Advertisements

NetScaler Clientless Access Filtering


So I have done some posts before on Content Filtering with the NetScaler this is just bringing it to the next level, and giving your VPN a little extra security and control.

First Start off by creating or using an existing Access Gateway Virtual Server. Now unlike most Virtual Servers we aren’t going to configure anything within the VS. Everything we do is going to be focused on Groups or Users.

Click Add under the Groups section

Type in a Group Name in this example I am using “TEST_LOCKDOWN” (note: this group should match an Active Directory Group)

We aren’t going to select any users.

Click the Authorization Tab

Click Insert Policy

Click New Policy…

Name it and select Deny, now click the Add… Button

Completed Policy… To Deny access to Site1.ntcrash.biz

Now to allow access to all other sites at ntcrash.biz

Click Insert Policy…

We followed the exaxt same steps as we did for the DENY rule but this time we just add the domain ntcrash.biz and select ALLOW

Also Notice Very Important Step We want the ALLOW Rule to be checked after the DENY Rule notice the Priority of the above Rules.

Click, now to add the Clientless access part. Select the Policy Tab, Click the Session Module

Click Insert Policy, We already had one, double click on Profile

So Notice in this example we are going to DENY access to the Web Interface Server… But allow the home page to come through.

You could be using Bookmarks or any other type of Clientless access methods but this will always DENY access to site1.ntcrash.biz

Thanks for reading, please comment or contact me if you have any questions.

Advertisements

Posted on April 29, 2011, in Citrix, NetScaler. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: