Jump to content
Welcome to our new Citrix community!

kill LB established Client Connection on Logout / Session Timeout Action

Recommended Posts



many thanks to @Johannes Norz at first, the solution based on an article in his Blog :)


Which i want to achieve:

User is logging in to CAG. Client Source IP is getting written in a Netscaler Variable by a Responder Policy with an an assign Action, which is bound to CAG vServer.

In case of logout, Client Source IP will be unassigned from the Variable (assignment clears key client.ip.src).


While being logged in, User will be able to connect through a TCP LB, to which the access is restricted for only those logged IPs in the Variable. Only if the User is logged in, his IP is granted to access the TCP LB. That works so far.


There are now two Problems:

In case of logging out, already established connections to the TCP LB will not be closed. To achieve this, i would need to kill established connections from the Client Source IP on the TCP LB by any "Logout Action". Is there any way to do that?


Second Problem is, that the unassignment of the Client Source IP only works if logout is initiated by the user, if the responder Policy containing HTTP.REQ.URL.CONTAINS("/vpn/logout") is getting triggered.

In Case of Session timeout, nothing happens (ok, the expiring value in the variable will do its work). Pretty nice would be, to be able do define an action if session timeout occurs - to unassign the Client Source IP from the Variable.


CAG Authentication is built via nFactor.


Perhaps anyone has some hints for me :)


Thanks & best regards




Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...