Policies have a fundamental influence on the behavior of most NetScaler features, (for example, Load Balancing, Content Switching, Rewrite, Responder, Integrated Caching, and the Application Firewall).

For a policy to take effect, and to have the desired effect, you must ensure that the policy is invoked at the right point during processing. The binding determines when the policy is evaluated (for example, is the policy applied to requests or responses), and whether the policy applies to all traffic or just to specific virtual servers.

Bind Points for Advanced and Classic Policies

 
NetScaler features use one of two types of policy:

  • Advanced policies enable you to analyze almost any type of data in a request or a response (for example, the body of an HTTP request) and permit programmatic functions on the data (for example, transforming data in the body of a request into an HTTP header). In release 9, the following features use advanced policies: DNS, Integrated Caching, Responder, Content Switching, Rewrite, Access Gateway (clientless access functions).
  • Classic policies evaluate basic characteristics of traffic and other data. For example, classic policies can identify whether an HTTP request or response contains a particular type of header or URL. In release 9, the following features use classic policies: System, SSL, Compression, Protection Features, Content Switching, Cache Redirection, Application Firewall, Access Gateway (all functions that use policies except clientless access).

For an advanced policy the following are the bind points, in typical order of evaluation:

  • Request-time override. When a request flows through a feature, the NetScaler first evaluates request-time override policies.
  • Request-time Load Balancing virtual server. If policy evaluation cannot be completed after all the request-time override policies have been evaluated, the NetScaler processes request-time policies for load balancing virtual servers.
  • Request-time Content Switching virtual server. If policy evaluation cannot be completed after all the request-time policies for load balancing virtual servers have been evaluated, the NetScaler processes request-time policies for content switching virtual servers.
  • Request-time default. If policy evaluation cannot be completed after all request-time, virtual server-specific policies have been evaluated, the NetScaler processes request-time default policies.
  • Response-time override. At response time, the NetScaler starts with policies that are bound to the response-time override bind point.
  • Response-time Load Balancing virtual server. If policy evaluation cannot be completed after all response-time override policies have been evaluated, the NetScaler process the response-time policies for load balancing virtual servers.
  • Response-time Content Switching virtual server. If policy evaluation cannot be completed after all policies have been evaluated for load balancing virtual servers, the NetScaler process the response-time policies for content switching virtual servers.
  • Response-time default. If policy evaluation cannot be completed after all response-time, virtual-server-specific policies have been evaluated, the NetScaler processes response-time default policies.

Within any of the banks of policies for each of the preceding bind points, the order of evaluation is determined by a priority level that you assign to each policy. You also can define a policy label and bind policies to it. The policy label must itself be invoked from one of the policy banks in the preceding list. You can invoke the policy label any number of times, allowing you to re-use the policies that are bound to the label any number of times.

For a classic policy to take effect, you bind it to the following bind points:

  • System policies. Bound globally.
  • SSL policies. Bound globally or to a Load Balancing virtual server.
  • Content Switching policies. Bound to a Content Switching or Cache Redirection virtual server. Note that Content Switching policies can be either classic or advanced, but must all be of the same type.
  • Compression policies. Bound globally, to a Load Balancing or Content Switching virtual server, or to a service.
  • Protection Features. Bound as follows:
    • Filter. Bound globally, to a Load Balancing or Content Switching virtual server, or to a service.
    • SureConnect. Bound to a Load Balancing or to a service.
    • Priority Queuing. Bound to a Load Balancing virtual server.
  • Cache Redirection. Bound to a Cache Redirection virtual server.
  • Application Firewall. Bound globally.
  • Access Gateway. Bound as follows:
    • Pre-Authentication policies. AAA Global, VPN vserver.
    • Authentication policies. System Global, AAA Global, VPN vserver
    • Auditing policies. User, User group, VPN vserver.
    • Session policies. VPN Global, User, User Group, VPN vserver.
    • Authorization policies. User, User Group.
    • Traffic policies. VPN Global, User, User Group, VPN vserver.
    • TCP Compression policies. VPN Global.


Video Tips: Binding Advanced Policies Globally and to a Virtual Server Using the Policy Manager

Video 1: Binding an advanced policy globally.
 

 
Video 2: Binding an advanced policy to a virtual server.