Blog posts tagged with 'bridge'


19 Aug 2008 01:46 PM EDT

The St.Bernard iPrism works with Citrix's Application Virtualization platform - XenApp, and works quite well. Seen as a perfect complement to each other the Citrix NetScaler and XenApp products were tested with the St.Bernard iPrism Web Filter. Both companies offer architectures of one-arm (out-of-band) and two-arm (in-band) deployments. At Citrixlabs in Santa Clara, CA, USA, we tested both the out-of-band and in-band configuration of the iPrism Web Filter. We loved the fact that the iPrism is auto-discovered by the management software, so no console cable was needed.

With NetScaler:

We deployed the iPrism Web Filter behind the NetScaler in our proof of concept datacenter in Santa Clara, CA, USA, and configured the NetScaler for NAT (Reverse NAT) for outbound connections to the Internet. NAT is often performed by the Firewall. The Web Application Firewall, also part of the Citrix NetScaler, was configured for protection of inbound security threats to websites and web applications.

The iPrism was configured to monitor outbound traffic from the internal subnet of 172.16.104.0/24, and block all traffic to offensive websites, and monitor traffic to all other websites. The Real-Time monitor in iPrism gave us a detailed report on the users and IP Addresses that were going out to which sites on the internet. We could see who was accessing what, and which content was being blocked. Particularly nice, was the fact that the iPrism automatically authenticated each user to the Citrixlabs domain controller, every time they surfed a new website, without them knowing it. This was very useful for keeping a tight grip on security and for compliance reporting.

With XenApp:

The powerful value is in the integration with XenApp. We plugged the iPrism in as an in-line device, and configured it to work with Citrix XenApp©, formerly known as Citrix Presentation Server. One of the key questions that will arise in this situation is with all of those Citrix XenApp thin clients logging into the XenApp and then launching browsers to the internet, how does iPrism keep track of them. By adding the XenApp IP Address to the iPrism configuration, the users are tracked using "Session Based Authentication" - this catches each individual user and IP Address in each browser session and in the reports. We were impressed by this and determined the iPrism to be an excellent fit into a datacenter outfitted with Citrix.


Citrix & St.Bernard Deployment Guide!

Network Diagram:



Watch this video tip:





NetScaler Developer Network!

Expand Blog Post
15 Aug 2008 12:27 PM EDT
[ Tags: number 1 web filter,  web filter,  web filters,  web filtering,  url filtering,  internet filter,  website filter,  content filter,  content filtering,  im filter,  p2p filter,  antivirus,  hybrid,  iprism,  stbernard,  im filtering,  p2p filtering,  email filter,  email filtering,  eprism,  proxy,  transparent proxy,  bridge,  netscaler,  appexpert,  apptips,  tips,  citrix ready,  security switch,  application firewall,  appdos,  appfw,  app firewall,  website firewall,  spam firewall,  rnat,  ssl,  ssl offload,  ssl vpn,  rewrite,  content rewrite,  client-ip,  x-forwarded-for,  apache,  iis,  external url,  internal url,  home page redirect,  apache rewrite,  server obfuscation,  application obfuscation,  http header,  headers,  citrix web filter ]

The #1 Web Filter by St.Bernard is now Citrix Ready. The Highest Performance Web Application Solution from Citrix Systems can now be deployed with the the #1 Web Filter by St. Berdard. IDC ranked them #1, SC Magazine gives them high ratings, and you will agree when you plug this thing in. The Citrix Web Application Firewall protects inbound traffic destined to Web and Application Servers without degrading throughput or response time. Now, with St.Bernard's iPrism h-Series high performance appliances, you can also do outbound Web filtering, IM/P2P filtering, and antivirus detection. The iPrism Web Filter is optimized for the datacenter infrastructure and sits behind the firewall while it monitors traffic. St. Bernard's platforms are hybrid so that Web filtering, antivirus and IM/P2P filtering are all contained within one box - unlike other point solutions.

St.Bernard's iPrism Web Filter is easy to use and easy to manage. If fact, it's so easy, we had the device up and running in Proxy mode and then in Bridge mode in a matter of seconds. The management software auto-discovers the box, so you don't have to plug in a console cable - very nice!

It is far better than a transparent proxy because St.Bernard has engineered their filtering technology at the kernel level, so their bridge mode really is a bridge between interfaces, and not just a transparent proxy like other solutions in the market.

We deployed the iPrism Web Filter behind our NetScaler, and had the NetScaler perform NAT (Reverse NAT) for outbound connections to the Internet. The iPrism Web Filter adds another level of security that IT organizations sometimes look for to complement their existing base of high-performance Citrix Gear.


Citrix & St.Bernard Deployment Guide!






You can try this product for free.


The product demo is awesome.


As a hybrid unit, this is a steal.












NetScaler Developer Network!

Expand Blog Post
21 Jul 2008 11:19 AM EDT
[ Tags: xenserver,  networking,  vif,  pif,  hub,  switch,  virtual switch,  bridge,  bridging,  virtual network ]

If you're like me, you'll like to mentally create pictures to make sense of what you're reading. The underpinnings of Xen networking, as I found out, is not that difficult once you have the correct pictures in mind. Once I'd discovered the secrets, I decided to write a paper explaining it to myself. Hopefully, others will find this useful as well!

"It's important to understand that XenServer networking operates at Layer 2 of the OSI. This means it's independent of any Layer 3 addressing, such as IP. As we'll see, XenServer acts as a Layer 2 virtual switch..." Read more in my Citrix Knowledge Center article.

Expand Blog Post