Citrix NetScaler EPA (End Point Analysis)

Print Friendly, PDF & Email

Very good! I leave you with a magnificent post by our dear Oscar Mas! OrOne of the new features that came out with the firmware version 10.5 NetScaler, is the possibility of scanning the client that wants to connect to our Citrix infrastructure and based on pre-established criteria, give you access or be denied access. This functionality is known as EPA (End Point Analysis). This article, you want to show the steps required to be able to configure EPA (End Point Analysis), with a very simple example. It must be taken into account, that this system only works with Windows and MAC-based operating systems.

 

Citrix-NetScaler-EPA-End-Point-Analysis-01-Bujarra

 

The example we will make, It's pretty straightforward. We will allow you access to our Citrix platform, Firefox-based browsers and others, such as Internet Explorer, will be rejected.

If you want to take a quick look at all the functionalities that we can scan from our client, we can see it on the OPSWAT website: HTTP://citrix.opswat.com/

 

Citrix-NetScaler-EPA-End-Point-Analysis-02-Bujarra
The first thing we have to do to activate the EPA functionality (End Point Analysis), is to change the way our NetScaler works to make the ICA only option FALSE. To make this change, we will edit our Virtual Server.

 

Citrix-NetScaler-EPA-End-Point-Analysis-03-Bujarra

We will modify our "Basic Settings", to enable such a feature.

 

Citrix-NetScaler-EPA-End-Point-Analysis-04-Bujarra

We will uncheck the "ICA Only" option and the result must be as follows.

 

Citrix-NetScaler-EPA-End-Point-Analysis-05-Bujarra

Once the ICA Only option has been changed, we will configure our Preauthentication as follows.

 

Citrix-NetScaler-EPA-End-Point-Analysis-06-Bujarra

We'll let you know that we want to use the EPA editor (End Point Analysis), there is also the possibility of inserting our own ruler downloaded from the OPSWAT website.

 

Citrix-NetScaler-EPA-End-Point-Analysis-07-Bujarra

And from here we'll create the rule. In this example, I have indicated the Mozilla Firefox browser, but you can choose any filter from the list.

 

Citrix-NetScaler-EPA-End-Point-Analysis-08-Bujarra

In this section, we will indicate the browser version that our client must use to be able to access our Citrix platform and we will click on OK.

 

Citrix-NetScaler-EPA-End-Point-Analysis-09-Bujarra

Once the rule is indicated, We will be able to see the result.

 

Citrix-NetScaler-EPA-End-Point-Analysis-10-Bujarra

Once the previous steps have been carried out, when we access our NetScaler we can see that it redirects us to the EPA website (End Point Analysis) and from there it will force us to install a Software, which our equipment will scan for us, to see if we meet the prerequisites above!

 

Citrix-NetScaler-EPA-End-Point-Analysis-11-Bujarra

We will install the small software and it will force us to scan our equipment.

 

Citrix-NetScaler-EPA-End-Point-Analysis-12-Bujarra

When you are using a browser that is not indicated in our EPA filter (End Point Analysis), we will get the following error message and we will not be able to access our Citrix platform!

 

Recommended Posts

VPN with Citrix NetScaler II - Requiring certificates to access
Read
VPN with Citrix NetScaler I - Deployment & Pre-authentication
Read
VPN with Citrix NetScaler IV - AlwaysON
Read
VPN with Citrix NetScaler III - Authentication with certificates
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Customize Citrix StoreFront 3.x

17 of March of 2016

Using Citrix AppDisk

13 de April de 2016