How to limit NetScaler Management access
Article ID: CTX691757
Updated On:
Description
With this document you may limit the NetScaler Management access to certain IP address/es.
Instructions
- Allow specific IP for Management UI (HTTPS):
- add ns acl allow_mgmt_ui ALLOW -srcIP <ip of machine which would have access to NetScaler> -srcPort 1-65535 -destIP <NetScaler Management IP> -destPort 443 -protocol TCP -priority 1
- add ns acl allow_mgmt_ui ALLOW -srcIP 192.168.1.10 -srcPort 1-65535 -destIP 192.168.100.100 -destPort 443 -protocol TCP -priority 1
- Allow specific IP for Management CLI (SSH):
- add ns acl allow_mgmt_cli ALLOW -srcIP 192.168.1.10 -srcPort 1-65535 -destIP 192.168.100.100 -destPort 22 -protocol TCP -priority 2
- add ns acl allow_mgmt_cli ALLOW -srcIP 192.168.1.10 -srcPort 1-65535 -destIP 192.168.100.100 -destPort 22 -protocol TCP -priority 2
- Deny all other IPs for Management UI (HTTPS):
- add ns acl deny_mgmt_ui DENY -destIP 192.168.100.100 -destPort 443 -protocol TCP -priority 10
- add ns acl deny_mgmt_ui DENY -destIP 192.168.100.100 -destPort 443 -protocol TCP -priority 10
- Deny all other IPs for Management CLI (SSH):
- add ns acl deny_mgmt_cli DENY -destIP 192.168.100.100 -destPort 22 -protocol TCP -priority 11
- add ns acl deny_mgmt_cli DENY -destIP 192.168.100.100 -destPort 22 -protocol TCP -priority 11
- Apply the ACLs: apply ns acls
By following these steps, you will ensure that only the IP address 192.168.1.10 accesses 192.168.100.100 for the Management UI and CLI, while all other IPs will be blocked.
Was this article helpful?
Yes
No
Powered by
