Chapter 2

Configuring Advanced Policies

21

NEXT. This keyword selects the policy with the next higher priority level in the current policy bank.

An integer. If you supply an integer, it must match the priority level of another policy in the current policy bank.

END. This keyword stops evaluation after processing the current policy, and no additional policies in this bank are processed.

Blank. If the Goto expression is empty, it is the same as specifying END.

A numeric expression. This is an advanced expression that resolves to a priority number for another policy in the current bank.

USE_INVOCATION_RESULT. This phrase can be used only if you are invoking an external policy bank. Entering this phrase causes the NetScaler to perform one of the following actions:

If the final Goto in the invoked policy bank has a value of END or is empty, the invocation result is END, and evaluation stops.

If the final Goto expression in the invoked policy bank is anything other than END, the NetScaler performs a NEXT.

The following table illustrates a policy bank that uses Goto statements and policy bank invocations.

Example of a Policy Bank That Uses Gotos and External Bank Invocations

Policy Name

Priority

Goto

Invocation

Policy Bank

 

 

 

 

to be Invoked

 

 

 

 

 

ClientCertificatePolicy

100

300

None

None

(rule: does the request

 

 

 

 

contain a client certificate?)

 

 

 

 

 

 

 

 

 

SubnetPolicy (rule: is the

200

NEXT

None

None

client from a private

 

 

 

 

subnet?)

 

 

 

 

NOPOLICY

300

USE

Request

My_Request

 

 

INVOCATION

vserver

_VServer

 

 

RESULT

 

 

 

 

 

 

 

NOPOLICY

350

USE

Policy Label

My_Policy_

 

 

INVOCATION

 

Label

 

 

RESULT

 

 

WorkingHoursPolicy (rule:

400

END

None

None

is it working hours?)

 

 

 

 

 

 

 

 

 

How Policy Evaluation Ends

Evaluation of a policy bank ends when the following takes place:

Page 35
Image 35
Citrix Systems 9.2 manual How Policy Evaluation Ends