NetScaler-13.1-How to limit the IP subnets to access LB vServer with responder policy in NetScaler?

NetScaler-13.1-How to limit the IP subnets to access LB vServer with responder policy in NetScaler?

book

Article ID: CTX666268

calendar_today

Updated On:

Description

How to allow only specified IP subnets to access LB virtual server with responder policy in NetScaler?

Instructions

1.Put all the IP subnets that will be allowed in a dataset.

add policy dataset src_ip ipv4
bind policy dataset src_ip 192.128.0.0/10
bind policy dataset src_ip 10.10.0.0/10

Reference link : 

https://docs.netscaler.com/en-us/citrix-adc/13-1/appexpert/pattern-sets-data-seta/configuring-data-sets.html#cidr-subnet-notation-in-ipv4-and-ipv6-addresses-for-policy-dataset

 

2. create a responder policy 

enable ns feature RESPONDER
add responder policy Block_bad_ip_pol "CLIENT.IP.SRC.TYPECAST_TEXT_T.EQUALS_ANY(\"src_ip\").NOT" RESET

 

3.bind the policy to LB Virtual Server

bind lb vserver <lb_vserver_name> -policyName Block_bad_ip_pol -priority 100 -gotoPriorityExpression END -type REQUEST

Powered by Wolken Software