Jump to content
Welcome to our new Citrix community!

My Netscaler VPX has classic expression Session Polices and I ran the nspepi against a copy of the ns.conf but it did not change those policies to use the Advance Expression


Tim Witte

Recommended Posts

I thought that the NSPepi tool would create a new file that i could rename ns.conf in the nsconfig directory, reboot and i would have advanced expression Session policies.  I compared the old and new file and my session policies didn't change.  I did mondify 4 lines on my copied ns.conf file for depricated items I guess... the NSpepi -e "classic expression" did give me what i thought the nspepi -f ns;conf-copy  -v was going to give me... 

 

My question is can i just modify the ns.conf-copy file modifying my session policy expressions with the "converted" advance expressiions from nspepi -e "classic expression"

 

example:  

nspepi -e "REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver"

returne:  "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\")"

 

So ns.conf-copy has a line:

     add vpn sessionPolicy PL_OS_10.8.9.120 "REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver" AC_OS_10.8.9.120

can i just modify that file as:

     add vpn sessionPolicy PL_OS_10.8.9.120 "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\")" AC_OS_10.8.9.120

 

copy the ns.conf-copy to the netscaler, rename the existing ns.conf file and then rename ns.conf-copy ns.conf

Reboot the netscaler and BAM... I have a netscaler with advanced expressions???

 

I don't know how else to convert the classic expressions to Advanced....  I read that nspepi will not convert session policies because they are already bound... But this ns.conf-copy is just a file so if i have to unbound them how do i tell that file "just act like your not really bound...?"

 

Im doing all this because after upgrading from 12.1 (NS12.1 65.35.nc) to 13.0 x my 2fa doesn't work and users cannot get logged in.  The 2fa gets the prompt but when you hit the approve button the session doesn't go on and let you in...

 

image.png

image.png

image.png

Link to comment
Share on other sites

Thanks Carl,

 

But the 2FA isn't working after the upgrade to 13.0 x and from what i can find leads me to having the classic expressions in the Session Policies. 

 

My goal here is to convert the session policies to advanced expressions.  Im asking in my original message above if modifying the ns.conf-copy the way i explained will  make my session policies have advanced expressions after the ADC reboot.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...