Tuan Vu Anh Posted December 13, 2021 Share Posted December 13, 2021 Dear All ! i have 2 citrix mpx 8905 HA and config EPA scan Mac address before connect citrix gateway but when i config about >1900 MAC address, client cannot use EPA please help Link to comment
0 Rhonda Rowland1709152125 Posted December 14, 2021 Share Posted December 14, 2021 The preauth policy is classic engine only and cannot use either. You would have to use an advanced engine policy either an advanced EPA scan with nfactor authentication or a responder policy to use either callouts or data sets. I can give an example later today (after work). Which version of adc are you on and which license level? And to confirm this is for gateway/vpn vservers. 1 Link to comment
0 Rhonda Rowland1709152125 Posted December 13, 2021 Share Posted December 13, 2021 How are you writing your expression and have you considered using data sets OR a callout instead to make it easier to process. Are your EPA scans classic or advanced? For something that large data sets or callouts may be required (also requiring an advanced engine epa policy and not classic) Link to comment
0 Tuan Vu Anh Posted December 14, 2021 Author Share Posted December 14, 2021 Dear Rhonda thanks your support, i use preauthentication and OPSWAT EPA Editor to config Mac address then i bind preauthentication poilcy to Citrix Gateway. Can you give me example config data set or callout ? Link to comment
0 Tuan Vu Anh Posted December 14, 2021 Author Share Posted December 14, 2021 Dear Rhonda My citrix adc 8905 running os version NS13.0 71.44.nc, license standard edition and Citrix Gateway Universal i config ssl vpn for internet user and preauthentication scan 2700 Mac-address . But when i config Mac-address >1900 problem occurring Link to comment
0 Rhonda Rowland1709152125 Posted December 14, 2021 Share Posted December 14, 2021 So to use either datasets OR callouts you need to be able to use either advanced engine epa policies. Which would require your gateway to intergrate with a authentication vserver. Which can be done on a limited basis in standard edition. Your going to have to go to aaa eventually to get off classic authentication policies soon, anyway. I can mock something up later today if no one else gives you an example sooner, but preauth policies as is are classic only. EPA policies that are advanced engine based require integration of the gateway with aaa. Link to comment
Question
Tuan Vu Anh
Dear All !
i have 2 citrix mpx 8905 HA and config EPA scan Mac address before connect citrix gateway
but when i config about >1900 MAC address, client cannot use EPA
please help
Link to comment
5 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now