Improve Security of NetScaler Gateway with NetScaler WAF
As most people familiar with Citrix will know, NetScaler Gateway is one of the most deployed technologies when it comes to providing external access to Citrix delivered resources, such as virtual desktops and virtual applications. Additionally, NetScaler Gateway can also function as an SSL VPN. As such, the security posture of NetScaler Gateway is very important. Thankfully, NetScaler Gateway is inherently secure (assuming adoption of the latest firmware updates is maintained), that said, due to the prevalence of NetScaler Gateway, it can be an attractive target for bad actors.
Improving NetScaler Gateway
The great news is that NetScaler’s Web Application Firewall (WAF) can be used to further strengthen the security of NetScaler Gateway virtual servers (note – this also applies to authentication (i.e. AAA) virtual servers). The NetScaler WAF feature provides an additional layer of security as it filters incoming requests, examines them for evidence of malicious activity, and blocks requests that exhibit such activity. The even better news is that this feature is available with all NetScaler licenses (Standard, Enterprise, and Premium).
Requirements
To take advantage of this added layer of security, the following conditions must be true:
- NetScaler 14.1 build 21.57 or greater
- NetScaler 13.1 build 53.x or greater
- NetScaler Standard / Enterprise / Premium license
Observability
A word on a lot of IT people’s lips these days is observability (i.e. the capability to gauge a system’s current state based on the data it generates – see here for further info). The handiest way to see the impact of NetScaler WAF (e.g. violations detected) is to simply integrate NetScaler with NetScaler Console (formerly NetScaler ADM). This is just one of many benefits afforded by NetScaler Console (see our Reasons to Deploy NetScaler Console blogpost). In the image below, you can see how Citrix has developed an intuitive NetScaler Console user interface to simplify the observability of NetScaler hosted applications and services.
Conclusion
In summary, if you have a NetScaler Gateway (or an AAA vServer) you can now enable WAF for it (at no additional cost) which will immediately boost its security posture. To get insights on what WAF is detecting (and blocking), simply integrate your NetScaler with NetScaler Console (which is also available at no additional cost to Citrix customers). In short, you can quickly enhance your NetScaler Gateway (and AAA vServer) security by enabling WAF. To get the most out of this feature, integrate your NetScaler with NetScaler Console.
Value Assessment
Many organizations struggle to determine the best way to use and position NetScaler, which prevents them from fully benefiting from their subscription. The Enterprise Solutions NetScaler Value Assessment is designed to help organizations align NetScaler’s capabilities with their service goals. This assessment allows organizations of all sizes and complexities to reduce IT costs while systematically enhancing digital service delivery.
You can read more about Enterprise Solutions NetScaler Value Assessment here or please feel free to contact a NetScaler expert by emailing – asktheexpert@enterprise-solutions.ie.
Important Information: As with any IT related change, ensure full & verified backups are taken in advance and that a proven change management process is followed.
Shane is Enterprise Solutions Technical Director, where he leads the technical team. Shane understands client’s business goals and translates those objectives into technical solutions that deliver real business benefits and return on investment.
