How to Create Traffic Policies on NetScaler Gateway

How to Create Traffic Policies on NetScaler Gateway

book

Article ID: CTX207825

calendar_today

Updated On:

Description

This article describes how to create traffic policies on NetScaler Gateway.

Background

NetScaler Gateway traffic policy is usually used in scenarios where you have a server/application hosted in your datacenter behind the NetScaler Gateway, and external users connect to NetScaler Gateway and then access the backend resource.

Traffic policies allow you to configure the following settings for user connections:

  • Enforcing shorter time-outs for sensitive applications that are accessed from untrusted networks.
  • Switching network traffic to use TCP for some applications. If you select TCP, you need to enable or disable single sign-on for certain applications.
  • Identifying situations where you want to use other HTTP features for NetScaler Gateway Plug-in traffic.
  • Defining the file extensions that are used with file type association.

Instructions

Create NetScaler Gateway Traffic Profile

Before creating a NetScaler Gateway traffic policy, you need to first create a NetScaler Gateway traffic profile. Refer to Citrix Documentation to configure traffic profiles on NetScaler Gateway.

The following information will help you configure NetScaler Gateway traffic profile:

  • Protocol: You can choose between HTTP or TCP. If you choose HTTP then you can only perform SSO. HTTP also supports compression. If the application is hosted on custom ports, like SAP, then use TCP. 
  • AppTimeout: The maximum amount of time a user can stay logged on to the application in minutes.
  • Single Sign-on: If you configure this option then NetScaler will pass the credentials rather than the user supplying it again after connecting to NetScaler Gateway. 
  • Form SSO action: You can associate a form SSO profile to the traffic profile, in case you are performing a forms based SSO to the backend application. 
  • SAML SSO action: You can associate a SAML SSO profile to the traffic profile, in case you are performing SAML SSO to the backend application. 
  • File Type Associations: You can enable this setting if you have configured to associate file type extensions on the XenApp. To get more information on file type associations, refer to Citrix Documentation - To associate published applications with file types.
  • HDX Proxy: You can enable this setting if an HDX proxy is in use to get the backend application. This is for ICA traffic. 
  • Proxy IP and Port: IP address and port of the proxy server to be used for HTTP request access.
  • CloudBridge: You can enable this setting if CloudBridge is present in datacenter and users have CloudBridge plugin installed on their machines for acceleration/optimization.
Apart from the preceding parameters, the traffic profile also has the SSO user and password expressions. If you configure these expressions they would be evaluated to attain the username and password. Refer to CTX20026 - NetScaler Advanced Expressions Support in Single Sign-On to get more details on this component.

Create NetScaler Gateway Traffic Policy

Refer to Citrix Documentation to create traffic policies on NetScaler Gateway.

Issue/Introduction

This article describes how to create traffic policies on NetScaler Gateway.
Powered by Wolken Software