Understanding the Captive Portal Redirect URL Options
By default, after you configure a captive portal policy, the Junos OS Enforcer redirects HTTP traffic to the currently connected Infranet Controller by using HTTPS. To perform the redirection, the Junos OS Enforcer uses the IP address or domain name that you specified when you configured the Infranet Controller instance on the Junos OS Enforcer. The format of the URL that the Junos OS Enforcer uses for default redirection is:
https://%ic-ip%/?target = %dest-url% &enforcer = %enforcer-id% &policy = %policy-id% &dest-ip = %dest-ip%
If you configured your Junos OS Enforcer to work with multiple Infranet Controllers in a cluster, and the current Infranet Controller becomes disconnected, the Junos OS Enforcer automatically redirects HTTP traffic to the next active Infranet Controller in its configuration list. The Junos OS Enforcer redirects traffic to only one Infranet Controller at a time.
Otherwise, the browser displays a certificate warning to users when they sign in. You do not need to override the default redirection destination except in these situations:
- You are using a VIP for a cluster of Infranet Controller appliances and the Junos OS Enforcer is configured to connect to the Infranet Controller’s physical IP addresses.
- You want to redirect traffic to a webserver instead of the Infranet Controller.
- If, because of split DNS or IP routing restrictions at
your site, the Junos OS Enforcer uses a different address for the
Infranet Controller than endpoints, you must specify the domain name
or IP address that endpoints must use to access the Infranet Controller.
Table 37 lists different options that you can configure in the redirect URL string.
Table 37: Redirect URL String Options
%dest-url% | Specifies the protected resource which the user is trying to access. |
%enforcer-id% | Specifies the ID assigned to the Junos OS Enforcer by the Infranet Controller. |
%policy-id% | Specifies the encrypted policy ID for the captive portal security policy that redirected the traffic. |
%dest-ip% | Specifies the IP address or hostname of the protected resource which the user is trying to access. |
%ic-ip% | Specifies the IP address or hostname of the Infranet Controller to which the Junos OS Enforcer is currently connected to. |
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- Understanding UAC in a Junos OS Environment
- Understanding the Captive Portal on the Junos OS Enforcer
- Understanding Captive Portal Configuration on the Junos OS Enforcer
- Example: Creating a Captive Portal Policy on the Junos OS Enforcer (CLI)
- Example: Configuring a Redirect URL for Captive Portal (CLI)
Hide Navigation Pane
Show Navigation Pane
Download
SHA1