Jump to content
Welcome to our new Citrix community!

Prevent Administrative Access from external Interface Netscaler

Harald Strauss

Recommended Posts



we have a requirement to prevent administrative login from the external interface of the gateway.

An external insurance-scanner has detected on port 443 that there is in principle a logon possibility.

We have secured the external accesses with MFA (Azure), but want to fulfill the requirement here and turn off the access for e.g. nsroot completely. Is that possible?

Link to comment
Share on other sites

Administrative access to the Netscaler is only to the NSIP or a SNIP configured with management access.


NetScaler does have AAA for both authentication and Gateway access.  These do not use the nsroot account as an authentication point.


There have been security flaws with NetScaler code released in June and October.  So if you are on an unpatched version you are potentially compromised.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...