-
AppExpert Applications and Templates
-
Configure application authentication, authorization, and auditing
-
-
Configuring Advanced Policy Infrastructure
-
Creating Policy Labels
-
Invoking or Removing a Policy Label or Virtual Server Policy Bank
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
-
Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Create policy labels
In addition to the built-in bind points where you set up policy banks, you can also configure user-defined policy labels and associate policies with them.
Within a policy label, you bind policies and specify the order of evaluation of each policy relative to others in the bank of policies for the policy label. The Citrix ADC also permits you to define an arbitrary evaluation order as follows:
- You can use “goto” expressions to point to the next entry in the bank to be evaluated after the current one.
- You can use an entry in a policy bank to invoke another bank.
Each feature determines the type of policy that you can bind to a policy label, the type of load balancing virtual server that you can bind the label to, and the type of content switching virtual server from which the label can be invoked. For example, a TCP policy label can only be bound to a TCP load balancing virtual server. You cannot bind HTTP policies to a policy label of this type. And you can invoke a TCP policy label only from a TCP content switching virtual server.
After configuring a new policy label, you can invoke it from one or more banks for the built-in bind points.
Create a caching policy label by using the CLI
At the command prompt, type the following commands to create a Caching policy label and verify the configuration:
- add cache policylabel <labelName> -evaluates req|res
- show cache policylabel<labelName>
<!--NeedCopy-->
Example:
> add cache policylabel lbl-cache-pol -evaluates req
Done
> show cache policylabel lbl-cache-pol
Label Name: lbl-cache-pol
Evaluates: REQ
Number of bound policies: 0
Number of times invoked: 0
Done
<!--NeedCopy-->
Create a content switching policy label by using the CLI
At the command prompt, type the following commands to create a Content Switching policy label and verify the configuration:
- add cs policylabel <labelName> http|tcp|rtsp|ssl
- show cs policylabel <labelName>
<!--NeedCopy-->
Example:
> add cs policylabel lbl-cs-pol http
Done
> show cs policylabel lbl-cs-pol
Label Name: lbl-cs-pol
Label Type: HTTP
Number of bound policies: 0
Number of times invoked: 0
Done
<!--NeedCopy-->
Create a rewrite policy label by using the CLI
At the command prompt, type the following commands to create a Rewrite policy label and verify the configuration:
- add rewrite policylabel <labelName> http_req|http_res|url|text|clientless_vpn_req|clientless_vpn_res
- show rewrite policylabel <labelName>
<!--NeedCopy-->
Example:
> add rewrite policylabel lbl-rewrt-pol http_req
Done
> show rewrite policylabel lbl-rewrt-pol
Label Name: lbl-rewrt-pol
Transform Name: http_req
Number of bound policies: 0
Number of times invoked: 0
Done
<!--NeedCopy-->
Create a responder policy label by using the CLI
At the command prompt, type the following commands to create a Responder policy label and verify the configuration:
- add responder policylabel <labelName>
- show responder policylabel <labelName>
<!--NeedCopy-->
Example:
> add responder policylabel lbl-respndr-pol
Done
> show responder policylabel lbl-respndr-pol
Label Name: lbl-respndr-pol
Number of bound policies: 0
Number of times invoked: 0
Done
<!--NeedCopy-->
Note: Invoke this policy label from a policy bank. For more information, see the “Binding a Policy to a Policy Label” section.
Create a policy label by using the GUI
- In the navigation pane, expand the feature for which you want to create a policy label, and then click Policy Labels. The choices are Integrated Caching, Rewrite, Content Switching, or Responder.
- In the details pane, click Add.
- In the Name box, enter a unique name for this policy label.
- Enter feature-specific information for the policy label. For example, for Integrated Caching, in the Evaluates drop-down menu, you would select REQ if you want this policy label to contain request-time policies, or select RES if you want this policy label to contain response-time policies. For Rewrite, you would select a Transform name.
- Click Create.
- Configure one of the built-in policy banks to invoke this policy label. For more information, see the “Binding a Policy to a Policy Label” section. A message in the status bar indicates that the policy label is created successfully.
Bind a policy to a policy label
As with policy banks that are bound to the built-in bind points, each entry in a policy label is a policy that is bound to the policy label. As with policies that are bound globally or to a vserver, each policy that is bound to the policy label can also invoke a policy bank or a policy label that is evaluated after the current entry has been processed. The following table summarizes the entries in a policy label.
-
Name. The name of a policy, or, to invoke another policy bank without evaluating a policy, the “dummy” policy name NOPOLICY.
You can specify NOPOLICY more than once in a policy bank, but you can specify a named policy only once.
-
Priority. An integer. This setting can work with the Goto expression.
-
Goto Expression. Determines the next policy to evaluate in this bank. You can provide one of the following values:
- NEXT. Go to the policy with the next higher priority.
- END. Stop evaluation.
- USE_INVOCATION_RESULT. Applicable if this entry invokes another policy bank. If the final Goto in the invoked bank has a value of END, evaluation stops. If the final Goto is anything other than END, the current policy bank performs a NEXT.
- Positive number: The priority number of the next policy to be evaluated.
- Numeric expression. An expression that produces the priority number of the next policy to be evaluated.
The Goto can only proceed forward in a policy bank.
If you omit the Goto expression, it is the same as specifying END.
-
Invocation Type. Designates a policy bank type. The value can be one of the following:
- Request Vserver. Invokes request-time policies that are associated with a virtual server.
- Response Vserver. Invokes response-time policies that are associated with a virtual server.
- Policy label. Invokes another policy bank, as identified by the policy label for the bank.
-
Invocation Name. The name of a virtual server or a policy label, depending on the value that you specified for the Invocation Type.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.