Product Documentation
Gateway
Current Release 13.1 13.0 12.1
View PDF

Advanced Endpoint Analysis scans

May 2, 2023
Contributed by:
S H C

Advanced Endpoint Analysis (EPA) is used for scanning user devices for the endpoint security requirement configured on a NetScaler Gateway appliance. If a user device tries to access the NetScaler Gateway appliance, the device is scanned for security information, such as operating system, antivirus, web browser versions and so forth before an administrator can grant access to the NetScaler Gateway appliance.

The Advanced EPA scan is a policy-based scan that you can configure on a NetScaler Gateway appliance for authentication sessions. The policy performs a registry check on a user device and based on evaluation, the policy allows or denies access to the NetScaler network.

You can configure the advanced EPA scan by using the GUI or the CLI.

On the GUI

  1. Create EPA action.

    Navigate toSecurity > AAA - Application Traffic > Policies > Authentication > Advanced Policies > Actions > EPAand clickAdd. On theCreate Authentication EPA Actionpage, update the following information and clickCreate.

    • Name: Name of the EPA action.
    • Default Group: The default group that is chosen when the EPA check succeeds.
    • Quarantine Group: The quarantine group that is chosen when the EPA check fails.
    • Kill Process: String specifying the name of a process to be terminated by the EPA plug-in. Multiple processes must be comma-separated.
    • Delete Files: String specifying the paths and names of the files to be deleted by the EPA plug-in. Multiple files must be comma-separated.
    • Expression: Refer toAdvanced Endpoint Analysis policy expression referencefor the EPA expression format.

    Advanced EPA scan workflow

  2. Create a corresponding EPA policy.

    Navigate toSecurity > AAA - Application Traffic > Policies > Authentication > Advanced Policies > Policiesand clickAdd. On theCreate Authentication Policypage, update the following information and clickCreate.

    • Name: Name of the advanced EPA policy.
    • Action Type: Type of the authentication action.
    • Action: Name of the authentication action to be performed if the policy matches.
    • Expression: Refer toAdvanced Endpoint Analysis policy expression referencefor the EPA expression format.
    • Log Action: Name of message log action to use when a request matches this policy. Maximum allowed length is 127 characters.

    Advanced EPA scan workflow

  3. Configure an authentication virtual server and an authentication profile.

    • Navigate toSecurity > AAA - Application Traffic > Authentication Virtual serversand clickAdd.

    Advanced EPA scan workflow

    • Navigate toSecurity > AAA - Application Traffic > Authentication Profileand clickCreate.

    Advanced EPA scan workflow

  4. Bind the advanced EPA policy to the authentication virtual server.

    • Navigate toSecurity > AAA – Application Traffic > Authentication Virtual Serversand select the authentication virtual server.
    • Select the policy in theAdvanced Authentication Policiessection.
    • ClickBindin thePolicy Bindingsection.

    Advanced EPA scan workflow

  5. Bind the EPA policy to nFactor flow.

    For details about how to add an advanced EPA policy as a factor to the nFactor flow, seeEPA scan as a factor in nFactor authentication.

On the CLI

  1. Create an action to perform the EPA scan.

    add authentication epaAction EPA-client-scan -csecexpr "sys.client_expr (\"proc_2_firefox\")"

    The preceding expression scans if the process ‘Firefox’ is running. The EPA plug-in checks for the process existence every 2 minutes, signified by the digit ‘2’ in the scan expression.

  2. Associate the EPA action to an advanced EPA policy.

    add authentication Policy EPA-check -rule true -action EPA-client-scan

  3. Configure an authentication virtual server and an authentication profile.

    add authentication vserver authnvsepa ssl -ip address 10.104.130.129 -port 443 
    add Authnprofile_EPA -authnVsName authnvsepa

  4. Bind the advanced EPA policy to the authentication virtual server.

    bind authentication vs authnvsepa -policy EPA-check -pr 1

Upgrade EPA libraries

To use the NetScaler GUI to upgrade EPA libraries:

  1. Navigate toConfiguration > NetScaler Gateway > Update Client Components.

  2. UnderUpdate Client Components,clickUpgrade EPA Librarieslink.

  3. Choose the required file and clickUpgrade.

Important:

  • In a NetScaler Gateway high availability, the EPA Libraries must be upgraded on both the primary and secondary nodes.

  • In a NetScaler Gateway clustering setup, the EPA Libraries must be upgraded on all the cluster nodes.

For the list of Windows and MAC Supported applications by OPSWAT for NetScaler scans, seehttps://support.citrix.com/article/CTX234466.

Troubleshooting advanced Endpoint Analysis scans

To help with troubleshooting Advanced Endpoint Analysis scans, the client plug-ins write logging information to a file on client endpoint systems. These log files can be found in the following directories, depending on the user’s operating system.

Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10:

C:\Users\\AppData\Local\Citrix\AGEE\nsepa.txt

Windows XP:

C:\Documents and Settings\All Users\Application Data\Citrix\AGEE\nsepa.txt

Mac OS X systems:

~/Library/Application Support/Citrix/EPAPlugin/epaplugin.log

(Where the ~ symbol indicates the relevant macOS user’s home directory path.) (Where the ~ symbol indicates the relevant macOS user’s home directory path.)

Ubuntu:

  • ~/.citrix/nsepa.txt

  • ~/.citrix/nsgcepa.txt

Advanced Endpoint Analysis scans
May 2, 2023
Contributed by:
S H C
May 2, 2023
Contributed by:
S H C

In this article

Site feedback | Privacy and legal terms | Cookie preferences | 同意设置 | docs.cloud.com
© 1999-Cloud Software Group, Inc. All rights reserved.