Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 10.2.


Specify to redirect traffic destined for protected sources to a specified URL.

You can configure the following options in the redirect URL string:

  • %dest-url%—Specifies the protected resource which the user is trying to access.

  • %enforcer-id%—Specifies the ID assigned to the Junos OS Enforcer by the IC Series device.

  • %policy-id%—Specifies the encrypted policy ID for the security policy that redirected the traffic.

  • %dest-ip%—Specifies the IP address or hostname of the protected resource that the user is trying to access.

  • %ic-ip%—Specifies the IP address or hostname of the IC Series device to which the Junos OS Enforcer is currently connected.

If you do not specify the redirect URL, the Junos OS Enforcer uses the following default configuration:


The maximum size of a redirect payload is 1450 bytes. The size of the redirect URL is restricted to 1407 bytes (excluding a few HTTP headers). If a user accesses a destination URL that is larger than 1407 bytes, the Infranet Controller authenticates the payload, calculates the exact length of the redirect URL, and trims the destination URL so that it can fit into the redirect URL. The destination URL can be fewer than 1407 bytes based on what else is present in the redirect URL (for example, policy ID). The destination URL in the default redirect URL is trimmed so that the redirect packet payload size is limited to 1450 bytes. If the length of the payload is larger than 1450 bytes, the excess length is trimmed and the user is directed to the destination URL that has been resized to 1450 bytes.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.