Jump to content
Welcome to our new Citrix community!
  • 0

Should a Webapp firewall policy be on bound to the Content Switching Virtual Server or the Load Balancing Virtual Servers behind it?


Travis Widener 2

Question

Hi all,

 

I'm new to Citrix and Webapp firewall. I was wondering if the Webapp firewall policy should be bound to the Content Switching Virtual Server or the Load Balancing Virtual Servers behind it? Maybe both places, a basic Webapp policy on the Content Switching Virtual Server and a more granular Webapp policy on the  Load Balancing Virtual Servers behind it?

Link to comment

2 answers to this question

Recommended Posts

  • 1

If you're content switch vserver is directing traffic to the lb vservers for different applications, it is more efficient to do the app-specific appfw profiles at the LB vserver level. Let appfw sort traffic and then appfw evaluates per lb vserver.  Allows policies to be sorted by CS and then app specific policies are managed at the lb tier usually with a "true"/apply all type expression.  

 

If you are using content switching to sort content for a single app to different lb tiers, then it is better to have the appfw profile be "app wide" and bind the policy to the lb tier.

  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...