January 7, 2014

Netscaler Session Policy Binding Priority - Did you know?

Policies are prioritized and evaluated in the order to which the policy is bound. Policies are evaluated and then run based on this order:

User (highest priority)
Group
Virtual server
Global (lowest priority)

The priority of policies is determined by two methods (one of these may trip you up)

  • The level to which the policy is bound: globally, virtual server, group, or user.

  • The numerical priority takes precedence regardless of where the policy is bound. If a policy that is bound globally has a priority number of one and another policy bound to a user has a priority number of two, the global policy takes precedence. The lower the priority number, the higher the precedence is for the policy.

So, for example, if you are implementing Storefront as a Web Interface replacement, but want to phase it in by testing it with a subset of remote users, you could:
  • Create an Active Directory Group
  • Add that group to your Netscaler
  • Create a Session Policy for your Storefront Web site
  • Bind your Storefront Session Policy to the Group ensuring that the Priority number is not higher than the Priority number for the Web Interface policy bound to your vServer.

Policy bound to vServer


Policy bound to Group


  • This will ensure that the Policy bound to your group will always take precedence.

No comments:

Post a Comment