How to configure Pre-Authentication check on NetScaler Gateway

Introduction

Endpoint Analysis (EPA) is used to scan the user device during the login step, and take necessary actions (eg: block, quarantine) based on the scan results.

Use Case

EPA can be configured as a pre-authentication policy (before user provided the login credentials) or post-authentication/session policy (after user credentials are verified). Customers could configure Windows patch management scan as part of pre-authentication EPA.

Configuration

Step-1: Under the NetScaler Gateway management GUI, navigate to Configuration -> NetScaler Gateway -> Policies -> Preauthentication

step1

Step-2: Click on “Add” button under the Preauthentication Policies tab. Enter “Name” of preauthentication policy, selection any existing action for “Request Action” or create a new one by clicking “+” button.

step2

Step-3: Click on the “OPSWAT EPA Editor” link.

step3

Step-4: In the Expression Editor frame, select “Windows” -> “Patch Management” -> “Generic Patch Management Product Scan” option and then, click on “+”

step4

Step-5: Click “OK”, then “Done” and then “Create” to create a preauthentication policy.

step6

Step-6: Bind the above created preauthentication policy to any Gateway virtual server for the check.