Jump to content
Welcome to our new Citrix community!

Session policy based on number of currently established ica proxy connections to a vserver?

Recommended Posts



you can use the following CLI command to display the connected users:


show vpn icaConnection


show aaa session 


Or do you want to find which session policy is assigned? Then you can try an nsconmsg command (it's live logging):

nsconmsg -d current  -g _hits


See more details here: https://support.citrix.com/article/CTX138840

Citrix ADC nsconmsg Commands Cheat Sheet: https://docs.citrix.com/en-us/tech-zone/learn/downloads/diagrams-posters_cheat-sheet-adc-nsconmsg.pdf




Link to comment
Share on other sites

1 hour ago, Daniel Weppeler1709159306 said:



you can use the following CLI command to display the connected users (...)




Thanks for coming back to me - this is not what I'm after. I'd like to get the number of current sessions inside the session policy (not in CLI) so I can have different actions based on number of currently connected ica proxy users.



Link to comment
Share on other sites

Session policies direct traffic to different storefronts OR change your vpn connection type...as an example.  Usually, this wouldn't be done based on session connections on the vpn vserver.

What action are you trying to trigger as it might not be possible or we might be looking at the wrong thing to do what you want?  There might be a different way to do what you want.


The vpn vserver itself has some thresholds/limits that can be set, but most of this can't be invoked as a policy trigger.

You might instead need to look at max aaa users to limit connections on this vpn vserver.



Link to comment
Share on other sites

I don't think you can do this through a session policy based on the vpn vserver session limit.


You can set thresholds on the lb vserver (max connections aka clients in gui...but its web connections to the web vserver and not directly relate to vpn vserver session) and when that limit is reached the vserver can spillover to the redirect url (under protection methods).


But this still isn't exactly what you are describing.


You can create a vpn vserver with a limit of allowed aaa users to stay under a limit, but I don' think you can switch session policies based on this condition.

Link to comment
Share on other sites

Thanks but that's not any good for me, aaa limit refers to the currently logged in users on the NS itself not the number of ica sessions.

This would be possible if we could get the number of ICA sessions through some parameters in the session policy - perhaps using SYS.VSERVER()..? However the only parameter I'm aware of is the UP?DOWN one? 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...