Citrix Systems Network Router 9.2 User Manual

•

For feature, substitute the feature for which you are creating the 
policy. For example, for Access Gateway policies, type accessgw. 
For Application Firewall policies, type appfw. For SSL policies, 
type ssl.

•

For name, substitute a name for the policy. You must begin a policy 
name with a letter or underscore. A policy name can consist of 1 to 
127 characters, including letters, numbers, hyphen (-), period (.), 
pound sign (#), space ( ), and underscore (_).

•

For expression, configure the expression as described in 

.

•

For action, substitute the name of the action you want to associate 
with this policy. For Access Gateway and Application Firewall 
policies, you substitute the appropriate profile instead of an action.

Classic expressions consist of the following hierarchy of elements:

•

Flow Type. Whether the connection is incoming or outgoing. For incoming 
connections, the flow type is REQ. For outgoing connections, it is RES. 

•

Protocol. Which protocol you want. Your choices are HTTP, SSL, TCP, 
and IP.

•

Qualifier. The protocol attribute you want. Your choices are dependent 
upon the protocol you selected.

•

Operator. The type of test you want to perform on the connection data. 
Your choices depend upon the connection information you are testing. If the 
connection information you are testing is text, you can use any of several 
text operators. If it is a number, you can use standard numeric operators. 

•

Value. The string or number against which the connection data element—
defined by the flow type, protocol, and qualifier—is tested. The value can 
be literal, or can consist of an expression, that matches the data type of the 
connection data element. 

In a policy, classic expressions can be combined into more complex expressions 
using boolean and comparative operators.

The following classic expression returns the client source IP for an incoming 
connection.

REQ.IP.SOURCEIP