Scenario: A Citrix Administrator suspects an attack on a load balancing virtual server. The administrator needs to restrict access to the load balancing virtual server (192.168.100.25) for 10 minutes.
Which Access Control List (ACL) will help to accomplish this requirement?
To restrict access to a load balancing virtual server for a specific time, we need to use an Access Control List (ACL) that denies traffic to the destination IP of the virtual server. The correct command is 'add ns acl rule1 DENY -destIP 192.168.100.25 -TTL 600'. This command denies traffic to the IP address 192.168.100.25 for 600 seconds, which is equivalent to 10 minutes. Thus, option B is the correct choice.
The correct Access Control List (ACL) to restrict access to the load balancing virtual server (192.168.100.25) for 10 minutes would be add ns acl rule1 DENY -destIP 192.168.100.25 -TTL 600. So, the answer is B. add ns acl rule1 DENY -destIP 192.168.100.25 -TTL 6001. This is because: The add ns acl command is used to add an ACL rule in Citrix ADC1. The DENY option is used to deny access1. The -destIP 192.168.100.25 option specifies the IP address of the load balancing virtual server1. The -TTL 600 option sets the Time To Live (TTL) for the rule to 600 seconds, which is equivalent to 10 minutes1. Please note that it’s important to use the correct syntax and consider whether you’re working with a request or a response.
Answer A This command creates a simple access control list (ACL) that blocks traffic to the load balancing virtual server with the IP address of 192.168.100.25 from all source IP addresses. The TTL parameter is set to 10, indicating that the rule will be in effect for 10 minutes.
The example given on the following link is: > add simpleacl rule1 DENY -srcIP 10.102.29.5 -TTL 600 Done https://docs.netscaler.com/en-us/citrix-adc/current-release/networking/access-control-lists-acls/simple-acls-and-simple-acl6s.html
Both options A and B are correct. They both achieve the same goal of restricting access to the load balancing virtual server for 10 minutes. The choice between them depends on your preference and the specific requirements of your environment. As mentioned earlier, option A (simple ACL) is generally preferred due to its simplicity. However, if you need more granular control over the traffic being blocked, option B (network ACL) might be a better choice.