Labels help simplify configuration by allowing you to group multiple items under a single name. Instead of configuring features individually for each item, you can apply one label to cover all of them. For example, if you want to create an in-path rule for all Office365 traffic, you can define a label called Office365 that includes all relevant application domains. Then, instead of writing separate rules for each domain, you apply the label to one rule.Label names are not case-sensitive, but rule-matching is. Names can be up to 64 alphanumeric characters and may include underscores (_) and hyphens (-), but not other special characters or spaces. You can also assign the same item to multiple labels. However, IPv6 is not supported, and labels in use cannot be deleted.

Labels work with autodiscover, passthrough, and fixed-target in-path rules, but not with packet mode rules.

Domain labels let you group related domains under a single name for easier configuration. You can use wildcards and host labels within these groupings. They are especially useful for setting up rules for domains that share similar optimization settings.

Domain labels are compatible with autodiscover, passthrough, and fixed-target in-path rules (not packet mode), but they don't work with connection forwarding or QoS rules. Starting with RiOS 9.16.0, domain label subnets also support IPv6.

It’s important to note that domain labels do not replace destination IP addresses. In-path rules still require destination matching by IP, subnet, port, port label, or host label. The appliance first matches the destination, then checks the domain label. Both conditions must match for the rule to apply.

Since domain labels only apply to HTTP and HTTPS traffic, if you set the destination port to "All," the rule defaults to ports 80 (HTTP) and 443 (HTTPS). If you need to optimize other ports, choose the "Specific Port" option instead.

Be aware that fixed-target rules using domain labels take precedence over autodiscovery. If a fixed-target rule with a domain label matches a SYN packet, the traffic won't use autodiscovery—it will pass through instead.

A domain can be included in multiple domain labels, and you can define up to 63 unique domain labels.

When using domain labels in in-path rules with cloud acceleration enabled, connections to the subscribed cloud platform are passed through to that platform by default. However, you can optimize cloud traffic across other appliances in your network by creating specific in-path rules.

To do this, create an in-path rule where Cloud Acceleration is set to Auto, and specify the SaaS Application host label. This allows the system to automatically determine whether to optimize the traffic or pass it through to the cloud service.

For proper rule matching, make sure that in-path rules using domain labels are placed lower in the rule list than the cloud acceleration rules. This ensures the system evaluates and applies cloud acceleration rules first before checking for domain label matches.

Domain label settings are under Networking > App Definitions: Domain Labels.

Specifies the label name.

Specifies a comma-separated list of domains. Keep in mind that some services might use alternate domains. For example, www.box.com might also use srv1.box.net. IP addresses are not supported. These rules apply to domain label entries:

Host labels let you group hostnames or subnets that share similar configuration needs. When you use hostnames in a host label, the appliance queries your DNS to find the corresponding IP addresses and uses those IPs to match destination traffic for any rules using the host label. Starting with RiOS 9.16.0, IPv6 support is included for host label subnets.

Appliances automatically resolve hostnames once every 24 hours to stay updated with any IP changes. If any resolution issues occur—either during this automatic process or during a manual resolution—the host labels page will show a summary alerting you to the problem. The good news: once an appliance resolves a new IP for a hostname, all rules using that host label are updated automatically; you don’t need to make manual changes.

You also have the option to manually resolve hostnames at any time, which resets the next automatic resolution to 24 hours later. Additionally, you can choose whether to show or hide the resolved IP addresses for each hostname.

Appliances include a predefined host label, SaaS Application, which detects any IP addresses that carry traffic destined to a cloud, or SaaS, service. As SaaS applications are added or deleted, the host label is automatically updated with the list of associated IP addresses. This host label removes the requirement that domain rules and SaaS acceleration be mutually exclusive. Use this label with an auto discover in-path rule, and set cloud acceleration to auto.

Host label settings are under Networking > App Definitions: Host Labels.

Specifies the label name.

Specifies a comma-separated list of hostnames and subnets. You can also separate hostname and subnet names with spaces or new lines. Host labels can be a fully qualified domain name, and you can enter up to 100 unique hostnames.

As you add labels, it may take a few seconds for the appliance to retrieve all the relevant IP addresses from your DNS.

The summary section displays this information:

On rare occasions, if the DNS server goes down after resolving a hostname once, the appliance keeps the information, even though it might be stale. When this occurs, this message appears: This hostname was resolved successfully at least once in the past but the last attempt failed.

Port label settings are under Networking > App Definitions: Port Labels.

You can use a port label to specify a set of ports and then apply a single in-path rule or load-balancing rule to the port label, rather than configuring rules for each port. Using port labels reduces the number of configuration rules in the system.

Displays the controls to add a new port label.

Specify the label name. These rules apply:

Specify a comma-separated list of ports.

Click Add to add the port label.

To modify a port label, in the list of port labels, click the name of the port label you want to edit. The list entry expands to display an editable list. Under Ports, add or delete ports in the Editing Port Label <name> text box.

Click Apply to apply the modifications or click Cancel to cancel your changes.

Click Save to save your changes to the running configuration. Port label changes are applied immediately by the rules that use the port labels that you have modified.

The system provides these types of port labels by default:

To apply an in-path rule or a load-balancing rule to all ports, specify all.

If you order rules so that traffic that is passed through, discarded, or denied is filtered first, All represents all remaining ports.