ADC

Verify configuration

After you’ve finished configuring your system, complete the following checklists to verify your configuration.

Configuration checklist

  • The build running is:
  • There are no incompatibility issues. (Incompatibility issues are documented in the build’s release notes.)
  • The port settings (speed, duplex, flow control, monitoring) are the same as the switch’s port.
  • Enough SNIP IP addresses have been configured to support all server-side connections during peak times.
    • The number of configured SNIP IP addresses is:____

    • The expected number of simultaneous server connections is:

      [ ] 62,000 [ ] 124,000 [ ] Other____

Topology configuration checklist

The routes have been used to resolve servers on other subnets.

The routes entered are:

_________________________________________

  • If the Citrix ADC appliance is in a public-private topology, reverse NAT has been configured.

  • The failover (high availability) settings configured on the ADC appliance resolve in a one arm or two-arm configuration. All unused network interfaces have been disabled:

_________________________________________

  • If the ADC appliance is placed behind an external load balancer, then the load balancing policy on the external load balancer is not “least connection”.

    The load balancing policy configured on the external load balancer is:

    _________________________________________

  • If the ADC appliance is placed in front of a firewall, the session time-out on the firewall is set to a value greater than or equal to 300 seconds.

    Note: The TCP idle connection timeout on a Citrix ADC appliance is 360 seconds. If the timeout on the firewall is also set to 300 seconds or more, then the appliance can perform TCP connection multiplexing effectively because connections will not be closed earlier.

    The value configured for the session time-out is: ___________________

Server configuration checklist

  • “Keep-alive” has been enabled on all the servers.

    The value configured for the keep-alive time-out is: ___________________

  • The default gateway has been set to the correct value. (The default gateway should either be a Citrix ADC appliance or upstream router.) The default gateway is:

    _________________________________________

  • The server port settings (speed, duplex, flow control, monitoring) are the same as the switch port settings.

    _________________________________________

  • If the Microsoft® Internet Information Server is used, buffering is enabled on the server.

  • If an Apache Server is used, the MaxConn (maximum number of connections) parameter is configured on the server and on the Citrix ADC appliance.

    The MaxConn (maximum number of connections) value that has been set is:

    _________________________________________

  • If a Netscape Enterprise Server is used, the maximum requests per connection parameter is set on the Citrix ADC appliance. The maximum requests per connection value that has been set is:

    _________________________________________

Software features configuration checklist

  • Does the Layer 2 mode feature need to be disabled? (Disable if another Layer 2 device is working in parallel with a Citrix ADC appliance.)

    Reason for enabling or disabling:

    _________________________________________

  • Does the MAC-based forwarding feature need to be disabled? (If the MAC address used by return traffic is different, it should be disabled.)

    Reason for enabling or disabling:

    _________________________________________

  • Does host-based reuse need to be disabled? (Is there virtual hosting on the servers?)

    Reason for enabling or disabling:

    _________________________________________

  • Do the default settings of the surge protection feature need to be changed?

    Reason for changing or not changing:

    _________________________________________

Access checklist

  • The system IPs can be pinged from the client-side network.
  • The system IPs can be pinged from the server-side network.
  • The managed server(s) can be pinged through the Citrix ADC.
  • Internet hosts can be pinged from the managed servers.
  • The managed server(s) can be accessed through the browser.
  • The Internet can be accessed from managed server(s) using the browser.
  • The system can be accessed using SSH.
  • Admin access to all managed server(s) is working.

Note: When you are using the ping utility, ensure that the pinged server has ICMP ECHO enabled, or your ping will not succeed.

Firewall checklist

The following firewall requirements have been met:

  • UDP 161 (SNMP)
  • UDP 162 (SNMP trap)
  • TCP/UDP 3010 (GUI)
  • HTTP 80 (GUI)
  • TCP 22 (SSH)
Verify configuration