Contact Support

Customers who viewed this article also viewed

banner icon

Identify Changes in NetScaler build files with

File Integrity Monitoring

Learn More Watch Video
CTX208695 {{tooltipText}}

How to Configure Authorization Policy Filter Based on IP Address and Group on NetScaler

Applicable Products

  • NetScaler

Objective

This article describes how to configure authorization policy filter based on IP address and group on NetScaler.

Background

Consider the following scenario, when a connection reaches the NetScaler Gateway VIP, the NetScaler Gateway should allow or deny access to users who are members of a particular Active Directory group. Also NetScaler should allow access to those users who are connecting from a certain subnet.


Instructions

This setup can be implement by creating groups on NetScaler. The Group names on the NetScaler Gateway should match with the names on the Active Directory server. After the Group is configured, create an Authorization policy and bind it to the Group. If the Users are a member of that Group and on the defined subnet, they are allowed access. Optionally you can also bind a Session policy to the Group.

Run the following command from the command line interface of the NetScaler:
add authorization policy auth_policy "REQ.IP.SOURCEIP == 172.16.1.0 -netmask 255.255.255.0" ALLOW
bind aaa group TechSupport -policy auth_policy -priority 100

Note: In the preceding command the group name is "TechSupport" and subnet to be allowed is "172.16.1.0/24".