How do you enable Security analytics on ADM service for NS 14.1 VPN server?

[George Michaelides]

NetScaler 14.1 supports attaching WAF profiles on VPN servers.

How do you enable Security analytics on ADM service?

Not seeing the same options as compared to a load-balancing server.

(NetScaler reports to an on-premise agent)

[Akhil Nair]

@George Michaelides​ - Are you looking to secure VPN server or are you trying to secure the apps behind it?

[George Michaelides]

To secure the VPN server itself, used mainly for ICA traffic.

I am assuming that if you are able to bind a WAF policy on a VPN server, you should also be able to view security analytics.

[Akhil Nair]

The WAF profile is only to protect the apps behind the VPN and not VPN itself, see this use case here. To protect your VPN server, please refer the following doc:

https://community.netscaler.com/s/article/protect-gateway-waf-bot-aaa

[George Michaelides]

Yes, I was hoping that this new capability would simplify the process for protecting the VPN itself, but not there yet. ADM appears to have a Stylebook for 13.1, not sure if it is still valid for 14.1.

Just to clarify on the protecting apps behind the VPN, that would be true for https://docs.citrix.com/en-us/tech-zone/build/deployment-guides/secure-private-access-on-premises.html?

Thank you

[Akhil Nair]

Yes, those stylebooks should be applicable to 14.1 as well.

Just to clarify on the protecting apps behind the VPN, that would be true for https://docs.citrix.com/en-us/tech-zone/build/deployment-guides/secure-private-access-on-premises.html?

Yes, you're absolutely correct. Be it a published app or an internal private app, you can use WAF today to secure them by binding AppFw policies to the VPN server.