Thursday, April 28, 2011

Citrix NetScaler Clientless Access Filtering

So I have done some posts before on Content Filtering with the NetScaler this is just bringing it to the next level, and giving your VPN a little extra security and control.

First Start off by creating or using an existing Access Gateway Virtual Server. Now unlike most Virtual Servers we aren't going to configure anything within the VS. Everything we do is going to be focused on Groups or Users.

Click Add under the Groups section

Type in a Group Name in this example I am using "TEST_LOCKDOWN" (note: this group should match an Active Directory Group)

We aren't going to select any users.

Click the Authorization Tab

Click Insert Policy

Click New Policy…

Name it and select Deny, now click the Add… Button

Completed Policy… To Deny access to

Now to allow access to all other sites at

Click Insert Policy…

We followed the exact same steps as we did for the DENY rule but this time we just add the domain and select ALLOW

Also Notice Very Important Step We want the ALLOW Rule to be checked after the DENY Rule notice the Priority of the above Rules.

Click, now to add the Clientless access part. Select the Policy Tab, Click the Session Module

Click Insert Policy, We already had one, double click on Profile

So Notice in this example we are going to DENY access to the Web Interface Server… But allow the home page to come through.

You could be using Bookmarks or any other type of Clientless access methods but this will always DENY access to

Thanks for reading, please comment or contact me if you have any questions.

No comments:

Post a Comment