How to Limit SSH to NSIP for Specific Clients with ACLs

How to Limit SSH to NSIP for Specific Clients with ACLs

book

Article ID: CTX318761

calendar_today

Updated On:

Description

This article describe how to limit SSH to NSIP for specific clients with ACLs

Instructions

For this example, we are going to allow client: 192.168.1.1 to ssh to  NSIP: 192.168.1.100. This will be the only client capable of connecting over SSH to this IP once the ACL is applied. We will apply a "deny all" policy with a lower priority to achieve this. The same logic can be applied for restricting other types of traffic such as HTTPS\HTTP management traffic, etc. If creating multiple "allow" rules, it is suggested to make the "deny all" ACL a lower priority to accommodate, such as 200. The example below is a simple ACL set with two priorities; one per ACL.
  • To create bellow 2 ACL Policies in CLI mode, 
      add ns acl allowclient ALLOW -srcIP = 192.168.1.1 -destPort = 22 -protocol TCP -priority 1

      add ns acl blockany DENY -destPort = 22 -protocol TCP -priority 2
  • Apply ACL to take effect,
      apply ns acls

Additional Information

https://docs.citrix.com/en-us/citrix-adc/current-release/networking/access-control-lists-acls.html
Powered by Wolken Software