Citrix Systems 9.2 About Evaluation Order of Policies

8 Citrix NetScaler Policy Configuration and Reference Guide

User-defined policy label. For advanced policies, you can configure custom groupings

of policies (policy banks) by defining a policy label and collecting a set of

related policies under the policy label.

Other bind points. The availability of additional bind points depends on type of policy

(classic or advanced), and specifics of the relevant NetScaler feature. For

example, classic policies that you configure for the Access Gateway have user

and group bind points.

For additional information about advanced policy bindings, see “Binding

Advanced Policies,” on page 16, “Configuring a Policy Bank for a Virtual

Server,” on page 32. For additional information on classic policy bindings, see

“Configuring a Classic Policy,” on page 201.

About Evaluation Order of Policies

For classic policies, policy groups and policies within a group are evaluated in a

particular order, depending on the following:

• The bind point for the policy, for example, whether the policy is bound to

request-time processing for a virtual server or global response-time

processing. For example, at request time, the NetScaler evaluates all

request-time classic policies before evaluating any virtual server-specific

policies.

• The priority level for the policy. For each point in the evaluation process, a

priority level that is assigned to a policy determines the order of evaluation

relative to other policies that share the same bind point. For example, when

the NetScaler evaluates a bank of request-time, virtual server-specific

policies, it starts with the policy that is assigned to the lowest priority value.

In classic policies, priority levels must be unique across all bind points.

For advanced policies, as with classic policies, the NetScaler selects a grouping,

or bank, of policies at a particular point in overall processing. Following is the

order of evaluation of the basic groupings, or banks, of advanced policies:

1. Request-time global override

2. Request-time, virtual server-specific (one bind point per virtual server)

3. Request-time global default

4. Response-time global override

5. Response-time virtual server-specific

6. Response-time global default

However, within any of the preceding banks of policies, the order of evaluation is

more flexible than in classic policies. Within a policy bank, you can point to the

next policy to be evaluated regardless of the priority level, and you can invoke

policy banks that belong to other bind points and user-defined policy banks.