How to configure Pre-Authentication check on NetScaler Gateway


Endpoint Analysis (EPA) is used to scan the user device during the login step, and take necessary actions (eg: block, quarantine) based on the scan results.

Use Case

EPA can be configured as a pre-authentication policy (before user provided the login credentials) or post-authentication/session policy (after user credentials are verified). Customers could configure Windows patch management scan as part of pre-authentication EPA.


Step-1: Under the NetScaler Gateway management GUI, navigate to Configuration -> NetScaler Gateway -> Policies -> Preauthentication


Step-2: Click on “Add” button under the Preauthentication Policies tab. Enter “Name” of preauthentication policy, selection any existing action for “Request Action” or create a new one by clicking “+” button.


Step-3: Click on the “OPSWAT EPA Editor” link.


Step-4: In the Expression Editor frame, select “Windows” -> “Patch Management” -> “Generic Patch Management Product Scan” option and then, click on “+”


Step-5: Click “OK”, then “Done” and then “Create” to create a preauthentication policy.


Step-6: Bind the above created preauthentication policy to any Gateway virtual server for the check.