The App Firewall configuration interfaces

All hardware and virtual versions of the NetScaler can be configured and managed from the NetScaler command line interface or the web-based GUI. All features of most NetScaler features can be configured using either of these tools. The NetScaler App Firewall is an exception: not all App Firewall configuration tasks can be performed at the command line. Inexperienced users also find the GUI easier to use. In particular, the App Firewall wizard considerably reduces the complexity of configuring the App Firewall. Unlike most NetScaler wizards, the App Firewall wizard can serve as your primary interface to the App Firewall.

The command line interface is a modified UNIX shell based on the FreeBSD bash shell. To configure the App Firewall from the command line interface, you type commands at the prompt and press the Enter key, just as you do with any other Unix shell. For instructions for using the command line interface, see Command Reference.

The GUI is a web-based GUI interface to the appliance. The Web App Firewall configuration section is found under Security > Web App Firewall. The below image shows the navigation pane expanded to display the Web App Firewall screens, and in the detail pane the main Web App Firewall screen.

GUI screen

The GUI has two main areas on all screens. The panel on the left, called the navigation pane, contains a navigation tree, with which you navigate to the screens on which you configure the features that are installed on your appliance. The screens to which you navigate appear to the right of the navigation pane, in the details pane.

When you access the GUI, the details pane displays the System Overview screen. If, in the navigation pane, you click plus sign next to the App Firewall folder, the App Firewall node expands to include the main App Firewall elements that you can configure. If you click the first element, Profiles, the details pane displays the configured profiles, if any profiles have been configured. At the bottom of the details pane, you can click Add to configure a new profile. Other buttons at the bottom of the details pane are grayed out until you select an existing profile. Screens for the other elements work in the same way.

If, instead of expanding the App Firewall node, you click the node itself, the details pane displays different options, one of which is the App Firewall wizard, as shown in Figure 1. Citrix recommends that you use the wizard for initial configuration, and many users use it almost exclusively. It includes most of the functionality that is available elsewhere in the GUI.

The App Firewall configuration interfaces

In this article