Jump to content
Welcome to our new Citrix community!

1 FA or 2 FA based on client IP

Recommended Posts

We want to configure our Netscaler Gateway Virtual Server in such a way that is uses 1 Factor Authentication or 2 Factor Authentication based on the subnet of the client.


For example users from subnet 10.10.10.x should get only LDAP authentication and users from should get both LDAP and RADIUS.


However we only want to communicate 1 URL.


We have struggled with configuring this in the past and never succeeded. A rewrite policy was getting close, but had the disadvantage that the new URL would be visible in the browser. If the user then saves that URL as a favorite and moves to another subnet then clicking the URL would generate an error and confusion for our users.


Eventually we used F5s we have in front of our Netscalers and configured iRules on them. Bases on the client subnet the F5 forwards users to 1 of the 2 NG Virtual Servers.


But now Citrix released Netscaler 11 and that ships with more configuration options (e.g. nFactor authentication). I was wondering if anyone succeeded in configuring the above scenario using Netscaler 11. If so, please let me know how to configure this.




Link to comment
Share on other sites

  • 2 years later...
On 28.3.2019 at 9:39 PM, Julian Jakob said:

Hey Carl,


do you know if the listen policy works also with the workspace / workspace app? Or is it only limited to browser based?


Thanks and Regards



Tested it in my lab - it works via Browser and Receiver / Workspace Client, on the fly the Auth Popup is changing, very cool Feature and no Advanced license needed.



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...