-
Getting Started with Citrix ADC
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Deploy a Citrix ADC VPX instance
-
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
-
Install a Citrix ADC VPX instance on Linux-KVM platform
-
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
-
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
-
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
-
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
-
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Deploy a Citrix ADC VPX instance on Microsoft Azure
-
Network architecture for Citrix ADC VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Configure a high-availability setup with a single IP address and a single NIC
-
Configure address pools (IIP) for a Citrix Gateway appliance
-
Configure multiple Azure VIPs for a standalone or high availability Citrix ADC instance
-
-
Deploy a VPX high-availability pair on Google Cloud Platform
-
Upgrade and downgrade a Citrix ADC appliance
-
Authentication, authorization, and auditing application traffic
-
Configuring authentication, authorization, and auditing policies
-
Configuring Authentication, authorization, and auditing with commonly used protocols
-
Active Directory Federation Service Proxy Integration Protocol compliance (Technical preview)
-
Use an on-premises Citrix Gateway as the identity provider for Citrix Cloud
-
-
Configure EULA as an authentication factor in Citrix ADC nFactor system
-
Configure pre-authentication Endpoint Analysis scan as a factor in nFactor authentication
-
Configure periodic Endpoint Analysis scan as a factor in nFactor authentication
-
Configure pre-auth and post-auth EPA scan as a factor in nFactor authentication
-
Configure prefill user name from certificate in Citrix ADC nFactor authentication
-
Localize error messages generated by Citrix ADC nFactor system
-
-
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
-
Authentication and authorization
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
-
-
Synchronizing Configuration Files in a High Availability Setup
-
Restricting High-Availability Synchronization Traffic to a VLAN
-
Understanding the High Availability Health Check Computation
-
Managing High Availability Heartbeat Messages on a Citrix ADC Appliance
-
Remove and Replace a Citrix ADC in a High Availability Setup
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
User identity management
An increasing number of security breaches and the growing popularity of mobile devices has emphasized the need to ensure that use of the external internet is compliant with the corporate policies and only authorized users access external resources provisioned by the corporate personnel. Identity Management makes this possible by verifying the identity of a person or a device. It does not determine what tasks the individual can take or what files the individual can see.
An SSL forward proxy deployment identifies the user before allowing access to the internet. All requests and responses from the user are inspected. User activity is logged, and records are exported to the Citrix Application Delivery Management (ADM) for reporting. In Citrix ADM, you can view the statistics about the user activities, transactions, and bandwidth consumption.
By default, only the user’s IP address is saved, but you can configure the feature to record more details about the user, and use this identity information to create richer internet usage policies for specific users.
The Citrix ADC appliance supports the following authentication modes for an explicit-proxy configuration.
- Lightweight Directory Access Protocol (LDAP). Authenticates the user through an external LDAP authentication server. For more information, see LDAP Authentication Policies.
- RADIUS. Authenticates the user through an external RADIUS server. For more information, see RADIUS Authentication Policies.
- TACACS+. Authenticates the user through an external Terminal Access Controller Access-Control System (TACACS) authentication server. For more information, see Authentication Policies.
- Negotiate. Authenticates the user through a Kerberos authentication server. If there is an error in Kerberos authentication, appliance uses NTLM authentication. For more information, see Negotiate Authentication Policies.
For transparent proxy, only IP-based LDAP authentication is currently supported. When a client request is received, the proxy authenticates the user by checking an entry for the client IP address in the active directory, and creates a session based on the user IP address. However, if you configure the ssoNameAttribute in an LDAP action, a session is created by using the username instead of the IP address. Classic policies are not supported for authentication in a transparent proxy setup.
Note
For explicit proxy, you must set the LDAP login name to sAMAccountName. For transparent proxy, you must set the LDAP login name to ** networkAddress and attribute1 to sAMAccountName.
Example for explicit proxy:
add authentication ldapAction swg-auth-action-explicit -serverIP 10.105.157.116 -ldapBase "CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDn "CN=Administrator,CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDnPassword freebsd123$ -ldapLoginName sAMAccountName
Example for transparent proxy:
add authentication ldapAction swg-auth-action-explicit -serverIP 10.105.157.116 -ldapBase "CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDn "CN=Administrator,CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDnPassword freebsd123$ -ldapLoginName networkAddress -authentication disable -Attribute1 sAMAccountName
Set up user authentication by using the CLI
At the command prompt type:
add authentication vserver <vserver name> SSL
bind ssl vserver <vserver name> -certkeyName <certkey name>
add authentication ldapAction <action name> -serverIP <ip_addr> -ldapBase <string> -ldapBindDn <string> -ldapBindDnPassword -ldapLoginName <string>
add authentication Policy <policy name> -rule <expression> -action <string>
bind authentication vserver <vserver name> -policy <string> -priority <positive_integer>
set cs vserver <name> -authn401 ON -authnVsName <string>
Arguments:
Vserver name:
Name of the authentication virtual server to which to bind the policy.
Maximum Length: 127
serviceType:
Protocol type of the authentication virtual server. Always SSL.
Possible values: SSL
Default value: SSL
Action name:
Name for the new LDAP action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the LDAP action is added. The following requirement applies only to the CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication action” or ‘my authentication action’).
Maximum Length: 127
serverIP:
IP address assigned to the LDAP server.
ldapBase:
Base (node) from which to start LDAP searches. If the LDAP server is running locally, the default value of base is dc=netscaler, dc=com. Maximum Length: 127
ldapBindDn:
Full distinguished name (DN) that is used to bind to the LDAP server.
Default: cn=Manager,dc=netscaler,dc=com
Maximum Length: 127
ldapBindDnPassword:
Password used to bind to the LDAP server.
Maximum Length: 127
ldapLoginName:
LDAP login name attribute. The Citrix ADC appliance uses the LDAP login name to query external LDAP servers or Active Directories. Maximum Length: 127
Policy name:
Name for the advance AUTHENTICATION policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after AUTHENTICATION policy is created. The following requirement applies only to the CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication policy” or ‘my authentication policy’).
Maximum Length: 127
rule:
Name of the rule, or a default syntax expression, that the policy uses to determine whether to attempt to authenticate the user with the AUTHENTICATION server.
Maximum Length: 1499
action:
Name of the authentication action to be performed if the policy matches.
Maximum Length: 127
priority:
Positive integer specifying the priority of the policy. A lower number specifies a higher priority. Policies are evaluated in the order of their priorities, and the first policy that matches the request is applied. Must be unique within the list of policies bound to the authentication virtual server.
Minimum value: 0
Maximum Value: 4294967295
Example:
add authentication vserver swg-auth-vs SSL
Done
bind ssl vserver explicit-auth-vs -certkeyName ns-swg-ca-certkey
Done
add authentication ldapAction swg-auth-action-explicit -serverIP 192.0.2.116 -ldapBase "CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDn "CN=Administrator,CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDnPassword zzzzz -ldapLoginName sAMAccountName
Done
add authenticationpolicy swg-auth-policy -rule true -action swg-auth-action-explicit Done
bind authentication vserver swg-auth-vs -policy swg-auth-policy -priority 1
Done
set cs vserver testswg -authn401 ON -authnVsName swg-auth-vs
Done
Enable user name logging by using the CLI
At the command prompt, type:
set appflow param -AAAUserName ENABLED
Arguments:
AAAUserName
Enable AppFlow AAA user name logging.
Possible values: ENABLED, DISABLED
Default value: DISABLED
Example:
set appflow param -AAAUserName ENABLED
User identity management
Share
Citrix Preview Documentation
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.