XenMobile 10 enables SelfHelp Portal out-of-the-box, this exposes single factor ldap login externally though the MDM LoadBalancer VIP on 443.
This post shows how to use NetScaler in order to block all external/internet access to the Self Help Portal on XenMobile, while allowing internal access.
Configuration Guideline – NS CLI
1 2 3 4 5 6 7 8 9 10 11 12 |
add policy patset XMS_UrlSet bind policy patset XMS_UrlSet "/zdm/shp/console" -index 6 bind policy patset XMS_UrlSet "/zdm/login_xdm_uc.jsp" -index 5 bind policy patset XMS_UrlSet "/zdm/helper.jsp" -index 4 bind policy patset XMS_UrlSet "/zdm/log.jsp" -index 3 bind policy patset XMS_UrlSet "/zdm/login.jsp" -index 2 bind policy patset XMS_UrlSet "/zdm/console" -index 1 add responder policy resp-pol-XMS-Admin-SHP-Drop "CLIENT.IP.SRC.IN_SUBNET(10.0.0.0/8).NOT && CLIENT.IP.SRC.IN_SUBNET(192.168.0.0/16).NOT && CLIENT.IP.SRC.IN_SUBNET(172.16.0.0/12).NOT && HTTP.REQ.URL.STARTSWITH_ANY("XMS_UrlSet")" DROP bind lb vserver lb_svr_xenmobile_443 -policyName resp-pol-XMS-Admin-SHP-Drop -priority 100 -gotoPriorityExpression END -type REQUEST |