[THIN] Re: Netscaler Post Auth Session Policy Failure?

  • From: James Scanlon <scanjam@xxxxxxxxxxx>
  • To: Thin <thin@xxxxxxxxxxxxx>
  • Date: Fri, 20 Dec 2013 09:23:52 +1000

I think i found the issue, but need to check on the client site when i get in 
tomorrow.I had a policy that was globally bound - but typically dont see the 
'green tick' in the gui interface...If its not that it might be an AAA user 
policy - need to check that also... Getting there - ill post back if no good. 
Cheers :)

Date: Thu, 19 Dec 2013 17:13:54 -0600
Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
From: tsorenson99@xxxxxxxxx
To: thin@xxxxxxxxxxxxx

Seasons Greetings and long time since we've seen you!

Can you post the relevant parts of your scrubbed ns.conf ?

On Thu, Dec 19, 2013 at 1:59 PM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:

Greetings thin list legends!long time no email!
Quick one.I have a single Netscaler Access Gateway with one post auth session 
policy which points them to storefront.
It runs an single EPA check for a registry key for the domain membership.If it 
fails the registry check however its 'defaulting' to a the client choices page 
and starts running an SSL VPN!?!

Ive checked all advanced settings and the global settings - and there is 
literally nothing set to create this?Any idea how to set a policy so that 'If 
your EPA scan fails' the system just denies access? or even another policy 
which would direct them to a web server that doesnt exist or really ANYTHING 
other than starting a FULL SSL VPN!! :)

I hope everyone is well and looking forward to the holidays!All the best for 
xmas and the new year.



Other related posts: