Citrix Systems Network Router 9.2 Manuale Utente
A
PPENDIX
D
Tutorial Examples of Classic Policies
Following are useful examples of classic policy configuration for certain
NetScaler features such as Access Gateway, Application Firewall, and SSL.
NetScaler features such as Access Gateway, Application Firewall, and SSL.
In This Appendix
Access Gateway Policy to Check for a Valid Client
Certificate
The following policies enable the NetScaler to ensure that a client presents a valid
certificate before establishing a connection to a company’s SSL VPN.
certificate before establishing a connection to a company’s SSL VPN.
To check for a valid client certificate by using the NetScaler command line
1.
At a NetScaler command prompt, create an Access Gateway profile named
act_current_client_cert
act_current_client_cert
that requires that users have a current
client certificate to establish an SSL connection with the Access Gateway
or NetScaler.
or NetScaler.
add ssl action act_current_client_cert-clientAuth DOCLIENTAUTH
-clientCert ENABLED -certHeader
"header_of_client_certificate_issued_by_your_company"
-clientCertNotBefore ENABLED -certNotBeforeHeader "Mon, 01 Jan
2007 00:00:00 GMT"
2.
To create an SSL policy named client_cert_policy that detects
connections to the Web server that contain a query string, type:
connections to the Web server that contain a query string, type: