Troubleshooting Access Gateway Policies

Troubleshooting Access Gateway Policies

Last Updated: [last-modified] (UTC)


There are so many parts to an Access Gateway. This can make it difficult to troubleshoot as it can be hard to see what’s happening.

Which policies are evaluated? What is succeeding and what’s failing?

Fortunately, if you’re not afraid of the command line, there’s a little trick to help:

  1. Logon to the NetScaler with an SSH client
  2. At the NetScaler CLI, enter the shell command to change to the BSD shell
  3. Run nsconmsg -d current -g pol_hits


The NetScaler logs connections to newnslog (located in /var/nslog). The nsconmsg command is used to redirect connection messages to the screen in real-time.

The -d current options tells the command to only output current logs to the screen. The -g option is a pattern matcher like grep, which looks for lines containing pol_hits (any policy hits).

If you try logging on to an Access Gateway now, you will see the policies that are being evaluated.


An example of this is here:

root@NetScaler01# nsconmsg -d current -g pol_hits
Displaying performance information
NetScaler V20 Performance Data
NetScaler NS11.1: Build, Date: Jun  7 2017, 19:58:26
reltime:mili second between two records Tue Aug 29 13:13:12 2017
  Index   rtime totalcount-val      delta rate/sec symbol-name&device-no
      0   14001             50          5        0 pol_hits Policy(Pol-LDAP-AD001)
      1       0             61          6        0 pol_hits Policy(Pol-LDAP-AD002)
      2       0             50          5        0 pol_hits Policy(Pol-LDAP-AD003)
      3       0             50          5        0 pol_hits Policy(Pol-LDAP-AD004)
      4       0              7          1        0 pol_hits Policy(SETVPNPARAMS_POL)
      5       0              6          1        0 pol_hits Policy(Policy-WB)






Citrix Support Knowledge Center – Error: “HTTP/1.1 Internal Server Error 43554” When Logging on to NetScaler Gateway

Citrix Support Knowledge Center – NetScaler nsconmsg Commands Cheat Sheet


Leave a Reply