Jump to content
Welcome to our new Citrix community!

1 FA or 2 FA based on client IP


Recommended Posts

We want to configure our Netscaler Gateway Virtual Server in such a way that is uses 1 Factor Authentication or 2 Factor Authentication based on the subnet of the client.

 

For example users from subnet 10.10.10.x should get only LDAP authentication and users from 10.20.20.20 should get both LDAP and RADIUS.

 

However we only want to communicate 1 URL.

 

We have struggled with configuring this in the past and never succeeded. A rewrite policy was getting close, but had the disadvantage that the new URL would be visible in the browser. If the user then saves that URL as a favorite and moves to another subnet then clicking the URL would generate an error and confusion for our users.

 

Eventually we used F5s we have in front of our Netscalers and configured iRules on them. Bases on the client subnet the F5 forwards users to 1 of the 2 NG Virtual Servers.

 

But now Citrix released Netscaler 11 and that ships with more configuration options (e.g. nFactor authentication). I was wondering if anyone succeeded in configuring the above scenario using Netscaler 11. If so, please let me know how to configure this.

 

Thanks!

 

Link to comment
Share on other sites

  • 2 years later...
On 28.3.2019 at 9:39 PM, Julian Jakob said:

Hey Carl,

 

do you know if the listen policy works also with the workspace / workspace app? Or is it only limited to browser based?

 

Thanks and Regards

Julian

 

Tested it in my lab - it works via Browser and Receiver / Workspace Client, on the fly the Auth Popup is changing, very cool Feature and no Advanced license needed.

Regards


Julian

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...