Configure NetScaler Gateway preauthentication EPA scan for the domain check

You can configure NetScaler Gateway preauthentication EPA scan to check if the user device is domains based or not.

  1. Navigate to NetScaler Gateway > Policies > Preauthentication.
  2. Click the Preauthentication Profiles, tab and then click Add.

    EPA preauthentication profile

  3. Enter a name for the new profile, and click Create.
  4. Switch to the Preauthentication Policies tab and click Add.
  5. Enter a name for the policy.
  6. In Request Action, choose the previously created domain scan profile.
  7. In Expression, click OPSWAT EPA Editor.
  8. In Expression Editor, select Windows to scan Windows based systems, and then choose Domain Check.

    EPA preauthentication profile expression editor

  9. Click + and enter the domain suffix and comment, if any. In this example, ‘’ is used as the domain suffix.
  10. Click OK and then click Done.

    EPA preauthentication policy

  11. On the Create Preauthentication Policy page, click Create.
  12. Bind the policy to the virtual server to enable the policy.
    1. Navigate to NetScaler Gateway > Virtual Servers.
    2. Select the virtual server, and then click Edit.
    3. In the Policies section, click the + sign.
    4. In Choose Policy, select Preauthentication, and then click Continue.
    5. In Select Policy, select the policy created for domain scan, and then click Bind.
    6. Click Done. The Policies pane displays the other policies and the new preauthentication policy bound to the virtual server.

    Bind EPA preauthentication policy

After the scan is enabled, test it with a suitable client that has domain membership matching the setting in the policy. Repeat the scan with a non-confirming client to verify the functionality of the new policy.

Configuration by using the NetScaler CLI

To enable preauthentication policy for domain check, at the command prompt, type:

add aaa preauthenticationpolicy <policy name> "CLIENT.SYSTEM(DOMAIN_SUFFIX_anyof_<domain>[COMMENT: Domain check]) EXISTS" <Action Name>

The following is the preauthentication policy for domain check:

EPA Domain Check CLIENT.SYSTEM('DOMAIN_SUFFIX_anyof_<domain>[COMMENT: Domain check]') EXISTS
Configure NetScaler Gateway preauthentication EPA scan for the domain check