16 Dec 2011

Redirect AGEE VPN users to a different Web Interface

This post describes how to use the Netscaler responder feature to redirect users to a different Web Interface Site on the same web server if they are connected via VPN (AG plugin).
Case description / Problem
You have multiple Web Interface sites on your internal web servers which are load balanced using Netscaler. Users are connecting using a VPN Smart Access Portal on your AGEE. You want to prevent users from changing the Web Interface URL from eg. https://wi.corp.com/Citrix/internalWI to https://wi.corp.com/Citrix/AdminWI while connected via a non-clientless AGEE policy.
Solution Description
  • Create a responder action and a responder policy to redirect requests always to /internalWI if request is coming from AGEE.
  • Bind the policy to the virtual server which is load balancing your WI servers
Commands on the internal Netscaler
add responder action "redirect_to_internal_wi" redirect "\"https://wi.corp.com/internalWI\"" -bypassSafetyCheck YES
add responder policy pol-redirect-wi "HTTP.REQ.URL.CONTAINS(\"/adminWI\") && CLIENT.IP.SRC.EQ(" "redirect_to_internal_wi"
bind lb vserver wi_vserver -policyName pol-redirect-wi -priority 100 -gotoPriorityExpression END
Use the AGEE’s SNIP or MIP as the source address on the policy expression filter.