Specify the protocol to check: tcp, udp, icmp, all
This can be used to make sure that users can always reach an
important resource on the network. For example, the following
access list definition allows additional connections as needed to
any user who is trying to reach my-web-server.com.
DENY - Reject traffic matching this rule.
DNAT-SERVER: Traffic matching this rule is forwarded to the
destination defined by the dnat-server value. See
forwarding (dnat-server) on page 15-63
Note: SSL traffic cannot be forwarded as this breaks SSL
security during connection negotiation resulting in the
connection not being established.
REDIRECT: Reject traffic matching this rule and redirect the
user's Web browser to the page specified by redirect-url, or
login-url if redirect-url is not defined. See
for more information. For example, one use for this
feature could be to block access to a popular protocol, then
prompt the user for additional fees to activate support.
WARN: Reject traffic matching this rule and return an HTTP error
message (which is not customizable) indicating that access to
the site is not allowed by the network. For example:
Working with RADIUS attributes
Colubris AV-Pair - Site attribute values
for more information.
Redirect URL on