PARTNERS

Configure Citrix ADC VPX (Netscaler) for Security for Storage

This topic describes how to configure the Citrix ADC VPX (Netscaler) to use it with GravityZone Security for Storage.

Overview

Citrix ADC can be configured to integrate Bitdefender Security Server as an ICAP server that uses the Content Inspection technique for malware and security issues.

citrix-adc-icap.png

The figure above describes the components of the integration:

  • Clients make requests to the internet.

  • Citrix ADC is the ICAP client.

  • Bitdefender Security Server is the ICAP server that scans for malware and security issues.

  • The internet is one or more servers in a datacenter.

Requirements and prerequisites

For using GravityZone Security for Storage with Citrix ADC VPX (Netscaler), you need the following:

  • A Citrix ADC VPX deployment configured and functional on VMware ESXi, with Platinum license.

  • Your application running on the ESXi server.

  • A GravityZone environment with a Bitdefender Security Server deployed and configured to use ICAP scanning. For details on how to install Bitdefender Security Server on VMware ESXi, refer to Install Security Server on an Ubuntu machine from XenServer, ESXi or AWS. For details on enabling ICAP scanning in a GravityZone policy, refer to Configuration.

Configure Citrix ADC VPX on VMware ESXi for ICAP scanning

This procedure explains how to configure the Citrix ADC VPX appliance and how to integrate with Bitdefender Security Server.

  1. Deploy the Citrix ADC VPX virtual appliance on VMware ESXi.

  2. Configure Citrix ADC VPX. Take into account these indications:

    • The default username is nsroot and the default password is also nsroot.

    • Reserve and set an IP address for management, and a mask and a gateway in the Citrix ADC appliance console.

    • Set a subnet IP address.

    • In Configuration > System > Licenses, make sure you have set a Platinum license.

    For details on the initial configuration of a Citrix ADC appliance, refer to the Citrix documentation.

  3. Configure the virtual server, which intercepts the requests and the response:

    1. Reserve an IP address for Virtual Server.

    2. Set Virtual IP to be used.

    3. Go to Configuration > Traffic Management > Load Balancing > Virtual Servers and click Add.

    4. Set a name, an IP address and click Create.

  4. Add the target server (the IP address of your application):

    1. Go to Configuration > Traffic Management > Load Balancing > Servers and click Add.

    2. Set the Target Server IP.

  5. Bind the target server to the load balancing virtual server:

    1. Go to Configuration > Traffic Management > Load Balancing > Virtual Servers and click on your virtual server.

    2. In Services and Service Groups, select No Load Balancing Virtual Server Services Binding.

    3. Click Add Binding.

    4. For Selected Service, click Add.

    5. From Existing Server, select the target server.

    6. Set Service Name, Protocol and Port, and click OK.

    7. Click Bind to link the virtual server to the target server.

    This is how you check the binding was successful:

    • Load Balancing Virtual Server displays the status Up with a green dot.

    • You can access the target server interface over the IP address of the Load Balancing Virtual Server previously set.

    For information on how to bind/unbind a service from/to a load balancing virtual server, refer to the Citrix documentation.

  6. Create a content policy with Content Inspection for requests and assign it to the virtual server. In this step you will connect the Bitdefender Security Server to Citrix ADC VPX.

    1. Go to Configuration > Traffic Management > Load Balancing > Virtual Servers and click on your virtual server.

    2. In Advanced Settings, select Policies and click + to add a new policy.

    3. For Content Policy, select Content Inspection.

    4. For type, select Request.

    5. Click Add Binding.

    6. For Select Policy, click Add.

      1. Set a Policy Name.

      2. In the Expression editor, type: true

      3. Add an action.

      4. Set a name for the action.

      5. For type, select ICAP.

      6. Enter the Bitdefender Server IP address. The Bitdefender Security Server must have a policy applied, with ICAP scanning enabled.

      7. Set the ICAP port: 1344.

      8. Add an ICAP profile: set a name, set URl for requests (/reqmod), set Mode: REQMOD, and click Create.

      9. After creating the ICAP profile, click Create for action.

    7. After creating the action, click Create for policy.

  7. Click Bind for Policy.

  8. Click Done for Content Policy.

Following the same pattern, you can also create a policy for response.

For details on how to configure the ICAP service for Content Inspection on Citrix ADC, refer to the Citrix documentation.

Test the integration

  1. Make sure the Bitdefender Security Server has a policy applied, with ICAP scanning enabled.

  2. Upload an infected file on your application hosted on the ESXi server.

  3. The application’s webpage should display a message informing you that the file has been blocked because of a virus detection.