Jump to content
Welcome to our new Citrix community!

How to enable X-forwarded-for foe netscaler gateway vip


Manoj Umate

Recommended Posts

If you just need to output the content for live sessions, you can view syslog for which ips connect to vpn (or bind a custom audit policy to the vpn vserver and control where it outputs too).

show vpn icaconnection could give you the ip list of the current sessions on th vpn vserver (for ICA Proxy session)

show aaa sesssion could give you list of current vpn connections.

 

In addition, all connections to gateway are audited in syslog (/var/log/ns.log  is the current file or you can see events under System > Auditing (view current log in right pane)).  And you view the current audited events in the global syslog OR create a custom syslog policy and bind it to the vpn vserver and send it to a gateway specific output. I would check this first as it already audits most of the "client ips" that connect to the gateway during all events authentication/authorization, full vpn mode resource destinations, and ica proxy mode.  

 

While you can use a rewrite policy to do the header insertion for traffic hitting the vpn vserver, what traffic do you want to insert this on?  You'll need to write the expression to tag only the appropriate web content as opposed to all.

 

I did mock up a test of creating a rewrite policy, binding it to the vpn vserver and having it perform the client ip insertion and log a custom syslog message but on for requesets to /vpn/index.html so it limited the insertions/logs to a user hitting the vpn login page.  But this "header" won't pass to anything behind gateway and the custom log event on ns is redundant to the syslog we already do.

 

But you could tag any web traffic going through the vpn vserver. I just don't think you need to, unless a specific app needs to see this.  Syslog is the better way to track this.

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...