To configure NetScaler
Gateway for access scenario fallback, you need to create policies and groups in
the following ways:
- Create a quarantine group
in which users are placed if the endpoint analysis scan fails.
- Create a global Web
Interface or StoreFront setting that is used if the endpoint analysis scan
fails.
- Create a session policy
that overrides the global setting and then bind the session policy to a group.
- Create a global client
security policy that is applied if the endpoint analysis fails.
When configuring
access scenario fallback, use the following guidelines:
- Using client choices or
access scenario fallback requires the Endpoint Analysis Plug-in for all users.
If endpoint analysis cannot run or if users select
Skip
Scan during the scan, users are denied access.
Note: The option to skip the scan is removed in NetScaler Gateway
10.1, Build 120.1316.e
- When you enable client
choices, if the user device fails the endpoint analysis scan, users are placed
into the quarantine group. Users can continue to log on with either the
NetScaler Gateway Plug-in or the Citrix Receiver to the Web Interface or
StoreFront.
Note: Citrix
recommends that you do not create a quarantine group if you enable client
choices. User devices that fail the endpoint analysis scan and are quarantined
are treated in the same way as user devices that pass the endpoint scan.
- If the endpoint analysis
scan fails and the user is put in the quarantine group, the policies that are
bound to the quarantine group are effective only if there are no policies bound
directly to the user that have an equal or lower priority number than the
policies bound to the quarantine group.
- You can use different web
addresses for the Access Interface and, the Web Interface or StoreFront. When
you configure the home pages, the Access Interface home page takes precedence
for the NetScaler Gateway Plug-in and the Web Interface home page takes
precedence for Web Interface users. The Receiver home page takes precedence for
StoreFront.