Product Documentation

Configuring Quarantine and Authorization Groups

May 06, 2013

When users log on to NetScaler Gateway, you assign them to a group that you configure either on NetScaler Gateway or on an authentication server in the secure network. If a user fails a post-authentication scan, you can assign the user to a restricted group, called a quarantine group, which restricts access to network resources.

You can also use authorization groups to restrict user access to network resources. For example, you might have a group of contract personnel that has access only to your email server and a file share. When user devices pass the security requirements that you defined on NetScaler Gateway, users can become members of groups dynamically.

You use either global settings or session policies to configure quarantine and authorization groups that are bound to a user, group, or virtual server. You can assign users to groups on the basis of a client security expression within the session policy. When the user is a member of a group, NetScaler Gateway applies the session policy based on group membership.