Citrix Netscaler Classic EPA Policies

Configurare noua (How To)

Situatie

There are two methods of Classic Endpoint Analysis: pre-authentication and post-authentication. For pre-authentication, configure an Endpoint Analysis expression in a Preauthentication Policy. For post-authentication, configure the Endpoint Analysis expression on one or more Session Policies.

  • With a Preauthentication Policy, if the Endpoint Analysis scan fails, then users can’t login.
  • With a Postauthentication Policy, Endpoint Analysis doesn’t run until after the user logs in. Typically, you create multiple Session Policies. One or more Session Policies have Endpoint Analysis expressions. Leave one policy without an Endpoint Analysis expression so there’s a fallback in case the client device doesn’t support Endpoint Analysis (e.g. mobile devices). The name of the Session Policy is then used later in Citrix Policies and Citrix Delivery Groups.
    • Inside the Session Profile is a field for Client Security expression, which supports an EPA expression. This field is for VPN only, and does not affect SmartAccess.

Solutie

Pasi de urmat

Preauthentication Policies and Profiles are configured at Citrix Gateway > Policies > Preauthentication.

On the right, switch to the Preauthentication Profiles tab, and create a Preauthentication Profile to allow access.

Switch to the Preauthentication Policies tab, and create a Preauthentication Policy with an EPA expression. Select the Request Action that allows access.

The right side of the Expression box has links to create EPA expressions, as detailed below

Classic Post-authentication Policies and Profiles are configured at Citrix Gateway > Policies > Session.

When creating a Session Policy, the right side of the Expression box has links to create EPA expressions, as detailed below.

Classic Syntax vs Default Syntax – EPA expressions can only be added to Classic Syntax Policies. If you click Switch to Default Syntax, then the OPSWAT EPA Editor disappears. Use nFactor EPA instead.

If you edit a Session Profile, on the Security tab…

Under Advanced Settings, you will see a Client Security Check String box that lets you enter an EPA Expression. This field applies only to VPN and does not affect SmartAccess. Also, this field does not function if your Session Policy is Advanced instead of Classic.

Tip solutie

Permanent

Voteaza

Up Down
(7 din 18 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?