Jump to content
Welcome to our new Citrix community!

How to clean up bad ACL on NetScaler SDX

Carl Armstrong

Recommended Posts

Someone created a bad ACL on the NetScaler SDX and we want to clean it up.  However there does not seem to be a way to remove it.


This is what they did:  (All in the GUI, because it looks like on the SDX I could not find a way to configure the ACL via the command line on SDX.)

1.  Enabled ACL

2.  Added a bad rule that removed all access to the SDX SVM.


Because we could no longer connect to the SDX via SSH or HTTPS I connected via the XenServer and issued this command to disable the ACL

pfctl -d   Per:  https://docs.citrix.com/en-us/sdx/12-1/configuring-management-service/access-control-lists.html 


So now I can connect back to the SDX via SSH And HTTPS.


However there does not seem to be a way to remove/cleanup the bad rule.


I can't disable/delete the rule with ACL Disabled.

I can't add a good rule with the ACL disabled.

If I enable ACL then, because of the bad rule, I will immediately be kicked out of the HTTPS and SSH.   


Any Advice?






Edited by Carl Armstrong
Small Change
Link to comment
Share on other sites

  • 2 weeks later...
  • 3 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...