You can configure NetScaler Gateway to check for client-side security before users are authenticated. This method ensures that the user device establishing a session with NetScaler Gateway conforms to your security requirements. You configure client-side security checks through the use of preauthentication policies specific to a virtual server or globally, as described in the following two procedures.
Preauthentication policies consist of a profile and an expression. You configure the profile to use an action to allow or deny a process to execute on the user device. For example, the text file, clienttext.txt, is running on the user device. When the user logs on to NetScaler Gateway, you can either allow or deny access if the text file is running. If you do not want to allow users to log on if the process is running, configure the profile so the process is stopped before users log on.
You can configure the following settings for pre-authentication policies:
- Expression. Includes the following settings to help you to create expressions:
- Expression. Displays all of the created expressions.
- Match Any Expression. Configures the policy to match any of the expressions that are present in the list of selected expressions.
- Match All Expressions. Configures the policy to match all the expressions that are present in the list of selected expressions.
- Tabular Expressions. Creates a compound expression with the existing expressions by using the OR (||) or AND (&&) operators.
- Advanced Free-Form. Creates custom compound expressions by using the expression names and the OR (||) and AND (&&) operators. Choose only those expressions that you require and omit other expressions from the list of selected expressions.
- Add. Creates a new expression.
- Modify. Modifies an existing expression.
- Remove. Removes the selected expression from the compound expressions list.
- Named Expressions. Select a configured named expression. You can select named expressions from the drop-down list of expressions already present on NetScaler Gateway.
- Add Expression. Adds the selected named expression to the policy.
- Replace Expression. Replaces the selected named expression to the policy.
- Preview Expression. Displays the detailed client security string that will be configured on NetScaler Gateway when you select a named expression.