Product Documentation
Application Delivery Management
14.1 - Current Release 13.1 13.0
View PDF

Access control lists

September 17, 2024
Contributed by: 
C

An access control list (ACL) is a set of conditions that you can apply to a network appliance to filter IP traffic and secure your appliance from any unauthorized access.

You can configure ACL in NetScaler Console GUI to limit and control access to NetScaler Console. ACL on NetScaler Console is supported from 14.1-29.x build.

Usage guidelines

  • When you upgrade NetScaler Console to 14.1-29.x build, the ACL feature is disabled by default.

  • As an administrator, you can control only inbound packets through ACL on NetScaler Console.

  • Any configurations on NetScaler Console do not require any changes in the existing ACL configuration.

How to Configure an ACL

Configuring an ACL involves:

  • Enable the ACL feature
  • Create an ACL rule
  • Enable the ACL rule

Enable the ACL feature

  1. Log on to NetScaler Console GUI and navigate to Settings > Access Control List (ACL)

  2. By using the toggle button, turn on the ACL feature.

    ACL enable

Create an ACL rule

  1. On the ACL page, click Create Rule.

  2. In the Create Rule window, add the details listed in the following table:

    Options Description
    Name Specify a name of your choice.
    Protocol Select a protocol from the menu. By default, TCP is selected. You can select ANY to allow all protocols.
    Source IP Address/Subnet Specify the source IP address or source subnet to which the rule applies. Select ANY if the rule must be applied to all incoming traffic.
    Destination IP The NetScaler Console IP address is autopopulated as the destination IP. This field cannot be edited.
    Destination port Specify the destination port to which the rule applies. Select ANY if the rule applies to all destination ports.
    Action Select the action for the rule, which is Allow or Deny.
    Priority Assign priority to specify the order in which the rule is to be evaluated. Priority numbers determine the order in which ACL rules are matched against an incoming packet. A lower priority number has a higher priority. For example, priority number 1 has a higher priority than priority number 2. If none of the rules match with the incoming packet, then the packet is blocked.

  3. Click OK to create the rule.

    ACL example

    After the rule is created, it is in the disabled state. To make the rule effective, you must enable the rule.

    Note:

    To enable a rule, the ACL feature must be enabled. If the feature is disabled, and you attempt to enable an ACL rule, a message “ACL is not running” appears.

Enable an ACL rule

  1. Hover your mouse over the rule that you want to enable and click the circle with three dots.

  2. From the menu, select Enable.

  3. Alternatively, select the radio button for that rule and click the Enable tab.

  4. At the prompt, click Yes to confirm.

Other actions for ACL rules

You can apply the following actions to the ACL rules:

  • Disable an ACL rule

  • Edit an ACL rule

  • Delete an ACL rule

  • Renumber the priority of ACL rules

Disable an ACL rule

  1. Hover the mouse over the rule that you want to disable and select the circle with three dots.

  2. Click Disable from the list.

  3. Alternatively, select the radio button for that rule and click the Disable button.

  4. Click Yes to confirm.

    Note:

    When you disable a rule, the rule no longer applies to incoming traffic. However, the rule configuration remains under ACL settings.

Edit an ACL rule

  1. Hover the mouse over the rule that you want to edit and select the circle with three dots.

  2. Click Edit Rule from the list.

  3. Alternatively, select the radio button for that rule and click the Edit Rule button.

  4. Make the edits and click OK.

    Note:

    You can edit a rule in both enabled and disabled state. If you edit a rule that is already enabled, the edits get applied immediately. For a rule in the disabled state, the edits get applied when you enable the rule.

Delete an ACL rule

  1. Ensure that the rule is in the disabled state. You cannot delete a rule in the enabled state.

  2. Hover the mouse over the rule that you want to delete and select the circle with three dots.

  3. Click Delete Rule from the list.

  4. Alternatively, select the radio button for that rule and click the Delete Rule button.

  5. Click Yes to confirm.

Renumber priorities of ACL rules

  1. Hover the mouse over the rule that you want to renumber the priorities for and select the circle with three dots. Click Renumber Priority from the list.

  2. Alternatively, select the radio button for that rule and from the Select Action list, select Renumber Priority.

NetScaler automatically assigns new priority numbers, which are multiples of 10, to all the existing rules.

Edit the rules to assign priority numbers according to your requirement. See the “To edit an ACL rule” section for more information about how to edit a rule.

Example for existing priority numbers:

Existing priority

Example for the renumbered priority by NetScaler Console:

Renumbered priority

Troubleshooting

If ACL rules are improperly set up, all user accounts can be denied access. If you inadvertently lose all network access to NetScaler Console because of improper ACL setup, follow these steps to gain access:

  1. Log on to NetScaler Console by using an SSH client.

  2. Run the command pfctl –d.

  3. Log on to NetScaler Console GUI and reconfigure the ACL accordingly.

Access control lists
September 17, 2024
Contributed by: 
C
September 17, 2024
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.