Configure a policy label or virtual server policy bank

After you have created policies, and created policy banks by binding the policies, you can perform additional configuration of policies within a label or policy bank. For example, before you configure invocation of an external policy bank, you might want to wait until you have configured that policy bank.

This topic includes the following sections:

• Configure a policy label
• Configure a policy bank for a virtual server

Configure a policy label

A policy label consists of a set of policies and invocations of other policy labels and virtual server-specific policy banks. An Invoke parameter enables you to invoke a policy label or a virtual server-specific policy bank from any other policy bank. A special-purpose NoPolicy entry enables you to invoke an external bank without processing an expression (a rule). The NoPolicy entry is a “dummy” policy that does not contain a rule.

For configuring policy labels from the Citrix ADC command line, note the following elaborations of the command syntax:

• gotoPriorityExpression is configured as described in Table 2. Format of Each Entry in a Policy Bank of the section “Entries in a Policy Bank” inBind policies using advanced policy.
• The type argument is required. This is unlike binding a conventional policy, where this argument is optional.
• You can invoke the bank of policies that are bound to a virtual server by using the same method as you use for invoking a policy label.

Configure a policy label by using the CLI

在命令职业mpt, type the following commands to configure a policy label and verify the configuration:

- bind cache|rewrite|responder policylabel  -policyName  -priority  [-gotoPriorityExpression ] [-invoke reqvserver|resvserver|policylabel |] - show cache|rewrite|responder policylabel  

Example:

bind cache policylabel _reqBuiltinDefaults -policyName _nonGetReq -priority 100 Done show cache policylabel _reqBuiltinDefaults Label Name: _reqBuiltinDefaults Evaluates: REQ Number of bound policies: 3 Number of times invoked: 0 1) Policy Name: _nonGetReq Priority: 100 GotoPriorityExpression: END 2) Policy Name: _advancedConditionalReq Priority: 200 GotoPriorityExpression: END 3) Policy Name: _personalizedReq Priority: 300 GotoPriorityExpression: END Done 

Invoke a policy label from a rewrite policy bank with a NOPOLICY entry by using the CLI

在命令职业mpt, type the following commands to invoke a policy label from a Rewrite policy bank with a NOPOLICY entry and verify the configuration:

- bind rewrite global    -type REQ_OVERRIDE|REQ_DEFAULT|RES_OVERRIDE|RES_DEFAULT -invoke reqvserver|resvserver|policylabel | - show rewrite global 

Example:

> bind rewrite global NOPOLICY 100 -type REQ_DEFAULT -invoke policylabel lbl-rewrt-pol Done > show rewrite global 1) Global bindpoint: REQ_DEFAULT Number of bound policies: 1 2) Global bindpoint: REQ_OVERRIDE Number of bound policies: 1 Done 

Invoke a policy label from an Integrated Caching policy bank by using the CLI

在命令职业mpt, type the following commands to invoke a policy label from an Integrated Caching policy bank and verify the configuration:

- bind cache global NOPOLICY -priority  -gotoPriorityExpression  -type REQ_OVERRIDE|REQ_DEFAULT|RES_OVERRIDE|RES_DEFAULT -invoke reqvserver|resvserver|policylabel | - show cache global 

Example:

全球NOPOLICY绑定缓存-priority 100 -gotoPriorityExpression END -type REQ_DEFAULT -invoke policylabel lbl-cache-pol Done > show cache global 1) Global bindpoint: REQ_DEFAULT Number of bound policies: 2 2) Global bindpoint: RES_DEFAULT Number of bound policies: 1 Done 

Invoke a policy label from a Responder policy bank by using the CLI

在命令职业mpt, type the following commands to invoke a policy label from a Responder policy bank and verify the configuration:

- bind responder global NOPOLICY   -type OVERRIDE|DEFAULT -invoke vserver|policylabel | - show responder global 

Example:

> bind responder global NOPOLICY 100 NEXT -type DEFAULT -invoke policylabel lbl-respndr-pol Done > show responder global 1) Global bindpoint: REQ_DEFAULT Number of bound policies: 2 Done 

Configure a policy label by using the GUI

1. In the navigation pane, expand the feature for which you want to configure a policy label, and then click Policy Labels. The choices are Integrated Caching, Rewrite, or Responder.
2. In the details pane, double-click the label that you want to configure.
3. If you are adding a new policy to this policy label, click Insert Policy, and in the Policy Name field, select New Policy. For more information about adding a policy, seeCreate or modify a policy. Note that if you are invoking a policy bank, and do not want a rule to be evaluated prior to the invocation, click Insert Policy, and in the Policy Name field select NOPOLICY.

4. For each entry in this policy label, configure the following:

   • Policy Name:

     This is already determined by the Policy Name, new policy, or NOPOLICY entry that you inserted in this bank.

   • Priority:

     A numeric value that determines either an absolute order of evaluation within the bank, or is used in conjunction with a Goto expression.

   • Expression:

     The policy rule. Policy expressions are described in detail in the following chapters. For an introduction, seeConfigure advanced policy expressions: Get started.

   • Action:

     The action to be taken if this policy evaluates to TRUE.

   • Goto Expression:

     Optional. Used to augment the Priority level to determine the next policy or policy bank to evaluate. For more information on possible values for a Goto expression, see Table 2. Format of Each Entry in a Policy Bank of the section “Entries in a Policy Bank” inBind policies using advanced policy.

   • Invoke:

     Optional. Invokes another policy bank.

5. ClickOK. A message in the status bar indicates that the policy label is configured successfully.

Configure a policy bank for a virtual server

You can configure a bank of policies for a virtual server. The policy bank can contain individual policies, and each entry in the policy bank can optionally invoke a policy label or a bank of policies that you configured for another virtual server. If you invoke a policy label or policy bank, you can do so without triggering an expression (a rule) by selecting a NOPOLICY “dummy” entry instead of a policy name.

Add policies to a virtual server policy bank by using the CLI

在命令职业mpt, type the following commands to add policies to a virtual server policy bank and verify the configuration:

- bind lb|cs vserver   [-policyName ] [-priority ] [-gotoPriorityExpression ] [-type REQUEST|RESPONSE] - show lb|cs vserver  

Example:

add lb vserver vs-cont-sw TCP Done show lb vserver vs-cont-sw vs-cont-sw (0.0.0.0:0) - TCP Type: ADDRESS State: DOWN Last state change was at Wed Aug 19 10:04:02 2009 (+279 ms) Time since last state change: 0 days, 00:02:14.420 Effective State: DOWN Client Idle Timeout: 9000 sec Down state flush: ENABLED Disable Primary Vserver On Down : DISABLED No. of Bound Services : 0 (Total) 0 (Active) Configured Method: LEASTCONNECTION Mode: IP Persistence: NONE Connection Failover: DISABLED Done 

Invoke a policy label from a virtual server policy bank with a NOPOLICY entry by using the CLI

在命令职业mpt, type the following commands to invoke a policy label from a virtual server policy bank with a NOPOLICY entry and verify the configuration:

- bind lb|cs vserver  -policyName NOPOLICY-REWRITE|NOPOLICY-CACHE|NOPOLICY-RESPONDER -priority  -type REQUEST|RESPONSE -gotoPriorityExpression  -invoke reqVserver|resVserver|policyLabel | - show lb vserver 

Example:

> bind lb vserver vs-cont-sw -policyname NOPOLICY-REWRITE -priority 200 -type REQUEST -gotoPriorityExpression NEXT -invoke policyLabel lbl-rewrt-pol Done 

Configure a virtual server policy bank by using the GUI

1. In the left navigation pane, expand** **Traffic Management>Load Balancing,Traffic Management>Content Switching,Traffic Management>SSL Offload,Security>AAA - Application Traffic, orCitrix Gateway, as appropriate, and then clickVirtual Servers.
2. In the details pane, select the virtual server that you want to configure, and then clickOpen.
3. In theConfigure Virtual Serverdialog box click thePoliciestab.
4. To create a new policy in this bank, click the icon for the type of policy or policy label that you want to add to the virtual server’s bank of policies, clickInsert Policy. Note that if you want to invoke a policy label without evaluating a policy rule, select the NOPOLICY “dummy” policy.

5. To configure an existing entry in this policy bank, enter the following:

   • Priority:

     A numeric value that determines either an absolute order of evaluation within the bank or is used in conjunction with a Goto expression.

   • Expression:

     The policy rule. Policy expressions are described in detail in the following chapters. For an introduction, seeConfiguring Advanced Policy Expressions: Getting Started.

   • Action:

     The action to be taken if this policy evaluates to TRUE.

   • Goto Expression:

     Optional. Determines the next policy or policy bank evaluate. For more information on possible values for a Goto expression, see the section “Entries in a Policy Bank” inBind policies using advanced policy.

   • Invoke:

     Optional. To invoke another policy bank, select the name of the policy label or virtual server policy bank that you want to invoke.

6. ClickOK. A message in the status bar indicates that the policy is configured successfully.