I've been trying to add a few custom internal rules to our vworkspace environment so a few subnets don't have to use the secure gateway (default rule) to connect to our vdi's and RDSH servers.
I can't get it to work though. I have added the custom rules in the following format: 10.10.10.* and tries 10.10.10.??? . This did not seem to work. I checked the connection broker logs and the IP addresses of the clients connecting match the custom rules I have added. They are still being connected through the secure gateway.
I have had this result in our Live and Test environment.
Has anyone been able to succesfully use custom rules and if so how did you do it.
When adding the custom rules you have used the correct format 10.10.10.*, but are you aware that the rules are processed in order, from the top down. If you have a rule higher in the order that would include the subnet of your new rule then the additional rule will not be processed, for example:
Rule 1 :- 10.10.* --> Secure Gateway
Rule 2 :- 10.10.10* --> Internal
For the above the scope of rule 2 is covered also by rule 1 so in this instance all clients in the IP range 10.10.10.* would be sent via the secure gateway. To avoid this make your rules more specific to the target range.
This may not be your solution but I felt it worth highlighting.
If you still have problems let me know what client connector types you are using to test this, e.g. Mac, Windows or Linux and 7.5 or 7.6 etc...
I'm aware of the rule processing order. In my situation all of the added custom rules are internal rules and the clients should be triggering one of them.
I did notice that in your example (rule 2) you did not use a ".". Could that be causing my issue?
I'm using the windows 7.6 web connector.
Message was edited by: Abdelhafid A
I've just tested this with a default SSL rule and then the custom rule set to internal - 10.10.96.*
At first, I kept on getting sent through the SSL so I thought it was a bug but I checked throught the rest of my settings.
My testing appears to show that if the URL that you went to matches the "External URL" set in the WebAccess | Secure Gateway properties page, it automatically routes you via your Secure Gateway no matter the custom rules
As soon as I went to a different url, it worked.
I'll test this some more if I get time this afternoon.