ADC

Configure secure heartbeats

The secure heartbeats feature provides protection against network attacks such as tampering and replay attacks. When you enable the secure heartbeats in a cluster setup, NetScaler authenticates the heartbeat packets and checks for packet integrity to protect against network attacks. If the authentication or packet integrity check fails, NetScaler drops the heartbeat packets.

You can enable or disable the secure heartbeats using the secureHeartbeats parameter of the set cluster command.

Note:

  • Secure heartbeats must be configured from the cluster IP address.
  • Ensure that all the cluster nodes are running release 14.1 build 12.30 or later.

Configure secure heartbeats using the CLI

Log in to the cluster IP address and perform the following steps to enable or disable secure heartbeats.

To enable the secure heartbeats:

  1. Enable the secure heartbeats.

    set cluster instance <clId> secureHeartbeats ENABLED

  2. Save the configuration.

    save ns config

  3. Verify the configuration.

    sh cluster instance <clid>

Example configuration:

> set cluster instance 1 secureHeartbeats ENABLED Warning: [The Secure Heartbeats feature must be set in the cluster IP (CLIP) address.] Done > save ns config Done > sh cluster instance 1 1) Cluster ID: 1 Dead Interval: 3 secs Hello Interval: 200 msecs Preemption: DISABLED Propagation: ENABLED Quorum Type: MAJORITY INC State: DISABLED Process Local: DISABLED Retain Connections: NO Heterogeneous: NO Backplane based view: DISABLED Cluster sync strict mode: DISABLED DFD Retain L2 Params: DISABLED Cluster Proxy Arp Status: ENABLED Secure Heartbeats: ENABLED Cluster Status: ENABLED(admin), ENABLED(operational), UP WARNING(s): (1) - There are no spotted SNIPs configured on the cluster. Spotted SNIPs can help improve cluster performance. Member Nodes: Node ID Node IP Health Admin State Operational State ------- ------- ------ ----------- ----------------- 1) 1 10.102.58.124 UP ACTIVE ACTIVE 2) 2 10.102.58.125 UP ACTIVE ACTIVE 3) 0 10.102.58.123* UP ACTIVE ACTIVE(Configuration Coordinator) Done

To disable the secure heartbeats:

Run the following commands to disable secure heartbeats.

  1. set cluster instance <clId> secureHeartbeats DISABLED
  2. save ns config

Configure secure heartbeats using the GUI

Log in to the cluster IP address and perform the following steps to enable or disable secure heartbeats.

To enable the secure heartbeats:

  1. Navigate to System > Cluster.
  2. In the details pane, click the Manage Cluster link.
  3. In the Configure cluster instance page, select the Secure Heartbeats checkbox.
  4. Click Save, and then click Yes.

To disable the secure heartbeats:

In the Configure cluster instance page, clear the Secure Heartbeats checkbox.

Configure secure heartbeats