How to configure Pre-Authentication check on NetScaler Gateway
Introduction
Endpoint Analysis (EPA) is used to scan the user device during the login step, and take necessary actions (eg: block, quarantine) based on the scan results.
Use Case
EPA can be configured as a pre-authentication policy (before user provided the login credentials) or post-authentication/session policy (after user credentials are verified). Customers could configure Windows patch management scan as part of pre-authentication EPA.
Configuration
Step-1: Under the NetScaler Gateway management GUI, navigate to Configuration -> NetScaler Gateway -> Policies -> Preauthentication
Step-2: Click on “Add” button under the Preauthentication Policies tab. Enter “Name” of preauthentication policy, selection any existing action for “Request Action” or create a new one by clicking “+” button.
Step-3: Click on the “OPSWAT EPA Editor” link.
Step-4: In the Expression Editor frame, select “Windows” -> “Patch Management” -> “Generic Patch Management Product Scan” option and then, click on “+”
Step-5: Click “OK”, then “Done” and then “Create” to create a preauthentication policy.
Step-6: Bind the above created preauthentication policy to any Gateway virtual server for the check.
