Block external access to XenMobile 10 Self Help Portal

XenMobile 10 enables SelfHelp Portal out-of-the-box, this exposes single factor ldap login externally though the MDM LoadBalancer VIP on 443.

This post shows how to use NetScaler in order to block all external/internet access to the Self Help Portal on XenMobile, while allowing internal access.

Configuration Guideline – NS CLI

add policy patset XMS_UrlSet

bind policy patset XMS_UrlSet "/zdm/shp/console" -index 6
bind policy patset XMS_UrlSet "/zdm/login_xdm_uc.jsp" -index 5
bind policy patset XMS_UrlSet "/zdm/helper.jsp" -index 4
bind policy patset XMS_UrlSet "/zdm/log.jsp" -index 3
bind policy patset XMS_UrlSet "/zdm/login.jsp" -index 2
bind policy patset XMS_UrlSet "/zdm/console" -index 1

add responder policy resp-pol-XMS-Admin-SHP-Drop "CLIENT.IP.SRC.IN_SUBNET(10.0.0.0/8).NOT && CLIENT.IP.SRC.IN_SUBNET(192.168.0.0/16).NOT && CLIENT.IP.SRC.IN_SUBNET(172.16.0.0/12).NOT && HTTP.REQ.URL.STARTSWITH_ANY("XMS_UrlSet")" DROP

bind lb vserver lb_svr_xenmobile_443 -policyName resp-pol-XMS-Admin-SHP-Drop -priority 100 -gotoPriorityExpression END -type REQUEST

add policy patset XMS_UrlSet

bind policy patset XMS_UrlSet "/zdm/shp/console" -index 6

bind policy patset XMS_UrlSet "/zdm/login_xdm_uc.jsp" -index 5

bind policy patset XMS_UrlSet "/zdm/helper.jsp" -index 4

bind policy patset XMS_UrlSet "/zdm/log.jsp" -index 3

bind policy patset XMS_UrlSet "/zdm/login.jsp" -index 2

bind policy patset XMS_UrlSet "/zdm/console" -index 1

add responder policy resp-pol-XMS-Admin-SHP-Drop "CLIENT.IP.SRC.IN_SUBNET(10.0.0.0/8).NOT && CLIENT.IP.SRC.IN_SUBNET(192.168.0.0/16).NOT && CLIENT.IP.SRC.IN_SUBNET(172.16.0.0/12).NOT && HTTP.REQ.URL.STARTSWITH_ANY("XMS_UrlSet")" DROP

bind lb vserver lb_svr_xenmobile_443 -policyName resp-pol-XMS-Admin-SHP-Drop -priority 100 -gotoPriorityExpression END -type REQUEST

Content

Transferring files with Base64 encoding

Allow access to web apps based on a specific time schedule with Citrix ADC (NetScaler)

Site-2-Site IPSEC VPN Tunnel from Microsoft Azure to On-Premises with Citrix NetScaler

Protect your web traffic against Internet threats with Citrix NetScaler Secure Web Gateway

Tunneling application layer traffic through SSH – a method to bypass network restrictions

Container based AppDelivery Controller – NetScaler CPX – Part 1

Scan and Analyze TLS/SSL with CipherScan

Running NetScaler VPX in Oracle VirtualBox

Load Testing HTTP with Locust

Native OTP and MFA in Citrix NetScaler 12

Analyzing and Testing Web Application Security based on OWASP Top 10 – SQLi and XSS

Single Sign On (SSO) to ADFS enabled Website from XenMobile SecureWeb

Protect and Secure your Web Application with NetScaler Application Firewall (WAF) – Part 1

Optimizing SSL Security and Performance with OCSP and NetScaler

Configuring XenMobile Secure Web and HTTP Web Proxy

Office 365 – Using NetScaler as SAML iDP

Form Based SSO to Office 365 via XenMobile and NetScaler Traffic Policy

Office 365 Smart Links and XenMobile

Implementing RDP Proxy

Using Cipher Redirect on NetScaler to Report on SSL Handshake failures

ShareFile SSO with XenMobile and NetScaler

Application Firewall and JSON Inspection

NetScaler Security – Layer 4-7 DDoS Protection

NetScaler Security – HTTP Headers

NetScaler Security – Protecting against malicious attacks

Secure Mail SSO – Automatic Enrollment on Secure Mail

Troubleshooting with WireShark

Block external access to XenMobile 10 Self Help Portal

Location Based Access to Web Apps and IP Reputation via NetScaler

NetScaler Commands

Using NetScaler Message Actions to Log HTTP Headers

Configuration Guideline – NS CLI

Leave a Reply Cancel reply