CTX110089 - What are the Major Enhancements Related to Access Control Lists in NetScaler Version 6.1

CTX110089 - What are the Major Enhancements Related to Access Control Lists in NetScaler Version 6.1?

This document was published at: http://support.citrix.com/article/CTX110089

Document ID: CTX110089, Created on: Aug 21, 2006, Updated: Aug 21, 2006

Products: Citrix NetScaler Application Delivery Software 6.1

Q: What are the major enhancements related to access control lists in NetScaler version 6.1?

A:

1. User-defined priority:

In NetScaler versions 6.0 and earlier there are no provisions to assign priorities to access control list statements or systems used to internally prioritize the access control lists. In NetScaler version 6.1, priority values from 1 to 1024 can be assigned to an access control list statement at configuration time. An access control list statement that is added without priority is assigned a priority by the system in a range from 1025 to 2048.

The commands to add an access control list statement with priority or modify the existing priority are as follows:

add ns acl test_acl DENY -srcIP 1.1.1.1 -destIP 2.2.2.2 -priority 10

-Or-

set ns acl test_acl -priority 20

2. Support for “established” sessions:

The “established” keyword automatically applies the access control list action on return traffic related to a session which already has matched the access control list. Thus if TCP traffic from host A to host B is allowed by access control list 20 and the “established” option is enabled, the return traffic from host B to host A is also allowed by the NetScaler.

The following command adds an access control list statement with the “established” option:

add ns acl test_acl2 DENY -srcIP 1.2.3.4 -destIP 2.3.4.5 -protocol TCP -established

Application Networking: 
Powered by Drupal