reqBuiltinDefaults -policyName _nonGetReq -priority 100
Done
show cache policylabel _reqBuiltinDefaults
Label Name: _reqBuiltinDefaults
Evaluates: REQ
Number of bound policies: 3
Number of times invoked: 0
1) Policy Name: _nonGetReq
Priority: 100
GotoPriorityExpression: END
2) Policy Name: _advancedConditionalReq
Priority: 200
GotoPriorityExpression: END
3) Policy Name: _personalizedReq
Priority: 300
GotoPriorityExpression: END
Done
<!--NeedCopy-->
Invoke a policy label from a rewrite policy bank with a NOPOLICY entry by using the CLI
At the command prompt, type the following commands to invoke a policy label from a Rewrite policy bank with a NOPOLICY entry and verify the configuration:
- bind rewrite global <policyName> <priority> <gotoPriorityExpression> -type REQ_OVERRIDE|REQ_DEFAULT|RES_OVERRIDE|RES_DEFAULT -invoke reqvserver|resvserver|policylabel <policyLabelName>|<vserverName>
- show rewrite global
<!--NeedCopy-->
Example:
> bind rewrite global NOPOLICY 100 -type REQ_DEFAULT -invoke policylabel lbl-rewrt-pol
Done
> show rewrite global
1) Global bindpoint: REQ_DEFAULT
Number of bound policies: 1
2) Global bindpoint: REQ_OVERRIDE
Number of bound policies: 1
Done
<!--NeedCopy-->
Invoke a policy label from an Integrated Caching policy bank by using the CLI
At the command prompt, type the following commands to invoke a policy label from an Integrated Caching policy bank and verify the configuration:
- bind cache global NOPOLICY -priority <priority> -gotoPriorityExpression <gotopriorityExpression> -type REQ_OVERRIDE|REQ_DEFAULT|RES_OVERRIDE|RES_DEFAULT -invoke reqvserver|resvserver|policylabel <policyLabelName>|<vserverName>
- show cache global
<!--NeedCopy-->
Example:
bind cache global NOPOLICY -priority 100 -gotoPriorityExpression END -type REQ_DEFAULT -invoke policylabel lbl-cache-pol
Done
> show cache global
1) Global bindpoint: REQ_DEFAULT
Number of bound policies: 2
2) Global bindpoint: RES_DEFAULT
Number of bound policies: 1
Done
<!--NeedCopy-->
Invoke a policy label from a Responder policy bank by using the CLI
At the command prompt, type the following commands to invoke a policy label from a Responder policy bank and verify the configuration:
- bind responder global NOPOLICY <priority> <gotopriorityExpression> -type OVERRIDE|DEFAULT -invoke vserver|policylabel <policyLabelName>|<vserverName>
- show responder global
<!--NeedCopy-->
Example:
> bind responder global NOPOLICY 100 NEXT -type DEFAULT -invoke policylabel lbl-respndr-pol
Done
> show responder global
1) Global bindpoint: REQ_DEFAULT
Number of bound policies: 2
Done
<!--NeedCopy-->
Configure a policy label by using the GUI
- In the navigation pane, expand the feature for which you want to configure a policy label, and then click Policy Labels. The choices are Integrated Caching, Rewrite, or Responder.
- In the details pane, double-click the label that you want to configure.
- If you are adding a new policy to this policy label, click Insert Policy, and in the Policy Name field, select New Policy. For more information about adding a policy, see Create or modify a policy. Note that if you are invoking a policy bank, and do not want a rule to be evaluated prior to the invocation, click Insert Policy, and in the Policy Name field select NOPOLICY.
-
For each entry in this policy label, configure the following:
-
Policy Name:
This is already determined by the Policy Name, new policy, or NOPOLICY entry that you inserted in this bank.
-
Priority:
A numeric value that determines either an absolute order of evaluation within the bank, or is used in conjunction with a Goto expression.
-
Expression:
The policy rule. Policy expressions are described in detail in the following chapters. For an introduction, see Configure advanced policy expressions: Get started.
-
Action:
The action to be taken if this policy evaluates to TRUE.
-
Goto Expression:
Optional. Used to augment the Priority level to determine the next policy or policy bank to evaluate. For more information on possible values for a Goto expression, see Table 2. Format of Each Entry in a Policy Bank of the section “Entries in a Policy Bank” in Bind policies using advanced policy.
-
Invoke:
Optional. Invokes another policy bank.
-
- Click OK. A message in the status bar indicates that the policy label is configured successfully.
Configure a policy bank for a virtual server
You can configure a bank of policies for a virtual server. The policy bank can contain individual policies, and each entry in the policy bank can optionally invoke a policy label or a bank of policies that you configured for another virtual server. If you invoke a policy label or policy bank, you can do so without triggering an expression (a rule) by selecting a NOPOLICY “dummy” entry instead of a policy name.
Add policies to a virtual server policy bank by using the CLI
At the command prompt, type the following commands to add policies to a virtual server policy bank and verify the configuration:
- bind lb|cs vserver <virtualServerName> <serviceType> [-policyName <policyName>] [-priority <positiveInteger>] [-gotoPriorityExpression <expression>] [-type REQUEST|RESPONSE]
- show lb|cs vserver <virtualServerName>
<!--NeedCopy-->
Example:
add lb vserver vs-cont-sw TCP
Done
show lb vserver vs-cont-sw
vs-cont-sw (0.0.0.0:0) - TCP Type: ADDRESS
State: DOWN
Last state change was at Wed Aug 19 10:04:02 2009 (+279 ms)
Time since last state change: 0 days, 00:02:14.420
Effective State: DOWN
Client Idle Timeout: 9000 sec
Down state flush: ENABLED
Disable Primary Vserver On Down : DISABLED
No. of Bound Services : 0 (Total) 0 (Active)
Configured Method: LEASTCONNECTION
Mode: IP
Persistence: NONE
Connection Failover: DISABLED
Done
<!--NeedCopy-->
Invoke a policy label from a virtual server policy bank with a NOPOLICY entry by using the CLI
At the command prompt, type the following commands to invoke a policy label from a virtual server policy bank with a NOPOLICY entry and verify the configuration:
- bind lb|cs vserver <virtualServerName> -policyName NOPOLICY_REWRITE|NOPOLICY_CACHE|NOPOLICY_RESPONDER -priority <integer> -type REQUEST|RESPONSE -gotoPriorityExpression <gotopriorityExpression> -invoke reqVserver|resVserver|policyLabel <vserverName>|<labelName>
- show lb vserver
<!--NeedCopy-->
Example:
> bind lb vserver vs-cont-sw -policyname NOPOLICY-REWRITE -priority 200 -type REQUEST -gotoPriorityExpression NEXT -invoke policyLabel lbl-rewrt-pol
Done
<!--NeedCopy-->
Configure a virtual server policy bank by using the GUI
- In the left navigation pane, expand ** **Traffic Management > Load Balancing, Traffic Management > Content Switching, Traffic Management > SSL Offload, Security > AAA - Application Traffic, or Citrix Gateway, as appropriate, and then click Virtual Servers.
- In the details pane, select the virtual server that you want to configure, and then click Open.
- In the Configure Virtual Server dialog box click the Policies tab.
- To create a new policy in this bank, click the icon for the type of policy or policy label that you want to add to the virtual server’s bank of policies, click Insert Policy. Note that if you want to invoke a policy label without evaluating a policy rule, select the NOPOLICY “dummy” policy.
- To configure an existing entry in this policy bank, enter the following:
-
Priority:
A numeric value that determines either an absolute order of evaluation within the bank or is used in conjunction with a Goto expression.
-
Expression:
The policy rule. Policy expressions are described in detail in the following chapters. For an introduction, see Configuring Advanced Policy Expressions: Getting Started.
-
Action:
The action to be taken if this policy evaluates to TRUE.
-
Goto Expression:
Optional. Determines the next policy or policy bank evaluate. For more information on possible values for a Goto expression, see the section “Entries in a Policy Bank” in Bind policies using advanced policy.
-
Invoke:
Optional. To invoke another policy bank, select the name of the policy label or virtual server policy bank that you want to invoke.
-
- Click OK. A message in the status bar indicates that the policy is configured successfully.