Friday, April 29, 2011

NetScaler Clientless Access Filtering

So I have done some posts before on Content Filtering with the NetScaler this is just bringing it to the next level, and giving your VPN a little extra security and control.

First Start off by creating or using an existing Access Gateway Virtual Server. Now unlike most Virtual Servers we aren't going to configure anything within the VS. Everything we do is going to be focused on Groups or Users.



Click Add under the Groups section



Type in a Group Name in this example I am using "TEST_LOCKDOWN" (note: this group should match an Active Directory Group)

We aren't going to select any users.

Click the Authorization Tab



Click Insert Policy

Click New Policy…



Name it and select Deny, now click the Add… Button





Completed Policy… To Deny access to Site1.ntcrash.biz

Now to allow access to all other sites at ntcrash.biz



Click Insert Policy…



We followed the exaxt same steps as we did for the DENY rule but this time we just add the domain ntcrash.biz and select ALLOW

Also Notice Very Important Step We want the ALLOW Rule to be checked after the DENY Rule notice the Priority of the above Rules.

Click, now to add the Clientless access part. Select the Policy Tab, Click the Session Module



Click Insert Policy, We already had one, double click on Profile





So Notice in this example we are going to DENY access to the Web Interface Server… But allow the home page to come through.

You could be using Bookmarks or any other type of Clientless access methods but this will always DENY access to site1.ntcrash.biz

Thanks for reading, please comment or contact me if you have any questions.

No comments:

Post a Comment