Manage Connectivity
You can specify a set of resource locations (connectors) through which AD or RADIUS servers can be reached. Admins can choose the Resource Locations through which back-end AD and RADIUS servers must be reached.
To enable this feature, customers can set up a mapping between their back-end AD/RADIUS server subnets such that if the authentication traffic falls under a specific subnet, then that traffic is directed to the specific resource location. However, If a resource location isn’t mapped to a subnet, then admins can specify to use the wildcard resource location for those subnets.
Note:
It is recommended to perform manage connectivity configuration through the Adaptive Authentication portal’s user interface rather than directly on NetScaler (using GUI or CLI). Changes made on NetScaler are not automatically synced with the Adaptive Authentication portal and might be lost.
-
On the Adaptive Authentication UI, click Manage Connectivity.
-
Enter the subnet details and select the respective resource location.
Note:
If you clear the Use any available resource location for remaining subnets checkbox, only the traffic directed towards the configured subnets is tunneled.
-
Click Add, and then click Save Changes.
Note:
- Only RFC1918 IP address subnets are allowed.
- The number of subnet-resource location mappings per customer is limited to 10.
- Multiple subnets can be mapped to a single resource location.
- To update the subnet entry, delete the existing entry and then update.
- If you rename or remove the resource location, make sure to remove the entry from the Manage Connectivity screen in the Adaptive Authentication user interface.
- Any changes made to the resource location mapping by using the following CLI commands are overwritten by the changes pushed from the user interface (Adaptive Authentication Provisioning > Manage Connectivity).
set cloudtunnel parameter -subnetResourceLocationMappings
set policy expression aauth_allow_rfc1918_subnets <>
set policy expression aauth_listen_policy_exp <>
-
Click Next to go to Instance Management section.