In one of my recent blogs, I talked about Getting your feet wet with NetScaler AppFirewall.  Now, there is a 3rd party validation that shows NetScaler as a leader in the recommended quadrant of the recent NSS Labs Web Application Firewall Test.  Although there are many differentiating factors we can talk about, let’s focus on the following three points that help NetScaler AppFirewall stand out:


Why is this important?   Per Verizon DBIR report, did you know that over 16K Incidents where unintentional actions directly compromised a security attribute of an information asset?  With NetScaler AppFirewall, configurations are simplified with wizards, like the one below showing the 4 easy steps to create AppFirewall rules for apps.  For IT admins, this helps minimize configuration errors, if any, while selecting and providing the essential or advanced protections.

Citrix NetScaler AppFirewall Wizard

In addition to configuration wizards, there are also AppExpert templates available for NetScaler AppFirewall specifically or for the full ADC functionality for some of the business critical apps today.

What is also unique to NetScaler is the Visualizer, a feature that our customers really like because it is easy for troubleshooting, mapping VIP, to service, to server, etc.  You can use the network visualizer to view the following:

  • The services and service groups that are bound to a virtual server.
  • The monitors that are bound to each service.
  • The policies that are bound to the virtual server.
  • The policy labels, if configured.
  • Configuration details of any displayed element.
  • Load balancing virtual server statistics.
  • Statistical information such as the number of requests received per second by the virtual server and the number of hits per second for rewrite, responder, and cache policies.
  • A comparative list of all the parameters whose values either differ or are not defined across service containers.

There is also Learning Visualizer that allows to see the violations in a tree view and to deploy NetScaler AppFirewall learning rules from there, shown in the screenshot below.

Citrix NetScaler AppFirewall Learning Visualizer

TriScale Clustering

Another big differentiation for NetScaler AppFirewall, as well as overall ADC functionality, is TriScale Clustering.  With TriScale Clustering, Citrix is enabling enterprise cloud networks by providing an unrivaled set of capabilities that smartly scale application and service delivery infrastructures. We achieve this while being affordable and with no additional complexity. Companies of all types, sizes, and levels of cloud maturity can:

  • Scale Up – Increase network elasticity with up to 5x faster performance on demand, without the need for additional hardware using NetScaler Pay-As-You-Grow licensing
  • Scale Out – Expand capacity up to 32x further with zero downtime and no idle network resources by leveraging TriScale Clustering
  • Scale In – Simplify application delivery support to more applications and business units and put an end to device sprawl by consolidating up to 80 NetScaler instances on a single hardware platform


One of the most important differentiators is the actual NetScaler architecture, which my colleague discusses in asd. This NetScaler architecture gives customers the AppFirewall performance that they need while providing security.  NSS Labs report shows NetScaler AppFirewall MPX 11520 in one of the tests with up to 9.9Gbps of AppFW throughput – awesome indeed!

See what NetScaler AppFirewall can do for you