This post is from the Mobility Experts team, providing you with technical how to’s, tips, and guides around specific use-cases. Please be sure to share any feedback in the comments and share this post to anyone who might benefit!

When XenMobile Device Manager is deployed in SSL Offload Mode, with NetScaler Offloading SSL traffic to the XenMobile Device Manager Server(s). With the below steps you will be able restrict XenMobile Device Manager Admin Web Console traffic from Internet at NetScaler using the Responder policies.

Pre-Requisites

You need to have the XenMobile Device Manager server deployed in SSL Offload Mode with NetScaler.

Steps to Configure

1. Login to NetScaler.

2. Verify that the Responder feature is enabled on your NetScaler, if not please enable it.

3. Expand System and Click on Settings, from Modes and Features Click on Configure Advanced features and enable Responder.

4. Expand AppExpert and Click on Pattern Sets and Click Add.

5. In Create Pattern Set Window, provide the Name and Add the below Pattern’s with the Index as shown below and Click Create.

  • /zdm/console
  • /zdm/login.jsp
  • /zdm/log.jsp
  • /zdm/helper.jsp

6. In AppExpert, Expand Responder and Click on Policies and Click Add

7. In Create Responder Policy Window provide the Name of the Policy, set the Action as DROP from the drop down and under Expression field provide the below expression (where <XDM_UrlSet> will be your Pattern Set which you have created in the step 5) and Click Create.

HTTP.REQ.URL.STARTSWITH_ANY(“<XDM_UrlSet>“)
8. Expand Traffic Management, under Load Balancing select Virtual Servers and Click on the SSL Offload VServer running on port 443.

9. In Configure Virtual Server (Load Balancing) windows, under Policies select Responder. Click Insert Policy and Click Ok to bind the policy.

 

Note: With this all the Admin Console Web traffic that lands on NS LB Server is restricted. To access XDM Admin Console from internal network use the FQDN/IP of the XDM server itself.