-
-
Configuring NetScaler-Owned IP Addresses
-
Configuring ARP response Suppression for Virtual IP addresses (VIPs)
-
Configuring Application Access Controls
-
-
-
Thank you for the feedback
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configuring Application Access Controls
Application access controls, also known as management access controls, form a unified mechanism for managing user authentication and implementing rules that determine user access to applications and data. You can configure SNIPs to provide access for management applications. Management access for the NSIP is enabled by default and cannot be disabled. You can, however, control it by using ACLs.
For information about using ACLs, see Access Control Lists (ACLs).
The NetScaler appliance does not support management access to VIPs.
The following table provides a summary of the interaction between management access and specific service settings for Telnet.
| Management Access | Telnet (State Configured on the NetScaler) | Telnet (Effective State at the IP Level) |
|---|---|---|
| Enable | Enable | Enable |
| Enable | Disable | Disable |
| Disable | Enable | Disable |
| Disable | Disable | Disable |
The following table provides an overview of the IP addresses used as source IP addresses in outbound traffic.
| Application/ IP | NSIP | SNIP | VIP |
|---|---|---|---|
| ARP | Yes | Yes | No |
| Server side traffic | No | Yes | No |
| RNAT | No | Yes | Yes |
| ICMP PING | Yes | Yes | No |
| Dynamic routing | Yes | Yes | Yes |
The following table provides an overview of the applications available on these IP addresses.
| Application/ IP | NSIP | SNIP | VIP |
|---|---|---|---|
| SNMP | Yes | Yes | Yes |
| System access | Yes | Yes | No |
You can access and manage the NetScaler by using applications such as Telnet, SSH, GUI, and FTP.
Note: Telnet and FTP are disabled on the NetScaler for security reasons. To enable them, contact the customer support. After the applications are enabled, you can apply the controls at the IP level.
To configure the NetScaler to respond to these applications, you need to enable the specific management applications. If you disable management access for an IP address, existing connections that use the IP address are not terminated, but no new connections can be initiated.
Also, the non-management applications running on the underlying FreeBSD operating system are open to protocol attacks, and these applications do not take advantage of the NetScaler appliance’s attack prevention capabilities.
You can block access to these non-management applications on a SNIP or NSIP. When access is blocked, a user connecting to a NetScaler by using the SNIP or NSIP is not be able to access the non-management applications running on the underlying operating system.
To configure management access for an IP address by using the NetScaler command line:
At the command prompt, type:
set ns ip <IPAddress> -mgmtAccess <value> -telnet <value> -ftp <value> -gui <value> -ssh <value> -snmp <value> -restrictAccess (ENABLED | DISABLED)
Example:
To enable management access and restrict access for a NetScaler owned IP address:
> set ns ip 192.0.2.20 -mgmtAccess enabled -restrictAccess ENABLED
Done
To disable GUI access for a NSIP or SNIP address:
> set ns ip 192.0.2.10 -gui disabled
Done
<!--NeedCopy-->
To enable management access for an IP address by using the NetScaler GUI:
- Navigate to System > Network > IPs > IPV4s.
- Open an IP address entry, and select the Enable Management Access control to support the listed applications option.
Thank you for the feedback
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.