Its set by creating Landing URIs and then visiting them.
Create 2 Landing URIs : Test1 and Test2 under Device Mgmt > customization > URI based customization.
Now go to yourfirepass.com/test1 (note that there is no trailing slash.) The Firepass will set your landing URI to test1. This can be evaluated and acted upon in Prelogon inspection by creating a Rule(not an action) as follows:
session.network.server.land_uri == "test1" (note that the variable name is land_uri NOT landing_uri.)
If you have modified your index.html in the sandbox, you will need to place redirect index files in your landing URI virtual directories. My Firepasses have a custom splash page that does not have a login form. Clicking one of the links goes to landing URI myfirepass.com/test1 and the other goes to /test2. I created 2 directories in the sandbox called "test1" and "test2." Each has an index.html that simple redirects to myfirepass.com/my.activation.php3, which kicks off the prelogon inspection sequence. The first phase of this is to evaluate the landing uri as described above. Based on landing uri, different checks are performed, and users are then mapped to different resource groups based on AD authentication and landing URI.
Hope that helps.