How to Configure NetScaler Application Firewall Signatures Protection Based on Vulnerability Scan Result of QualysGuard

How to Configure NetScaler Application Firewall Signatures Protection Based on Vulnerability Scan Result of QualysGuard

book

Article ID: CTX133269

calendar_today

Updated On:

Description

This article describes how to configure NetScaler Application Firewall Signatures protection, based on vulnerability scan result of QualysGuard.

Instructions

To configure NetScaler Application Firewall Signatures protection, complete the following procedure:

  1. Run a discovery scan with Qualys Web Application Scanner.

  2. Complete the following procedure to run a vulnerability scan with Qualys Web Application Scanner and retrieve the scan results in XML format:

    1. Select Web Application Scanning.

      User-added image

    2.   Select the Scans tab.

      User-added image

    3. From the list select the vulnerability scan for the application and select View.

      User-added image

    4. Select Scan Details and copy the scan ID.

      User-added image

    5. Using the scan ID, setup a CURL http call to retrieve the XML file from the Web Application Scanning:

      curl -u "USER:PASS" -X "GET" https://qualysapi.qualys.com/qps/rest/2.0/download/was/wasscan/[scan ID]
      Where:
      USER – user ID
      PASS – password
      Scan ID – scan ID that was copied in the preceding step
      Save the output as XML file and deploy it to the Application Firewall Signatures.

  3. Expand the Application Firewall node in the NetScaler configuration utility.

  4. Select the Signatures node.

  5. Click Add to create new signature rules set.

    User-added image

  6. Activate the External Format tab, in the Add Signatures Object window.

  7. Enable the Allow Duplicates check box.

  8. Select Qualys for the Built-in XSLT field.

  9. Click Browse and select the saved xml file with Qualys Guard vulnerability scan result.

  10. Click Add.

    User-added image

    Notes:

    - If you did not save the .xml file on the local file, then select Import From URL option, and type the URL to the file.

    - If a URL is reported for two or more types of vulnerabilities, and if Allow Duplicates option is not enabled, then the Signature rule is created only for first type of    vulnerability and second vulnerability is skipped.

  11. In the next window provide signatures object name and set Enable, Block, Log, or Stats to the objects, as shown in the following screen shot:

    User-added image

  12. Click OK to confirm.

  13. Expand the Application Firewall node > Profiles node > Firewall node.

  14. Open an Application Firewall profile.

    Note: Use an existing profile or create a profile.

  15. Activate the Settings tab.

  16. Select the created signatures, as shown in the following screen shot:

    User-added image

  17. Add an Application Firewall policy and bind it to the profile.

    Note: In this example, expression is set as true to send all the network traffic to the Application Firewall.

    User-added image

  18. Bind the profile at a global level or to specific virtual server.

  19. Expand the Application Firewall node > Policies nodeApplication Firewall Policies node.

  20. Select Policy Manager.

  21. Add the policy under Default Global.

    User-added image

Issue/Introduction

This article describes how to configure NetScaler Application Firewall Signatures protection, based on vulnerability scan result of QualysGuard.

Additional Information

Citrix TV contains the following video for this article:
http://www.citrix.com/tv/#videos/5875
Duration: 0:48 minutes
Note: This video requires the Adobe Flash player plug-in for the Web browser.

CTX112930 - Citrix Application Firewall Guide

Powered by Wolken Software