General purpose rules¶
General purpose rules can be used in any case and placed anywhere in a policy. These items support miscellaneous actions such as HTTP header modification, presenting a message or decision box, logging, and others.
Decision Box¶
This rule presents two options to the user. These options are presented as link text preceded by images. A Decision box can be helpful after a client fails an endpoint security check or after a user fails to authenticate. For example, suppose a user fails authentication. In that case, you can provide the option to attempt to authenticate again or to continue to an allowed resource, like public Internet access, without allowing internal network access.
Another example would be to provide one option of continuing onto a guest or quarantine network with limited access to a segregated subnet and a second option to present a deny ending and log out the user. You can also use the Decision box to take the user to a helpful URL, for example, an antivirus vendor’s website, to download virus database updates.
When you use this rule, you configure the following fields:
Field |
Description |
|---|---|
Name |
Specify the name of the Decision Box rule. You can specify a name, or use the name that auto-generates when you insert the rule into the policy. |
Language |
Specify the language to use to customize the decision box. Use ISO 639-1 language codes. This is a required setting. |
Title |
Specify the text that you want to display for the decision box title. |
Option 1 |
Specify the link text for the first option on the decision page. |
Option 1 Icon |
Specify the image that appears next to the first option field on the decision page. |
Option 2 |
Specify the link text for the second option on the decision page. |
Option 2 Icon |
Specify the image that appears next to the second option field on the decision page. |
Email rule¶
This rule allows BIG-IP Next Central Manager to send emails using an external SMTP server configuration. In the BIG-IP Next Access policy, you define the Email item in the policy object.
To configure sending an email during policy execution, you must create SMTP config and Email Item objects in an Access policy. For instructions on creating an SMTP configuration for sending emails, refer to How to: Set up users for SMTP notifications.
When you use this rule, you configure the following fields:
Field |
Description |
|---|---|
Name |
Specify the name of the email rule. You can specify a name or use the name that auto-generates when you insert the rule into the policy. |
Empty rule¶
This is a general purpose rule that has no explicit rule configuration and provides the capability to define custom branching logic using any session variable. When you use this rule, you configure the following fields:
Field |
Description |
|---|---|
Name |
Specify the name of the empty rule. You can specify a name or use the name that auto-generates when you insert the rule into the policy. |
Logging¶
This rule is useful for tracing the variables that are created for a specific category, or in a specific branch. However, a session variable might or might not exist at the time of logging, depending on the result of the Access policy branch or results of processing the Access policy.
When you use this rule, you configure the following fields:
Field |
Description |
|---|---|
Name |
Specify the name of the logging rule. |
Log Message |
Specify the log message to display. |
Session Variable Type |
Select the type for this Access policy item. For the Logging rule, the value is logging. This is a required setting. |
Type |
Specify the Access policy item. For the Logging rule, the value is logging. This is a required setting. |
Session Variable |
Select the name of the predefined session variable or specify the name of the custom session variable that corresponds to the policy type you selected. |
Message Box¶
This rule presents a message to the user, and prompts the user to click a link to continue. The message box has no effect on the user’s access to the network or the preceding or following Access policy checks. A message box can be used, for example, to warn a user about a redirect to a guest network, or that the client certificate failed to authenticate, or to display a message about the results of a rule branch in the Access policy.
When you use this rule, you configure the following fields:
Field |
Description |
|---|---|
Name |
Specify the name of the message box rule. |
Language |
Select the language to use to customize the message box. This is a required setting. |
Title |
Specify the title to use for the message box. |
Description |
Specify a human-readable description of the policy branch. |
Button Caption |
Specify the message that appears as the link text. |
