Cache Policy Label Test

A policy label consists of a set of policies, other policy labels, and virtual server-specific policy banks. The Web App Firewall evaluates each policy bound to the policy label in order of priority. If the policy matches, it filters the connection as specified in the associated profile. Then it does whatever the Goto parameter specifies, which can be to terminate policy evaluation, go to the next policy, or go to the policy with the specified priority. If the Invoke parameter is set, it terminates processing of the current policy label and begins to process the specified policy label or virtual server.

Periodically, administrators may want to know how many connections match each policy label that has been defined. This helps them to evaluate the effectiveness of the policies grouped under a label, and also to understand how well NetScaler secures connections to the Citrix environment. To achieve this, administrators can use the Cache Policy Label test.

This test auto-discovers the policy labels and reports the count of connections that match each policy label.

Target of the test : A Citrix ADC VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for each policy label configured on the Citrix ADC VPX/MPX appliance being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which the test is being configured.

NetScaler Username, NetScaler Password, and Confirm Password

To monitor a NetScaler device, the eG agent should be configured with the credentials of a user with read-only privileges to the target NetScaler device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes. Then, confirm the password by retyping it in the Confirm Password text box.

SSL

The eG agent collects performance metrics by invoking NITRO (NetScaler Interface Through Restful interfaces and Objects) APIs on the target NetScaler device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target NetScaler device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Policy label hits

Indicates the count of connections that match this policy label.

Number

Compare the value of this measure across policy labels to know which policy label was applied to the maximum number of connections.

If this value is abnormally high for any label, you may want to review the policies grouped under this label to verify if they have been correctly configured.