Session and traffic management
Session settings
After you configure your authentication, authorization, and auditing profiles, you configure session settings to customize your user sessions. The session settings are:
-
The session timeout.
Controls the period after which the user is automatically disconnected and must authenticate again to access your intranet.
-
The default authorization setting.
Determines whether the Citrix ADC appliance will by default allow or deny access to content for which there is no specific authorization policy.
-
The single sign-on setting.
Determines whether the Citrix ADC appliance will log users on to all web applications automatically after they authenticate, or will pass users to the web application logon page to authenticate for each application.
-
The credential index setting.
Determines whether the Citrix ADC appliance uses the primary or the secondary authentication credentials for single sign-on.
To configure the session settings, you can take one of two approaches. If you want different settings for different user accounts or groups, you create a profile for each user account or group for which you want to configure custom sessions settings. You also create policies to select the connections to which to apply particular profiles, and you bind the policies to users or groups. You can also bind a policy to the authentication virtual server that handles the traffic to which you want to apply the profile.
If you want the same settings for all sessions, or if you want to customize the default settings for sessions that do not have specific profiles and policies configured, you can simply configure the global session settings.
Session profiles
To customize your user sessions, you first create a session profile. The session profile allows you to override global settings for any of the session parameters.
Note
The terms “session profile” and “session action” mean the same thing.
To create a session profile by using the command line interface
At the command prompt, type the following commands to create a session profile and verify the configuration:
add tm sessionAction <name> [-sessTimeout <mins>] [-defaultAuthorizationAction ( ALLOW | DENY )][-SSO ( ON | OFF )][-ssoCredential ( PRIMARY | SECONDARY )] [-ssoDomain <string>][-httpOnlyCookie ( YES | NO )] [-persistentCookie ( ENABLED | DISABLED )] [-persistentCookieValidity <minutes>]
show tm sessionAction <name>
<!--NeedCopy-->
Example
> add tm sessionAction session-profile -sessTimeout 30 -defaultAuthorization ALLOW
Done
> show tm sessionAction session-profile
1) Name: session-profile
Authorization action : ALLOW
Session timeout: 30 minutes
Done
<!--NeedCopy-->
To modify a session profile by using the command line interface
At the command prompt, type the following commands to modify a session profile and verify the configuration:
set tm sessionAction <name> [-sessTimeout <mins>] [-defaultAuthorizationAction ( ALLOW | DENY )][-SSO ( ON | OFF )][-ssoCredential ( PRIMARY | SECONDARY )] [-ssoDomain <string>][-httpOnlyCookie ( YES | NO )] [-persistentCookie ( ENABLED | DISABLED )] [-persistentCookieValidity <minutes>]
show tm sessionAction
<!--NeedCopy-->
Example
> set tm sessionAction session-profile -sessTimeout 30 -defaultAuthorization ALLOW
Done
> show tm sessionAction session-profile
1) Name: session-profile
Authorization action : ALLOW
Session timeout: 30 minutes
Done
<!--NeedCopy-->
To remove a session profile by using the command line interface
At the command prompt, type the following command to remove a session profile:
rm tm sessionAction <name>
<!--NeedCopy-->
To configure session profiles by using the configuration utility
- Navigate to Security > AAA - Application Traffic > Session.
- Navigate to Security > AAA - Application Traffic > Policies > Session.
- In the details pane, click the Profiles tab.
- On the Profiles tab, do one of the following:
- To create a new session profile, click Add.
- To modify an existing session profile, select the profile, and then click Edit.
- In the Create TM Session Profile or Configure TM Session Profile dialog, type or select values for the parameters.
- Name*—actionname (Cannot be changed for a previously configured session action.)
- Session Time-out—sesstimeout
- Single sign-on to Web Applications—sso
- Default Authorization Action—defaultAuthorizationAction
- Credential Index—ssocredential
- Single Sign-on Domain—ssoDomain
- HTTPOnly Cookie—httpOnlyCookie
- Enable Persistent Cookie—persistentCookie
- Persistent Cookie Validity—persistentCookieValidity
- Click Create or OK. The session profile that you created appears in the Session Policies and Profiles pane.
Session policies
After you create one or more session profiles, you create session policies and then bind the policies globally or to an authentication virtual server to put them into effect.
To create a session policy by using the command line interface
At the command prompt, type the following commands to create a session policy and verify the configuration:
- add tm sessionPolicy <name> <rule> <action>
- show tm sessionPolicy <name>
<!--NeedCopy-->
Example
> add tm sessionPolicy session-pol "URL == /*.gif" session-profile
Done
> show tm sessionPolicy session-pol
1) Name: session-pol Rule: URL == '/*.gif'
Action: session-profile
Done
<!--NeedCopy-->
To modify a session policy by using the command line interface
At the command prompt, type the following commands to modify a session policy and verify the configuration:
- set tm sessionPolicy <name> [-rule <expression>] [-action <action>]
- show tm sessionPolicy <name>
<!--NeedCopy-->
Example
> set tm sessionPolicy session-pol "URL == /*.gif" session-profile
Done
> show tm sessionPolicy session-pol
1) Name: session-pol Rule: URL == '/*.gif'
Action: session-profile
Done
<!--NeedCopy-->
To globally bind a session policy by using the command line interface
At the command prompt, type the following commands to globally bind a session policy and verify the configuration:
bind tm global -policyName <policyname> [-priority <priority>]
<!--NeedCopy-->
Example
> bind tm global -policyName session-pol
Done
> show tm sessionPolicy session-pol
1) Name: session-pol Rule: URL == '/*.gif'
Action: session-profile
Policy is bound to following entities
1) TM GLOBAL PRIORITY : 0
Done
<!--NeedCopy-->
To bind a session policy to an authentication virtual server by using the command line interface
At the command prompt, type the following command to bind a session policy to an authentication virtual and verify the configuration:
bind authentication vserver <name> -policy <policyname> [-priority <priority>]
<!--NeedCopy-->
Example
bind authentication vserver auth-vserver-1 -policyName Session-Pol-1 -priority 1000
Done
<!--NeedCopy-->
To unbind a session policy from an authentication virtual server by using the command line interface
At the command prompt, type the following commands to unbind a session policy from an authentication virtual server and verify the configuration:
unbind authentication vserver <name> -policy <policyname>
<!--NeedCopy-->
Example
unbind authentication vserver auth-vserver-1 -policyName Session-Pol-1
Done
<!--NeedCopy-->
To unbind a globally bound session policy by using the command line interface
At the command prompt, type the following commands to unbind a globally bound session policy:
unbind tm global -policyName <policyname>
<!--NeedCopy-->
Example
unbind tm global -policyName Session-Pol-1
Done
<!--NeedCopy-->
To remove a session policy by using the command line interface
First unbind the session policy from global, and then, at the command prompt, type the following commands to remove a session policy and verify the configuration:
rm tm sessionPolicy <name>
<!--NeedCopy-->
Example
rm tm sessionPolicy Session-Pol-1
Done
<!--NeedCopy-->
To configure and bind session policies by using the configuration utility
- Navigate to Security > AAA - Application Traffic > Session.
- Navigate to Security > AAA - Application Traffic > Policies > Session.
- In the details pane, on the Policies tab, do one of the following:
- To create a new session policy, click Add.
- To modify an existing session policy, select the policy, and then click Edit.
- In the Create Session Policy or Configure Session Policy dialog, type or select the values for the parameters.
- Name*—policyname (Cannot be changed for a previously configured session policy.)
- Request Profile*—actionname
- Expression*—rule (You enter expressions by first choosing the type of expression in the leftmost drop-down list beneath the Expression text area and then typing your expression directly into the expression text area, or by clicking Add to open the Add Expression dialog box and using the drop-down lists in it to construct your expression.)
- Click Create or OK. The policy that you created appears in the details pane of the Session Policies and Profiles page.
- To globally bind a session policy, in the details pane, select Global Bindings from the Action drop-down list, and fill in the dialog.
- Select the name of the session policy you want to globally bind.
- Click OK.
- To bind a session policy to an authentication virtual server, in the navigation pane, click Virtual Servers, and add that policy to the policies list.
- In the details pane, select the virtual server, and then click Edit.
- In the Advanced Selections to the right of the detail area, click Policies.
- Select a policy, or click the plus icon to add a policy.
- In the Priority column to the left, modify the default priority to ensure that the policy is evaluated in the proper order.
- Click OK. A message appears in the status bar, stating that the policy has been configured successfully.
Global session settings
In addition to or instead of creating session profiles and policies, you can configure global session settings. These settings control the session configuration when there is no explicit policy overriding them.
To configure the session settings by using the command line interface
At the command prompt, type the following commands to configure the global session settings and verify the configuration:
set tm sessionParameter [-sessTimeout <mins>][-defaultAuthorizationAction ( ALLOW | DENY )][-SSO ( ON | OFF )][-ssoCredential ( PRIMARY | SECONDARY )][-ssoDomain <string>][-httpOnlyCookie ( YES | NO )][-persistentCookie ( ENABLED | DISABLED )] [-persistentCookieValidity <minutes>]
<!--NeedCopy-->
Example
> set tm sessionParameter -sessTimeout 30
Done
> set tm sessionParameter -defaultAuthorizationAction DENY
Done
> set tm sessionParameter -SSO ON
Done
> set tm sessionParameter -ssoCredential PRIMARY
Done
<!--NeedCopy-->
To configure the session settings by using the configuration utility
- Navigate to Security > AAA - Application Traffic
- In the details pane, under Settings, click Change global settings.
- In the Global Session Settings dialog, type or select values for the parameters.
- Session Time-out—sessTimeout
- Default Authorization Action—defaultAuthorizationAction
- Single Sign-on to Web Applications—sso
- Credential Index—ssoCredential
- Single Sign-on Domain—ssoDomain
- HTTPOnly Cookie—httpOnlyCookie
- Enable Persistent Cookie—persistentCookie
- Persistent Cookie Validity (minutes)—persistentCookieValidity
- Home Page—home page
- Click OK.
Traffic settings
If you use forms-based or SAML single sign-on (SSO) for your protected applications, you configure that feature in the Traffic settings. SSO enables your users to log on once to access all protected applications, rather than requiring them to log on separately to access each one.
Forms-based SSO allows you to use a web form of your own design as the sign-on method instead of a generic pop-up window. You can therefore put your company logo and other information you might want your users to see on the logon form. SAML SSO allows you to configure one Citrix ADC appliance or virtual appliance instance to authenticate to another Citrix ADC appliance on behalf of users who have authenticated with the first appliance.
To configure either type of SSO, you first create a forms or SAML SSO profile. Next, you create a traffic profile and link it to the SSO profile you created. Next, you create a policy, link it to the traffic profile. Finally, you bind the policy globally or to an authentication virtual server to put your configuration into effect.
Traffic profiles
After creating at least one forms or SAML sso profile, you must next create a traffic profile.
Note:
In this feature, the terms “profile” and “action” mean the same thing.
To create a traffic profile by using the command line interface
At the command prompt, type:
add tm trafficAction <name> [-appTimeout <mins>][-SSO ( ON | OFF ) [-formSSOAction <string>]][-persistentCookie ( ENABLED | DISABLED )][-InitiateLogout ( ON | OFF )]
<!--NeedCopy-->
Example
add tm trafficAction Traffic-Prof-1 –appTimeout 10 -SSO ON -formSSOAction SSO-Prof-1
<!--NeedCopy-->
To modify a session profile by using the command line interface
At the command prompt, type:
set tm trafficAction <name> [-appTimeout <mins>] [-SSO ( ON | OFF ) [-formSSOAction <string>]] [-persistentCookie ( ENABLED | DISABLED )] [-InitiateLogout ( ON | OFF )]
<!--NeedCopy-->
Example
set tm trafficAction Traffic-Prof-1 –appTimeout 10 -SSO ON -formSSOAction SSO-Prof-1
<!--NeedCopy-->
To remove a session profile by using the command line interface
At the command prompt, type:
rm tm trafficAction <name>
<!--NeedCopy-->
Example
rm tm trafficAction Traffic-Prof-1
<!--NeedCopy-->
To configure traffic profiles by using the configuration utility
- Navigate to Security > AAA - Application Traffic > Traffic.
- Navigate to Security > AAA - Application Traffic > Policies > Traffic.
- In the details pane, click the Profiles tab.
- On the Profiles tab, do one of the following:
- To create a new traffic profile, click Add.
- To modify an existing traffic profile, select the profile, and then click Edit.
- In the Create Traffic Profile or Configure Traffic Profile dialog box, specify values for the parameters.
- Name*—name (Cannot be changed for a previously configured session action.)
- AppTimeout—appTimeout
- Single Sign-On—SSO
- Form SSO Action—formSSOAction
- SAML SSO Action—samlSSOAction
- Enable Persistent Cookie—persistentCookie
- Initiate Logout—InitiateLogout
- Click Create or OK. The traffic profile that you created appears in the Traffic Policies, Profiles, and either the Form SSO Profiles or SAML SSO Profiles pane, as appropriate.
Support for AAA.USER and AAA.LOGIN expressions
The AAA.USER expression is now implemented to replace the existing HTTP.REQ.USER expressions. The AAA.USER expression is applicable to handle non-HTTP traffic, such as the Secure Web Gateway (SWG) and role-based access (RBA) mechanism. The AAA.USER expressions are equivalent to HTTP.REQ.USER expressions.
You can use the expression at various actions or profiles configuration.
At the command prompt, type:
add tm trafficAction <name> [SSO (ON|OFF)] [-userExpression <string>]
add tm trafficAction <name> [SSO (ON|OFF)] [-passwdExpression <string>]
<!--NeedCopy-->
Example
add tm trafficAction tm_act -SSO ON -userExpression "AAA.USER.NAME"
add tm trafficAction tm_act -SSO ON -userExpression "AAA.USER.PASSWD"
add tm trafficPolicy tm_pol true tm_act
bind lb vserver lb1 -policyName tm_pol -priority 2
<!--NeedCopy-->
Note:
If you use HTTP.REQ.USER expression, a warning message “HTTP.REQ.USER has been deprecated. Use AAA.USER instead” appears on the command prompt.
-
AAA.LOGIN Expression. The LOGIN expression represents pre-login, also known as the login request. The login request can be from Citrix Gateway, SAML IdP, or from OAuth authentication. The Citrix ADC will abstract the required attributes from the policy configuration. The AAA.LOGIN expression contains the attributes, which can be fetched based on the following:
- AAA.LOGIN.USERNAME. The user name (if found) is fetched from the current login request. The same expression applied to a non-login request (determined by an authentication, authorization, and auditing) results in an empty string.
- AAA.LOGIN.PASSWORD. The user password (if found) is fetched from the current login request. The expression results in an empty string if the password is not found.
- AAA.LOGIN.PASSWORD2. The second password (if found) is fetched from the login request.
- AAA.LOGIN.DOMAIN. The domain information is fetched from the login request.
-
AAA.LOGIN.VALUE(“#”). The expression is used to retrieve information associated with your account when are you logged in. Here # is a string value. You can use these index values by using the expression AAA.LOGIN.VALUE(“#”). The authentication, authorization, and auditing module looks up the login sessions value and
AAA.LOGIN.VALUE("#")
queries the hash table for that particular attribute. For example, ifValue("username")
is set,AAA.LOGIN.VALUE("#")
queries the hash map and fetches the value corresponding tousername
.
-
AAA.USER.ATTRIBUTE(“#”). The expression is used to store user attribute. Here # can either be an integer value (between 1 and 16) or a string value. You can use these index values by using the expression AAA.USER.ATTRIBUTE(“#”). The authentication, authorization, and auditing module looks up the user sessions attribute and
AAA.USER.ATTRIBUTE("#")
queries the hash table for that particular attribute. For example, ifAttributes("samaccountname")
is set,AAA.USER.ATTRIBUTE("samaccountname")
queries the hash map and fetches the value corresponding tosamaccountname
.
Traffic policies
After you create one or more form SSO and traffic profiles, you create traffic policies and then bind the policies, either globally or to a traffic management virtual server, to put them into effect.
To create a traffic policy by using the command line interface
At the command prompt, type:
add tm trafficPolicy <name> <rule> <action>
<!--NeedCopy-->
Example
add tm trafficPolicy Traffic-Pol-1 "HTTP.REQ.HEADER("Cookie").CONTAINS("login=true")" Traffic-Prof-1
<!--NeedCopy-->
To modify a traffic policy by using the command line interface
At the command prompt, type:
set tm trafficPolicy <name> <rule> <action>
<!--NeedCopy-->
Example
set tm trafficPolicy Traffic-Pol-1 "HTTP.REQ.HEADER("Cookie").CONTAINS("login=true")" Traffic-Prof-1
<!--NeedCopy-->
To globally bind a traffic policy by using the command line interface
At the command prompt, type:
bind tm global -policyName <string> [-priority <priority>]
<!--NeedCopy-->
Example
bind tm global -policyName Traffic-Pol-1
<!--NeedCopy-->
To bind a traffic policy to a load balancing or content switching virtual server by using the command line interface
At the command prompt, type one of the following commands:
bind lb vserver <name> -policy <policyName> [-priority <priority>]
bind cs vserver <name> -policy <policyName> [-priority <priority>]
<!--NeedCopy-->
Example
bind authentication vserver auth-vserver-1 -policyName Traffic-Pol-1 -priority 1000
<!--NeedCopy-->
To unbind a globally bound traffic policy by using the command line interface
At the command prompt, type:
unbind tm global -policyName <policyname>
<!--NeedCopy-->
Example
unbind tm global -policyName Traffic-Pol-1
<!--NeedCopy-->
To unbind a traffic policy from a load balancing or content switching virtual server by using the command line interface
At the command prompt, type one of the following commands:
unbind lb vserver <name> -policy <policyname>
unbind cs vserver <name> -policy <policyname>
<!--NeedCopy-->
Example
unbind authentication vserver auth-vserver-1 -policyName Traffic-Pol-1
<!--NeedCopy-->
To remove a traffic policy by using the command line interface
First unbind the session policy from global, and then, at the command prompt, type:
rm tm trafficPolicy <name>
<!--NeedCopy-->
Example
rm tm trafficPolicy Traffic-Pol-1
<!--NeedCopy-->
To configure and bind traffic policies by using the configuration utility
- Navigate to Security > AAA - Application Traffic > Traffic.
- Navigate to Security > AAA - Application Traffic > Policies > Traffic.
- In the details pane, do one of the following:
- To create a new session policy, click Add.
- To modify an existing session policy, select the policy, and then click Edit.
- In the Create Traffic Policy or Configure Traffic Policy dialog, specify values for the parameters.
- Name*—policyName (Cannot be changed for a previously configured session policy.)
- Profile*—actionName
- Expression—rule (You enter expressions by first choosing the type of expression in the leftmost drop-down list beneath the Expression text area and then typing your expression directly into the expression text area, or by clicking Add to open the Add Expression dialog box and using the drop-down lists in it to construct your expression.)
- Click Create or OK. The policy that you created appears in the details pane of the Session Policies and Profiles page.
Form SSO profiles
To enable and configure forms-based SSO, you first create an SSO profile.
Note
- Forms-based single sign-on does not work if the form is customized to include Javascript.
- In this feature, the terms “profile” and “action” mean the same thing.
To create a form SSO profile by using the command line interface
At the command prompt, type:
add tm formSSOAction <name> -actionURL <URL> -userField <string> -passwdField <string> -ssoSuccessRule <expression> [-nameValuePair <string>] [-responsesize <positive_integer>][-nvtype ( STATIC | DYNAMIC )][-submitMethod ( GET | POST )]
show tm formSSOAction [<name>]
<!--NeedCopy-->
Example
add tm formSSOAction SSO-Prof-1 -actionURL "/logon.php"
-userField "loginID" -passwdField "passwd"
-nameValuePair "loginID passwd" -responsesize "9096"
-ssoSuccessRule "HTTP.RES.HEADER("Set-Cookie").CONTAINS("LogonID")"
-nvtype STATIC -submitMethod GET
–sessTimeout 10 -defaultAuthorizationAction ALLOW
<!--NeedCopy-->
To modify a form SSO by using the command line interface
At the command prompt, type:
set tm formSSOAction <name> -actionURL <URL> -userField <string> -passwdField <string> -ssoSuccessRule <expression> [-nameValuePair <string>] [-responsesize <positive_integer>][-nvtype ( STATIC | DYNAMIC )][-submitMethod ( GET | POST )]
<!--NeedCopy-->
Example
set tm formSSOAction SSO-Prof-1 -actionURL "/logon.php"
-userField "loginID" -passwdField "passwd"
-ssoSuccessRule "HTTP.RES.HEADER("Set-Cookie").CONTAINS("LogonID")"
-nameValuePair "loginID passwd" -responsesize "9096"
-nvtype STATIC -submitMethod GET
–sessTimeout 10 -defaultAuthorizationAction ALLOW
<!--NeedCopy-->
To remove a form SSO profile by using the command line interface
At the command prompt, type:
rm tm formSSOAction <name>
<!--NeedCopy-->
Example
rm tm sessionAction SSO-Prof-1
<!--NeedCopy-->
To configure form SSO profiles by using the configuration utility
- Navigate to Security > AAA - Application Traffic > Policies > Traffic.
- In the details pane, click the Form SSO Profiles tab.
- On the Form SSO Profiles tab, do one of the following:
- To create a new form SSO profile, click Add.
- To modify an existing form SSO profile, select the profile, and then click Edit.
- In the Create Form SSO Profile or Configure Form SSO Profile dialog, specify the values for the parameters:
- Name*—name (Cannot be changed for a previously configured session action.)
- Action URL*—actionURL
- User Name Field*—userField
- Password Field*—passField
- Expression*—ssoSuccessRule
- Name Value Pair—nameValuePair
- Response Size—responsesize
- Extraction—nvtype
- Submit Method—submitMethod</span>
- Click Create or OK, and then click Close. The form SSO profile that you created appears in the Traffic Policies, Profiles, and Form SSO Profiles pane.
SAML SSO profiles
To enable and configure SAML-based SSO, you first create a SAML SSO profile.
To create a SAML SSO profile by using the command line interface
At the command prompt, type:
add tm samlSSOProfile <name> -samlSigningCertName <string> -assertionConsumerServiceURL <URL> -relaystateRule <expression> -sendPassword (ON | OFF) [-samlIssuerName <string>]
<!--NeedCopy-->
Example
add tm samlSSOProfile saml-SSO-Prof-1 -samlSigningCertName "Example, Inc." -assertionConsumerServiceURL "https://service.example.com" -relaystateRule "true" -sendPassword "ON" -samlIssuerName "Example, Inc."
<!--NeedCopy-->
To modify a SAML SSO by using the command line interface
At the command prompt, type:
set tm samlSSOProfile <name> -samlSigningCertName <string> -assertionConsumerServiceURL <URL> -relaystateRule <expression> -sendPassword (ON | OFF) [-samlIssuerName <string>]
<!--NeedCopy-->
Example
set tm samlSSOProfile saml-SSO-Prof-1 -samlSigningCertName "Example, Inc." -assertionConsumerServiceURL "https://service.example.com" -relaystateRule "true" -sendPassword "ON" -samlIssuerName "Example, Inc."
<!--NeedCopy-->
To remove a SAML SSO profile by using the command line interface
At the command prompt, type:
rm tm samlSSOProfile <name>
<!--NeedCopy-->
Example
rm tm sessionAction saml-SSO-Prof-1
<!--NeedCopy-->
To configure a SAML SSO profile by using the configuration utility
- Navigate to Security > AAA - Application Traffic > Policies > Traffic.
- In the details pane, click the SAML SSO Profiles tab.
- On the SAML SSO Profiles tab, do one of the following:
- To create a new SAML SSO profile, click Add.
- To modify an existing SAML SSO profile, select the profile, and then click OpenEdit.
- In the Create SAML SSO Profiles or the Configure SAML SSO Profiles dialog box, set the following parameters:
- Name*
- Signing Certificate Name*
- ACS URL*
- Relay State Rule*
- Send Password
- Issuer Name
- Click Create or OK, and then click Close. The SAML SSO profile that you created appears in the Traffic Policies, Profiles, and SAML SSO Profiles pane.
Session timeout for OWA 2010
You can now force OWA 2010 connections to time out after a specified period of inactivity. OWA sends repeated keepalive requests to the server to prevent timeouts. Keeping the connections open can interfere with single sign-on.
To force OWA 2010 to time out after a specified period by using the command line interface
At the command prompt, type the following commands:
add tm trafficAction <actname> [-forcedTimeout <forcedTimeout> -forcedTimeoutVal <mins>]
<!--NeedCopy-->
For <actname>, substitute a name for your traffic policy. For <mins>, substitute the number of minutes after which to initiate a forced timeout. For <forcedTimeout>, substitute one of the following values:
-START — Starts the timer for forced timeout if a timer has not already been started. If a running timer exists, has no effect. -STOP — Stops a running timer. If no running timer is found, has no effect. -RESET — Restarts a running timer. If no running timer is found, starts a timer as if the START option had been used.
add tm trafficPolicy <polname> <rule> <actname>
<!--NeedCopy-->
For <polname>, substitute a name for your traffic policy. For <rule>, substitute a rule in Citrix ADC default syntax.
bind lb vserver <vservername> –policyName <name> -priority <number>
<!--NeedCopy-->
For <vservername>, substitute the name of the authentication, authorization, and auditing traffic management virtual server. For <priority>, substitute an integer that designates the policy’s priority.
Example
add tm trafficAction act-owa2010timeout -forcedTimeout RESET -forcedTimeoutVal 10
add tm trafficPolicy pol-owa2010timeout true act-owa2010timeout
bind lb vserver vs-owa2010 -policyName pol-owa2010timeout -priority 10
<!--NeedCopy-->