We didn't want to designate a pool of addresses for each citrix server.. Or have to extend dhcp scopes to accomidate user per IP in the Citrix space with real delayed IP pool re-use. It's really hokey, if you think about how users log into Xenapp / farms and use an IP, that now gets cached for the surrogate timeout, which is common across WSA. Users change which farm server they log into frequently. We cache surrogate creds for 12 hours, to get through a business day.
for citrix/ts we use persistent cookie auth.. It's not great.. If you have non-browser apps and want to have identity rules, you spend time, writing an identity that is a non-auth bypass for certain browser user agents or destination IP's..
Listen: https://smarturl.it/CCRS9E20Follow us: https://twitter.com/CiscoChampion
With over one trillion email scams per year, more than 22 billion records were exposed by data breaches in 2021. Phishing attacks are clearly on the rise, and they’re e...
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...
SymptomsDownloadable ACL (dACL) does not take effect on the IOS-XE Network Access DevicesDiagnosisCreating redirection ACL on the IOS-XE device failed to redirect the specified traffic for captive portal redirectionSolutionEnable device tracking, Below is...