Citrix NetScaler AppFirewall
Home — PartnersCitrix — Citrix NetScaler AppFirewall WAF

Defend your network from all threats with Citrix NetScaler AppFirewall. The Citrix NetScaler AppFirewall is a best-of-breed web application firewall (WAF) that protects web applications and sites from both known and unknown attacks, including all application-layer and zero-day threats. Available as a standalone appliance or integrated within the Citrix NetScaler ADC platform, Citrix NetScaler ADC is rated as the price/performance WAF leader by NSS Labs. Simplified configuration controls further mitigate risk, and Citrix Pay-As-You-Grow pricing allows you to invest based on your current needs, then scale up later at your convenience. The Citrix NetScaler AppFirewall averages a 99.8% Block rate. It has the lowest TCO — up to 60% lower cost compared to other WAF vendors in the market today. See why NSS Labs Recommends Citrix NetScaler ADC. Simplifies desktop management. Protects online revenue sources. Ensures up time of web sites and web services by defeating Layer-7 Denial of Service (DoS) attacks.

Citrix NetScaler ADC is a comprehensive ICSA certified web application security solution that blocks known and unknown attacks against web and web services applications. Citrix NetScaler ADC enforces a hybrid security model that permits only correct application behavior and efficiently scans and protects known application vulnerabilities. It analyzes all bi-directional traffic, including SSL encrypted communication, to protect against a broad range of security threats without any modification to applications. Citrix NetScaler ADC technology is included in and integrated with Citrix NetScaler MPX and VPX, Platinum Edition, and is available as an optional module that can be added to NetScaler MPX appliances running NetScaler Enterprise Edition. Citrix NetScaler ADC is also available as a stand-alone solution on seven Citrix NetScaler MPX appliances. The stand-alone Citrix NetScaler ADC models can be upgraded via software license to a full Citrix NetScaler Application Delivery Controller (ADC).

Flexibility To Adapt To Changing Business Requirements

NetScaler AppFirewall permits flexible, stepwise deployment of web application protection. The default web application protection profile defends against the most common dangerous threats and adds full protection against both data theft and Layer-4 through Layer-7 DDoS attacks. The advanced web application protection profile adds session-aware protections to protect dynamic elements, such as cookies, form fields and session-specific URLs. Attacks that target the trust between the client and server including cross—site request forgery are stopped; requests are validated by checking for a unique ID inserted by NetScaler. Citrix NetScaler ADC enforces both positive and negative security models to ensure correct application behavior. Such protection is imperative for any application that processes user-specific content, such as an e-commerce site. To make sure these security measures are compatible with any application, Citrix NetScaler AppFirewall learning capabilities help the administrator create managed exceptions and relaxations when the application’s intended — and legal behavior might otherwise cause a violation of the default security policy.

Citrix NetScaler AppFirewall — Defeating XML Threats

In addition to detecting and blocking common application threats that can be adapted for attacking XML-based applications (i.e. cross-site scripting, command injection, etc.), Citrix AppFirewall includes a rich set of XML-specific security protections. These include schema validation to thoroughly verify SOAP messages and XML payloads, and a powerful XML attachment check to block attachments containing malicious executables or viruses. Automatic traffic inspection methods block XPath injection attacks on URLs and forms aimed at gaining access. Citrix NetScaler AppFirewall also thwarts a variety of DoS attacks, including external entity references, recursive expansion, excessive nesting and malicious messages containing either long or a large number of attributes and elements. In addition, Citrix NetScaler ADC prevents the inadvertent leakage or theft of sensitive information, such as credit card numbers or custom-defined data objects, by either removing or masking content from application responses — before being publicly disclosed. Delivers PCI DSS v.3.1 compliance.

PCI Compliance And Auditing

With payment card fraud at an all-time high, secure payment card standards have never been more crucial. Yet since the adoption of version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS), organizations have been struggling to meet its hundreds of requirements. And even full compliance with these standards may not protect networks from advanced cyber threats. Citrix has a powerful yet affordable solution. Citrix NetScaler ADC aids corporate IT security teams in conforming to governmental privacy regulations and industry mandates. For example, organizations subject to Payment Card Industry Data Security Standard requirements can now fully meet the requirements detailed in PCI DSS Section 6.6, which mandates the installation of web application firewall in front of public facing applications as  one method of maintaining a proper security posture. Protects credit and debit card account numbers to comply with the Payment Card Industry Data Security Standards.
Citrix NetScaler AppFirewall


Maintaining the stability, health and reliability of your Citrix infrastructure is a major undertaking — and many IT teams don’t have enough resources or the right tools and expertise. That’s why Citrix Consulting developed Managed Services offerings for Infrastructure Monitoring, User Expansion, Infrastructure Stabilization, and Infrastructure Management. Managed Services takes an unconventional approach to consulting so that you gain the greatest value with lower costs and minimal need for oversight.

Citrix works 100 percent remotely, so you don't have to provide office space or hand holding for our team. Citrix use proven, secure, cloud-based tools to access your Citrix infrastructure. Unlike other consultants, we can bring in other Citrix resources (architects, product managers) to extend our expertise. Citrix provides regular reporting, including trending and recommendations for improvements.


Easily integrate with other Citrix Cloud services. Ensure that app and desktop virtualization is always up to date with the latest updates and features. More easily manage apps and desktops centrally across multiple resource locations. Provide secure remote access from any device to all corporate resources on the internal network. Select a cloud infrastructure provider that best meets your deployment needs. Speed app and desktop deployment and time to production value. Citrix Managed Services takes an unconventional approach to consulting so that you gain the greatest value with lower costs and minimal need for oversight.

Citrix works 100 percent remotely, so you don’t have to provide office space or hand holding for the Citrix team. Citrix uses proven, secure, cloud based tools to access your Citrix infrastructure. Unlike other consultants, Citrix can bring in other Citrix resources (architects, product managers) to extend Citrix expertise. Citrix works with third-party vendors whose products affect the Citrix environment. Citrix provides regular reporting, including trending and recommendations for improvements. Infrastructure stabilization — this engagement brings your Citrix environment to a steady state without disruptions. The Citrix team works behind the scenes to stabilize your infrastructure by targeting and fixing a defined set of issues.

Infrastructure Management

Rest assured — our Managed Services team has your Citrix infrastructure under control. To optimize system uptime, we work proactively to make sure patches and upgrades are handled promptly and smoothly. Citrix also works reactively to address pain points. Citrix-specific monitoring and alerting minimize the impact of unforeseen issues.

This offering includes a health check of the Citrix stack, problem management, capacity planning, and change and release management. Integration with your support desk allows Citrix to address existing trouble tickets and handle new ones. The Citrix team is also available for expansion planning, including roll out assistance for onboarding new users.


Monitoring plays a vital role in maintaining a healthy, reliable IT environment, but it can distract you from strategic projects. The Citrix engineering team sets and fine-tunes thresholds, configures alerts and provides 24/7 automated monitoring of Citrix infrastructure components, from licenses to servers. Information about performance counters, events and services provides visibility into day-to-day health and performance, and helps Citrix to spot trends and patterns so that you can remediate issues before they become a problem.

User Expansion

Obtaining full value from a new Citrix solution requires timely roll out to your user base. This engagement accelerates onboarding of new users following completion of a Citrix Consulting pilot or project. Citrix services include supporting your roll out plan, identifying user groups and workflows, configuring the Citrix environment, adding users to groups, onboarding and providing automated monitoring. After adding new users, Citrix will continue monitoring the effects of the release and make any required changes to optimize performance and functionality.