Block Citrix IOS VPN Access

Citrix released a new Citrix VPN Cliënt for Netscaler on Apple IOS devices. When there is a session policy configured with an Plug-in Type: Windows/MAC OS X the customer can still connect with VPN access, even without any VPN configuration.

You could fix this by using an Responder policy to block access for VPN access.

In this blog I will desribe how to do this

Block Citrix VPN Client for Apple IOS 

BeforeIMG_3141

After selecting VPN you will get an prompt to login

IMG_3142

To get it fixed

ResponderPolicy

Click onder Policies under Responder

ResponderPolicy-Add

Click on Add

ResponderPolicyCreate

Name: KillIOSVPN (or something else)
Action: DROP
Expression: HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“CitrixReceiver/NSGiOSplugin”)

Click on Create

ResponderPolicyManager

Click on Policy Manager

ResponderPolicyContinue

Bind Point: Override Global
Protocol: HTTP
Click on Continue

ResponderPolicyBind

Click on Bind

ResponderPolicyInsert

Select KillIOSVPN (or the created name in the step above)
Select Insert

ResponderPolicyOK

Click on OK

ResponderPolicyDone

Click on Done

After these steps the user won’t get any login prompt again and the user was no access with the VPN client.

IMG_3143

Update

You could also bind it as an responder policy on the CAG Virtual Server.
If you use this you will block access for Citrix VPN for NetScaler based on CAG Virtual Server

Share on Facebook0Share on LinkedIn1kTweet about this on TwitterEmail this to someone

2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *