Application Firewall, in conjunction with Citrix Access Gateway, Enterprise Edition, restricts access to applications and data by allowing only the use of approved protocols and methods, only connections from trusted networks and only access to users who are authenticated and authorized. Application Firewall has obtained ICSA Labs Web Application Firewall Certification for additional assurance.

Application Firewall is easily configured to mask or block PANs and otherwise prevent the leakage of sensitive cardholder data, regardless of programmer oversight, logic flaws or targeted attacks. Complete server responses with PAN data can be blocked from being transmitted to the requesting client.

FIPS is a consideration within PCI DSS compliance. Four NetScaler appliances including the integrated Application Firewall module are FIPS 140-2 Level 2 compliant. These appliances securely maintain the certificates and encryption keys used for SSL/TLS and are all available in the FIPS versions of MPX 9700, MPX 10500, MPX 12500 and MPX 15500.

Application Firewall can be used to SSL-enable applications that were not designed to use secure communication protocols and support strong SSL cryptography with key lengths up to 4096-bit. Application Firewall inspects the contents of SSL/TLS encrypted sessions, ensures session validity and blocks attacks.

Application Firewall provides continuous protection against attacks with instantaneous attack blockage, dynamically adjusts to code changes and supports multiple applications simultaneously.