NetScaler Clientless Access Filtering
So I have done some posts before on Content Filtering with the NetScaler this is just bringing it to the next level, and giving your VPN a little extra security and control.
First Start off by creating or using an existing Access Gateway Virtual Server. Now unlike most Virtual Servers we aren’t going to configure anything within the VS. Everything we do is going to be focused on Groups or Users.
Click Add under the Groups section
Type in a Group Name in this example I am using “TEST_LOCKDOWN” (note: this group should match an Active Directory Group)
We aren’t going to select any users.
Click the Authorization Tab
Click Insert Policy
Click New Policy…
Name it and select Deny, now click the Add… Button
Completed Policy… To Deny access to Site1.ntcrash.biz
Now to allow access to all other sites at ntcrash.biz
Click Insert Policy…
We followed the exaxt same steps as we did for the DENY rule but this time we just add the domain ntcrash.biz and select ALLOW
Also Notice Very Important Step We want the ALLOW Rule to be checked after the DENY Rule notice the Priority of the above Rules.
Click, now to add the Clientless access part. Select the Policy Tab, Click the Session Module
Click Insert Policy, We already had one, double click on Profile
So Notice in this example we are going to DENY access to the Web Interface Server… But allow the home page to come through.
You could be using Bookmarks or any other type of Clientless access methods but this will always DENY access to site1.ntcrash.biz
Thanks for reading, please comment or contact me if you have any questions.