[THIN] Re: Netscaler Post Auth Session Policy Failure?

  • From: Joe Shonk <joe.shonk@xxxxxxxxx>
  • To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
  • Date: Thu, 19 Dec 2013 17:12:24 -0700

So basically any user on and internet connected device can type in user
names and passwords?  So, a crafty person can launch a DOS attack and lock
out accounts?


On Thu, Dec 19, 2013 at 4:53 PM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:

> nope its configured as a session policy.
> i argued that its a bit silly as the user has already authenticated, but
> the client was advised (at some point) by citrix that pre auth is more
> difficult to troubleshoot when clients are logging in (the fun error codes
> the netscaler spits out) and they have many multiple people connecting from
> many different devices
> so they were adament they wanted a scan / reg scan after the user name and
> password....
> bah...
> ------------------------------
> Date: Thu, 19 Dec 2013 16:37:46 -0700
> Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
> From: joe.shonk@xxxxxxxxx
> To: thin@xxxxxxxxxxxxx
> Correct me if I'm wrong, but wouldn't that be  a pre-auth policy?
> Joe
> On Thu, Dec 19, 2013 at 12:59 PM, James Scanlon <scanjam@xxxxxxxxxxx>wrote:
> Greetings thin list legends!
> long time no email!
> Quick one.
>    1. I have a single Netscaler Access Gateway with one post auth session
>    policy which points them to storefront.
>    2. It runs an single EPA check for a registry key for the domain
>    membership.
>    3. If it fails the registry check however its 'defaulting' to a the
>    client choices page and starts running an SSL VPN!?!
> Ive checked all advanced settings and the global settings - and there is
> literally nothing set to create this?
> Any idea how to set a policy so that 'If your EPA scan fails' the system
> just denies access? or even another policy which would direct them to a web
> server that doesnt exist or really ANYTHING *other *than starting a FULL
> SSL VPN!! :)
> I hope everyone is well and looking forward to the holidays!
> All the best for xmas and the new year.
> scanjam

Other related posts: