About domain labels
Domain labels enable you to create logical groupings of domains that have similar configuration characteristics. Wildcards are allowed, as are host labels. Be aware of these dependencies:
• They are compatible with autodiscover, passthrough, and fixed-target (not packet mode) in-path rules. They are not compatible with IPv6 and connection forwarding and QoS rules
• They don’t replace the destination IP address. The in-path rule still sets the destination using IP and subnet, or uses a port, port label, or host label. The in-path rule matches the IP addresses and ports first, and then matches the domain label second. The rule must match both the destination and the domain label.
• They apply only to HTTP and HTTPS traffic. Therefore, when you add a domain label to an in-path rule and set the destination port to All, the in-path rule defaults to ports HTTP (80) and HTTPS (443) for optimization. To specify another port or port range, use the Specific Port option instead of All Ports.
• A fixed-target rule with a domain label match followed by an auto-discover rule will not use autodiscovery but will instead pass through the traffic. This happens because the matching SYN packet for a fixed-target rule with a domain-label isn’t sent with a probe.
A domain can appear in multiple domain labels. You can create up to 63 unique domain labels.
Domain labels and cloud acceleration
When you add a domain label to an in-path rule that has cloud acceleration enabled, the system passes through connections to the subscribed platform. However, you could add in-path rules so that other appliances in the network optimize cloud connections.
• Create an in-path rule with Cloud Acceleration set to Auto and specify the SaaS Application host label.
• Place rules with domain labels lower than cloud acceleration rules in your rule list so the cloud rules are matched first.