Specifications

ManualsBrandsCDA ManualsDomestic Appliancesvm200

VM-Series Deployment Guide 35

Set Up a VM-Series Firewall on the Citrix SDX Server Secure North-South Traffic with the VM-Series Firewall

Go back to Secure North-South Traffic with the VM-Series Firewall, or see Secure East-West Traffic with the

VM-Series Firewall.

8. (Optional) To enable you to ping or SSH in to the interface,

select

Advanced > Other Info, expand the Management Profile

drop-down, and select

New Management Profile. Enter a

Name for the profile, select Ping and SSH and then click OK.

9. To save the interface configuration, click

OK.

10. Click

Commit to save your changes to the firewall.

Step 3 Create a basic policy to allow traffic

between the NetScaler VPX and the web

servers.

In this example, because we have set up

only one data interface, we specify the

source and destination IP address to allow

traffic between the NetScaler VPX and

the servers.

1. Select

Policies > Security, and click Add.

2. Give the rule a descriptive name in the

General tab.

3. In the

Source tab, select Add in the Source Address section and

select the New

Address link.

4. Create a new address object that specifies the SNIP on the

NetScaler VPX. In this example, this IP address is the source for

all requests to the servers.

5. In the

Destination tab, select Add in the Destination Address

section and select the New

Address link.

6. Create a new address object that specifies the subnet of the web

servers. In this example, this subnet hosts all the web servers

that service the requests.

7. In the

Application tab, select web-browsing.

8. In the

Actions tab, complete these tasks:

a. Set the

Action Setting to Allow.

b. Attach the default profiles for antivirus, anti-spyware, and

vulnerability protection, under

Profile Setting.

9. Verify that logging is enabled at the end of a session under

Options. Only traffic that matches a security rule will be logged.

10. Create another rule to deny all other traffic from any source and

any destination IP address on the network.

Because all intra-zone traffic is allowed by default, in order to

deny traffic other that web-browsing, you must create a deny

rule that explicitly blocks all other traffic.

Set up the VM-Series Firewall to Process North-South Traffic Using L3 interfaces (Continued)