[THIN] Netscaler VPX , ICA Proxy & SSL VPN on 1 Vserver with EPA Scanning

  • From: Gehan.DeSilva@xxxxxxxxxxx
  • To: thin@xxxxxxxxxxxxx
  • Date: Wed, 30 Nov 2011 11:30:07 +0800

Hi All

I have a Netscaler VPX and its driving me nuts getting the final bit of 
configuration i want done.

I want my netscaler to do the following:

For ICA Proxy users do not run any EPA Scan
For SSLVPN users run an EPA Scan

I found a post by Rick Rohne from 2010 which describes this exact process 

My config and Issues are below:

I have the following configured on Netscaler VPX 9.3 build 52.3

1 Virtual Server with the following Policies

Session Policy 1 = ICAProxy Priority 100
Session Policy 2 = SSLVpn Priority 100
Session Policy 3 = Mobile Devices Priority 10
**I have also played around with Session Policy priorities

I have the following expression on Session Policy 1 = REQ.HTTP.HEADER 
I have the following expression on Session Policy 2 = REQ.HTTP.HEADER 

The above works as expected , i get to the icaproxy with out any epa scans 
and i get to the VPN as expected and require the cag client to proceed and 
access my internal network.

If i add an expression to the SSLVpn policy to get the machine to run an 
EPA scan i get the following unexpected  results 
SSLVPN Policy Expression == REQ.HTTP.HEADER Cookie CONTAINS VPN && 
Client.File('C:\\\\MyTestfile.txt') Exists

1) When i login to ICA Proxy mode i get prompted for an EPA scan i can 
skip the scan and get logged into the Web Interface (I dont want to be 
prompted at all)

2) When i login to SSL VPN mode , i get access to the VPN , if the EPA 
scan fails i still get logged in but i get a different landing page where 
Web Interface is no longer available , i get the 'websites' and 'file 
share' options. And i can still access network resources (After fail of 
the EPA scan i want it to deny access)

Any advice or suggestions would be much appreciated. 

Gehan De Silva
Senior Network Administrator

RSM Bird Cameron

8 St Georges Terrace Perth WA 6000 
GPO Box R1253 Perth WA 6844 
T (08) 9261 9437   F (08) 9261 9112 

Connected for Success. 

 Assurance -  
    Business Advisory - Corporate Finance - Risk 
    Advisory - Tax - Turnaround & 

This Communication is intended only for the use of the 
  individual or entity to which it is addressed and may contain information 
  is privileged, confidential or copyright. You are hereby notified that any 
  dissemination, distribution or copying of this communication is strictly 
  prohibited without the authority of the sender. If you have received this 
  e-mail message in error or are not the intended recipient, please delete and 
  destroy all copies and notify us immediately by return mail. Any views 
  expressed in this communication are those of the individual sender, except 
  where the sender specifically states otherwise. If you no longer want to 
  receive notifications, simply reply to this e-mail.

Liability limited by a scheme approved under 
   Professional Standards Legislation.

Other related posts:

  • » [THIN] Netscaler VPX , ICA Proxy & SSL VPN on 1 Vserver with EPA Scanning - Gehan . DeSilva