If the endpoint does not match the requirements, they will not get any access to the Citrix environment. For instance, we can have a session policy using OPSWAT expressions to avoid non-healthy endpoints to connecting to our environment.įor instance, a session policy with OPSWAT rules to determine if the endpoint is running an authentic antivirus solution It is also useful to have more specific session policies depending on what type of resource is trying to connect. This is done under session policies à Network Configuration à Advanced Settings. In that case we can setup a timeout which decides when a session should be forcefully disconnected.
In most cases also an end-user might not require access for a really long period of time and might forget to disconnect the session. This way only traffic destined to those applications will be processed by the NetScaler Gateway plugin. The best practice is to not specify full access but use Split tunneling and specify intranet applications for those application that the end-users needs access to. If we are implementing full VPN solution, we can also specify multiple settings depending on what we want. This setting can either be defined globally or per virtual server, but it we are using multiple virtual servers the best is to configure this globally so it affects all virtual servers. Here we also have the enhanced authentication feedback button, which helps end users by notifying them what is wrong when they try to login, but it can also expose some critical information to malicious attackers.
This help to avoid dictionary attacks by locking out authentication attempts after a certain amount of attempts. Under NetScaler Gateway à Global Settings à Change authentication AAA settings à Define Max Login Attempts and then define Failed Login Timeout. Therefore, this section is separated into different groups which list different settings we can configure to have a higher level of security on our virtual server. Now when setting up a smart access server and allowing full VPN access for your endpoints you need to take extra care when setting up our policies. Therefore, it is important to think about this when setting up NetScaler Gateway virtual server. Now by exposing a service externally you also open up yourself for attacks. When setting up a NetScaler Gateway it will be in most cases open externally for remote access to deliver Citrix to remote workers. NOTE: This is content from my eBook but to make it easier to search, based upon the number of queries I get I decided to publish it on my blog Security settings
0 kommentar(er)
