Getting Started with NetScaler

• Where Does a NetScaler Appliance Fit in the Network?

• How a NetScaler Communicates with Clients and Servers

• Introduction to the NetScaler Product Line

• Install the hardware

• Access a NetScaler

• Configure the ADC for the first time

• Secure your NetScaler deployment

• Configure high availability

• Change an RPC node password

• Configuring a FIPS Appliance for the First Time

• Understanding Common Network Topologies

• System management settings

  • System settings

  • Packet forwarding modes

  • Network interfaces

  • Clock synchronization

  • DNS configuration

  • SNMP configuration

  • Verify Configuration

• Load balance traffic on a NetScaler appliance

  • Load balancing

  • Persistence settings

  • Configure features to protect the load balancing configuration

  • A typical load balancing scenario

  • Use case - How to force Secure and HttpOnly cookie options for websites using the NetScaler appliance

• Accelerate load balanced traffic by using compression

• Secure load balanced traffic by using SSL

• Features at a Glance

  • Application Switching and Traffic Management Features

  • Application Acceleration Features

  • Application Security and Firewall Features

  • Application Visibility Feature

NetScaler Solutions

• Setting up NetScaler for Citrix Virtual Apps and Desktops

• Global Server Load Balancing (GSLB) Powered Zone Preference

• Anycast support in NetScaler

• Deploy digital advertising platform on AWS with NetScaler

• Enhancing Clickstream analytics in AWS using NetScaler

NetScaler cloud native solution

• Kubernetes Ingress solution

• Service mesh

• Solutions for observability

• API gateway for Kubernetes

• Use NetScaler ADM to Troubleshoot NetScaler cloud native Networking

Deploy a NetScaler VPX instance

• Support matrix and usage guidelines

• Optimize NetScaler VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors

• Support for increasing NetScaler VPX disk space

• Apply NetScaler VPX configurations at the first boot of the NetScaler appliance in cloud

• Improve SSL-TPS performance on public cloud platforms

• Configure simultaneous multithreading for NetScaler VPX on public clouds

• NetScaler sanity checker tool

• Install a NetScaler VPX instance on a bare metal server

• Install a NetScaler VPX instance on Citrix Hypervisor

  • Configuring NetScaler Virtual Appliances to use Single Root I/O Virtualization (SR-IOV) Network Interfaces

• Install a NetScaler VPX instance on VMware ESX

  • Configure NetScaler VPX to use VMXNET3 network interface

  • Configure NetScaler VPX to use SR-IOV network interface

  • Configure NetScaler VPX to use Intel QAT for SSL acceleration in SR-IOV mode

  • Migrating the NetScaler VPX from E1000 to SR-IOV or VMXNET3 network interfaces

  • Configure NetScaler VPX to use PCI passthrough network interface

  • Apply NetScaler VPX configurations at the first boot of the NetScaler appliance on VMware ESX hypervisor

• Install a NetScaler VPX instance on VMware cloud on AWS

• Install a NetScaler VPX instance on Microsoft Hyper-V servers

• Install a NetScaler VPX instance on Linux-KVM platform

  • Prerequisites for installing NetScaler VPX virtual appliances on Linux-KVM platform

  • Provisioning the NetScaler virtual appliance by using OpenStack

  • Provisioning the NetScaler virtual appliance by using the Virtual Machine Manager

  • Configuring NetScaler virtual appliances to use SR-IOV network interface

  • Configure a NetScaler VPX on KVM hypervisor to use Intel QAT for SSL acceleration in SR-IOV mode

  • Configuring NetScaler virtual appliances to use PCI Passthrough network interface

  • Provisioning the NetScaler virtual appliance by using the virsh Program

  • Managing the NetScaler Guest VMs

  • Provisioning the NetScaler virtual appliance with SR-IOV on OpenStack

  • Configuring a NetScaler VPX instance on KVM to use OVS DPDK-Based host interfaces

  • Apply NetScaler VPX configurations at the first boot of the NetScaler appliance on the KVM hypervisor

• Deploy a NetScaler VPX instance on AWS

  • AWS terminology

  • AWS-VPX support matrix

  • Limitations and usage guidelines

  • Prerequisites

  • Configure AWS IAM roles on NetScaler VPX instance

  • How a NetScaler VPX instance on AWS works

  • Deploy a NetScaler VPX standalone instance on AWS

  • Scenario: standalone instance

  • Download a NetScaler VPX license

  • Load balancing servers in different availability zones

  • How high availability on AWS works

  • Deploy a VPX HA pair in the same AWS availability zone

  • High availability across different AWS availability zones

  • Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones

  • Deploy a VPX high-availability pair with private IP addresses across different AWS zones

  • Deploy a NetScaler VPX instance on AWS Outposts

  • Protect AWS API Gateway using the NetScaler Web Application Firewall

  • Add back-end AWS auto scaling service

  • Deploy NetScaler GSLB on AWS

  • Deploy NetScaler Web App Firewall on AWS

  • Configure a NetScaler VPX instance to use SR-IOV network interface

  • Configure a NetScaler VPX instance to use Enhanced Networking with AWS ENA

  • Upgrade a NetScaler VPX instance on AWS

  • Troubleshoot a VPX instance on AWS

  • AWS FAQs

• Deploy a NetScaler VPX instance on Microsoft Azure

  • Azure terminology

  • Network architecture for NetScaler VPX instances on Microsoft Azure

  • Configure a NetScaler standalone instance

  • Configure multiple IP addresses for a NetScaler VPX standalone instance

  • Configure a high-availability setup with multiple IP addresses and NICs

  • Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands

  • Deploy a NetScaler high-availability pair on Azure with ALB in the floating IP-disabled mode

  • Deploy the NetScaler for Azure DNS private zone

  • Configure a NetScaler VPX instance to use Azure accelerated networking

  • Configure HA-INC nodes by using the NetScaler high availability template with Azure ILB

  • Configure HA-INC nodes by using the NetScaler high availability template for internet-facing applications

  • Configure a high-availability setup with Azure external and internal load balancers simultaneously

  • Install a NetScaler VPX instance on Azure VMware solution

  • Configure a NetScaler VPX standalone instance on Azure VMware solution

  • Configure a NetScaler VPX high availability setup on Azure VMware solution

  • Configure Azure route server with NetScaler VPX HA pair

  • Add Azure autoscale settings

  • Azure tags for NetScaler VPX deployment

  • Configure GSLB on NetScaler VPX instances

  • Configure GSLB on an active-standby high availability setup

  • Deploy NetScaler GSLB on Azure

  • Deploy NetScaler Web App Firewall on Azure

  • Configure address pools (IIP) for a NetScaler Gateway appliance

  • Configure multiple IP addresses for a NetScaler VPX instance in standalone mode by using PowerShell commands

  • Additional PowerShell scripts for Azure deployment

  • Create a support ticket for the VPX instance on Azure

  • Azure FAQs

• Deploy a NetScaler VPX instance on Google Cloud Platform

  • Deploy a VPX high-availability pair on Google Cloud Platform

  • Deploy a VPX high-availability pair with external static IP address on Google Cloud Platform

  • Deploy a single NIC VPX high-availability pair with private IP address on Google Cloud Platform

  • Deploy a VPX high-availability pair with private IP addresses on Google Cloud Platform

  • Install a NetScaler VPX instance on Google Cloud VMware Engine

  • Add back-end GCP Autoscaling service

  • VIP scaling support for NetScaler VPX instance on GCP

  • Troubleshoot a VPX instance on GCP

• Jumbo frames on NetScaler VPX instances

• Automate deployment and configurations of NetScaler

• FAQ

Licensing

• Allocate and apply a license

Upgrade and downgrade a NetScaler appliance

• Before you begin

• Upgrade considerations for configurations with classic policies

• Upgrade considerations for customized configuration files

• Upgrade considerations - SNMP configuration

• Download a NetScaler release package

• Upgrade a NetScaler standalone appliance

• Downgrade a NetScaler standalone appliance

• Upgrade a high availability pair

• In Service Software Upgrade support for high availability

• Downgrade a high availability pair

• Troubleshooting

• FAQs

Solutions for Telecom Service Providers

• Large Scale NAT

  • Points to Consider before Configuring LSN

  • Configuration Steps for LSN

  • Sample LSN Configurations

  • Configuring Static LSN Maps

  • Configuring Application Layer Gateways

  • Logging and Monitoring LSN

  • TCP SYN Idle Timeout

  • Overriding LSN configuration with Load Balancing Configuration

  • Clearing LSN Sessions

  • Load Balancing SYSLOG Servers

  • Port Control Protocol

  • LSN44 in a cluster setup

• Dual-Stack Lite

  • Points to Consider before Configuring DS-Lite

  • Configuring DS-Lite

  • Configuring DS-Lite Static Maps

  • Configuring Deterministic NAT Allocation for DS-Lite

  • Configuring Application Layer Gateways for DS-Lite

  • Logging and Monitoring DS-Lite

  • Port Control Protocol for DS-Lite

• Large Scale NAT64

  • Points to Consider for Configuring Large Scale NAT64

  • Configuring DNS64

  • Configuring Large Scaler NAT64

  • Configuring Application Layer Gateways for Large Scale NAT64

  • Configuring Static Large Scale NAT64 Maps

  • Logging and Monitoring Large Scale NAT64

  • Port Control Protocol for Large Scale NAT64

  • LSN64 in a cluster setup

• Mapping Address and Port using Translation

• Telco subscriber management

  • Subscriber aware traffic steering

  • Subscriber aware service chaining

  • Subscriber aware traffic steering with TCP optimization

  • Policy based TCP profile selection

• Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols

• Provide DNS Infrastructure/Traffic Services, such as, Load Balancing, Caching, and Logging for Telecom Service Providers

• Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider

• Bandwidth Utilization Using Cache Redirection Functionality

• NetScaler TCP Optimization

  • Getting Started

  • Management Network

  • Licensing

  • High Availability

  • Gi-LAN Integration

  • TCP Optimization Configuration

  • Analytics and Reporting

  • Real-time Statistics

  • SNMP

  • Technical Recipes

  • Scalability

  • Optimizing TCP Performance using TCP Nile

  • Troubleshooting Guidelines

  • Frequently Asked Questions

• NetScaler Video Optimization

  • Getting Started

  • Licensing

  • Configuring Video Optimization over TCP

  • Video Optimization over UDP

• NetScaler URL Filtering

  • URL List

  • URL Categorization

FAQs

• Authentication, Authorization, and Auditing

• Admin Partition

• AppFlow

• Call Home

• Clustering

• Connection Management

• Content Switching

• Debugging

• Hardware

• High Availability

• Integrated Caching

• Installing, Upgrading, and Downgrading

• Load Balancing

• NetScaler GUI

• SSL

Authentication, authorization, and auditing application traffic

• How authentication, authorization, and auditing works

• Basic components of authentication, authorization, and auditing configuration

  • Authentication virtual server

  • Authorization policies

  • Authentication profiles

  • Authentication policies

  • Users and groups

• Authentication methods

  • Multi-Factor (nFactor) authentication

  • SAML authentication

  • OAuth authentication

  • LDAP authentication

  • RADIUS authentication

  • TACACS authentication

  • Client certificate authentication

  • Negotiate authentication

  • Web authentication

  • Forms based authentication

  • 401 based authentication

  • reCaptcha for nFactor authentication

  • Native OTP support for authentication

  • Push notification for OTP

  • Email OTP

  • reCaptcha for nFactor authentication

  • Authentication, authorization, and auditing configuration for commonly used protocols

• Single sign-on types

  • NetScaler Kerberos single sign-on

  • Enable SSO for Basic, Digest, and NTLM authentication

• Rewrite

  • Content Security Policy response header support for NetScaler Gateway and authentication virtual server generated responses

• Self-service password reset

• Web Application Firewall protection for VPN virtual servers and authentication virtual servers

• Polling during authentication

• Session and traffic management

  • Rate Limiting for NetScaler Gateway

  • Client source IP Address Tracking

• Authorizing user access to application resources

• Auditing authenticated sessions

• NetScaler as an Active Directory Federation Service proxy

  • Web Services Federation protocol

  • Active Directory Federation Service Proxy Integration Protocol compliance

• On-premises NetScaler Gateway as an identity provider to Citrix Cloud

  • Support for active-active GSLB deployments on NetScaler Gateway

• Configuration support for SameSite cookie attribute

• Authentication, authorization, and auditing configuration for commonly used protocols

  • Handling authentication, authorization and auditing with Kerberos/NTLM

• Troubleshoot authentication and authorization related issues

Admin partition

• NetScaler configuration support in admin partition

• Configure admin partitions

• VLAN configuration for admin partitions

• VXLAN support for admin partitions

• SNMP support for admin partitions

• Audit log support for admin partitions

• Display configured PMAC addresses for shared VLAN configuration

AppExpert

• Action analytics

  • Configure a selector

  • Configure a stream identifier

  • View statistics

  • Group records on attribute values

  • Clear a stream session

  • Configure policy for optimizing traffic

  • How to limit bandwidth consumption for user or client device

• AppExpert applications

  • How AppExpert application works

  • Customize AppExpert configuration

  • Configure user authentication

  • Monitor NetScaler statistics

  • Delete an AppExpert application

  • Configure application authentication, authorization, and auditing

  • Set up a custom NetScaler application

  • NetScaler Gateway Applications

• AppQoE

  • Enable AppQoE

  • AppQOE actions

  • AppQoE parameters

  • AppQoE policies

• Entity templates

• HTTP callouts

  • How an HTTP callout works

  • Notes on the format of HTTP requests and responses

  • Configure an HTTP callout

  • Verify the configuration

  • Invoke an HTTP callout

  • Avoid HTTP callout recursion

  • Cache HTTP callout responses

  • Use Case: Filter clients by using an IP blacklist

  • Use Case: ESI support for fetching and updating content dynamically

  • Use Case: Access control and authentication

  • Use Case: OWA-Based spam filtering

  • Use Case: Dynamic content switching

• Pattern sets and data sets

  • How string matching works with pattern sets and data sets

  • Configure a pattern set

  • Configure a data set

  • Use Pattern sets and data sets

  • Sample usage

• Variables

  • Configure and use variables

  • Use case for caching user privileges

  • Use case for limiting the number of sessions

• Policies and expressions

  • Introduction to policies and expressions

  • Configuring advanced policy infrastructure

  • Configure advanced policy expression: Getting started

  • Advanced policy expressions: Evaluating text

  • Advanced policy expressions: Working with dates, times, and numbers

  • Advanced policy expressions: Parsing HTTP, TCP, and UDP data

  • Advanced policy expressions: Parsing SSL certificates

  • Advanced policy expressions: IP and MAC Addresses, Throughput, VLAN IDs

  • Advanced policy expressions: Stream analytics functions

  • Advanced policy expressions: DataStream

  • Typecasting data

  • Regular expressions

  • Summary examples of advanced policy expressions

  • Tutorial examples of advanced policies for rewrite

  • Rewrite and responder policy examples

• Rate limiting

  • Configure a stream selector

  • Configure a traffic rate limit identifier

  • Configure and bind a traffic rate policy

  • View the traffic rate

  • Test a rate-based policy

  • Examples of rate-based policies

  • Sample use cases for rate-based policies

  • Rate limiting for traffic domains

  • Configure rate limit at packet level

• Responder

  • Enable the responder feature

  • Configure a responder action

  • Configure a responder policy

  • Bind a responder policy

  • Set the default action for a responder policy

  • Responder action and policy examples

  • Diameter support for responder

  • RADIUS support for responder

  • DNS support for the responder feature

  • MQTT support for responder

  • How to redirect HTTP requests

  • Troubleshooting

• Rewrite

  • Content-length header behavior in a rewrite policy

  • Rewrite action and policy examples

  • URL transformation

  • RADIUS support for the rewrite feature

  • Diameter support for rewrite

  • DNS support for the rewrite feature

  • MQTT support for rewrite

• String maps

• URL sets

  • Getting started

  • Advanced policy expressions for URL evaluation

  • Configure URL set

  • URL pattern semantics

  • URL categories

AppFlow

• Configuring the AppFlow Feature

• Exporting Performance Data of Web Pages to AppFlow Collector

• Session Reliability on NetScaler High Availability Pair

API Security

• Import API Specification

• API Specification Validation

• Advanced Policy Expressions using API Specification

• API Traffic Visibility using API Specification Validation

Application Firewall

• FAQs and Deployment Guide

• Introduction to Citrix Web App Firewall

• Configuring the Application Firewall

  • Enabling the Application Firewall

  • The Application Firewall Wizard

  • Manual Configuration

  • Manual Configuration By Using the GUI

  • Manual Configuration By Using the Command Line Interface

• Signatures

  • Manually Configuring the Signatures Feature

  • Adding or Removing a Signatures Object

  • Configuring or Modifying a Signatures Object

  • Protecting JSON Applications using Signatures

  • Updating a Signatures Object

  • Signature Auto Update

  • Snort rule integration

  • Exporting a Signatures Object to a File

  • The Signatures Editor

  • Signature Updates in High-Availability Deployment and Build Upgrades

• Overview of Security checks

• Top-Level Protections

  • HTML Cross-Site Scripting Check

  • HTML SQL Injection Checks

  • SQL grammar-based protection for HTML and JSON payload

  • Command injection grammar-based protection for HTML payload

  • Relaxation and deny rules for handling HTML SQL injection attacks

  • HTML Command Injection Protection

  • Custom keyword support for HTML payload

  • XML External Entity Protection

  • Buffer Overflow Check

  • Application Firewall Support for Google Web Toolkit

• Cookie Protection

  • Cookie Consistency Check

  • Cookie Hijacking Protection

  • SameSite cookie attribute

• Data Leak Prevention Checks

  • Credit Card Check

  • Safe Object Check

• Advanced Form Protection Checks

  • Field Formats Check

  • Form Field Consistency Check

  • CSRF Form Tagging Check

  • Managing CSRF Form Tagging Check Relaxations

• URL Protection Checks

  • Start URL Check

  • Deny URL Check

• XML Protection Checks

  • XML Format Check

  • XML Denial-of-Service Check

  • XML Cross-Site Scripting Check

  • XML SQL Injection Check

  • XML Attachment Check

  • Web Services Interoperability Check

  • XML Message Validation Check

  • XML SOAP Fault Filtering Check

• JSON Protection Checks

  • JSON DOS Protection

  • JSON SQL Protection

  • JSON XSS Protection

  • JSON Command Injection Protection

• Managing Content Types

• Profiles

  • Creating Application Firewall Profiles

  • Enforcing HTTP RFC Compliance

  • Configuring Application Firewall Profiles

  • Application Firewall Profile Settings

  • Changing an Application Firewall Profile Type

  • Exporting and Importing an Application Firewall Profile

  • Detailed troubleshooting with WAF logs

  • File Upload Protection

  • Configuring and Using the Learning Feature

  • Dynamic Profiling

  • Supplemental Information about Profiles

  • Custom error status and message for HTML, XML, or JSON error object

• Policy Labels

• Policies

  • Firewall Policies

  • Auditing Policies

• Imports

  • Importing and Exporting Files

• Global Configuration

  • Engine Settings

  • Confidential Fields

  • Field Types

  • XML Content Types

  • JSON Content Types

• Statistics and Reports

• Application Firewall Logs

• Appendices

  • PCRE Character Encoding Format

  • Whitehat WASC Signature Types for WAF Use

  • Streaming Support for Request Processing

  • Trace HTML Requests with Security Logs

  • Application Firewall Support for Cluster Configurations

• Debugging and Troubleshooting

  • High CPU

  • Memory

  • Large File Upload Failure

  • Learning

  • Signatures

  • Trace Log

  • Miscellaneous

  • References

• Use case - Binding Web App Firewall policy to a VPN virtual server

Signatures Alert Articles

• Signature update version 140

• Signature update version 139

• Signature update version 138

• Signature update version 137

• Signature update version 136

• Signature update version 135

• Signature update version 134

• Signature update version 133

• Signature update version 132

• Signature update version 131

• Signature update version 130

• Signature update version 129

• Signature update version 128

• Signature update version 127

• Signature update version 126

• Signature update version 125

• Signature update version 124

• Signature update version 123

• Signature update version 122

• Signature update version 121

• Signature update version 120

• Signature update version 119

• Signature update version 118

• Signature update version 117

• Signature update version 116

• Signature update version 115

• Signature update version 114

• Signature update version 113

• Signature update version 112

• Signature update version 111

• Signature update version 110

• Signature update version 109

• Signature update version 108

• Signature update version 107

• Signature update version 106

• Signature update version 105

Bot Management

• Bot detection

• Configure bot profile setting

• Configure bot signature setting

• Bot signature auto update

• Bot troubleshooting

• Bot FAQ

• Bot signature alert articles

  • Bot signature update version 5

  • Bot signature update version 6

  • Bot signature update version 7

  • Bot signature update version 8

  • Bot signature update version 9

  • Bot signature update version 10

  • Bot signature update version 11

  • Bot signature update version 12

  • Bot signature update version 13

  • Bot signature update version 14

  • Bot signature update version 15

  • Bot signature update version 16

  • Bot signature update version 17

  • Bot signature update version 18

  • Bot signature update version 19

Cache Redirection

• Cache redirection policies

  • Built-in cache redirection policies

  • Configure a cache redirection policy

• Cache redirection configurations

  • Configure transparent redirection

  • Configure forward proxy redirection

  • Configure reverse proxy redirection

• Selective cache redirection

  • Enable content switching

  • Configure a load balancing virtual server for the cache

  • Configure policies for content switching

  • Configure precedence for policy evaluation

• Administer a cache redirection virtual server

  • View cache redirection virtual server statistics

  • Enable or disable a cache redirection virtual server

  • Direct policy hits to the cache instead of the origin

  • Back up a cache redirection virtual server

  • Manage client connections for a virtual server

  • Enable external TCP health check for UDP virtual servers

• N-tier cache redirection

  • Configure the upper-tier NetScaler appliances

  • Configure the lower-tier NetScaler appliances

• Translate destination IP address of a request to origin IP address

Clustering

• NetScaler configuration support in a cluster

• Before you begin

• Cluster overview

  • Synchronization across cluster nodes

  • Striped, partially striped, and spotted configurations

  • Communication in a cluster setup

  • Traffic distribution in a cluster setup

  • Cluster nodegroups

  • Cluster and node states

  • Routing in a cluster

  • IP addressing for a cluster

  • Configuring layer 3 clustering

• Setting up a NetScaler cluster

  • Setting up inter-node communication

  • Creating a NetScaler cluster

  • Adding a node to the cluster

  • Viewing the details of a cluster

• Distributing traffic across cluster nodes

  • Using Equal Cost Multiple Path (ECMP)

  • Using cluster link aggregation

  • Using USIP mode in cluster

• Managing the NetScaler cluster

  • Configuring linksets

  • Nodegroups for spotted and partially-striped configurations

  • Configuring redundancy for nodegroups

  • Disabling steering on the cluster backplane

  • Synchronizing cluster configurations

  • Synchronizing time across cluster nodes

  • Synchronizing cluster files

  • Viewing the statistics of a cluster

  • Discovering NetScaler appliances

  • Disabling a cluster node

  • Removing a cluster node

  • Removing a node from a cluster deployed using cluster link aggregation

  • Detecting jumbo probe on a cluster

  • Route monitoring for dynamic routes in cluster

  • Monitoring cluster setup using SNMP MIB with SNMP link

  • Monitoring command propagation failures in a cluster deployment

  • Graceful shutdown of nodes

  • Graceful shutdown of services

  • IPv6 ready logo support for clusters

  • Managing cluster heartbeat messages

  • Configure secure heartbeats

  • Configuring owner node response status

  • Monitor Static Route (MSR) support for inactive nodes in a spotted cluster configuration

  • VRRP interface binding in a single node active cluster

• Cluster setup and usage scenarios

  • Creating a two-node cluster

  • Migrating an HA setup to a cluster setup

  • Transitioning between a L2 and L3 cluster

  • Setting up GSLB in a cluster

  • Using cache redirection in a cluster

  • Using L2 mode in a cluster setup

  • Using cluster LA channel with linksets

  • Backplane on LA channel

  • Common interfaces for client and server and dedicated interfaces for backplane

  • Common switch for client, server, and backplane

  • Common switch for client and server and dedicated switch for backplane

  • Different switch for every node

  • Sample cluster configurations

  • Using VRRP in a cluster setup

  • Monitoring services in a cluster using path monitoring

• Backup and restore of cluster setup

• Upgrading or downgrading the NetScaler cluster

• Operations supported on individual cluster nodes

• Support for heterogeneous cluster

• FAQs

• Troubleshooting the NetScaler cluster

  • Tracing the packets of a NetScaler cluster

  • Troubleshooting common issues

Content Switching

• Configuring Basic Content Switching

• Customizing the Basic Content Switching Configuration

• Content Switching for Diameter Protocol

• Protecting the Content Switching Setup against Failure

• Managing a Content Switching Setup

• Managing Client Connections

• Persistence support for content switching virtual server

• Troubleshooting

DataStream

• Configure database users

• Configure a database profile

• Configure load balancing for DataStream

• Configure content switching for DataStream

• Configure monitors for DataStream

• Use Case 1: Configure DataStream for a primary/secondary database architecture

• Use Case 2: Configure the token method of load balancing for DataStream

• Use Case 3: Log MSSQL transactions in transparent mode

• Use Case 4: Database specific load balancing

• DataStream reference

Domain Name System

• Configure DNS resource records

  • Create SRV records for a service

  • Create AAAA Records for a domain name

  • Create address records for a domain name

  • Create MX records for a mail exchange server

  • Create NS records for an authoritative server

  • Create CNAME records for a subdomain

  • Create NAPTR records for telecommunications domain

  • Create PTR records for IPv4 and IPv6 addresses

  • Create SOA records for authoritative information

  • Create TXT records for holding descriptive text

  • Create CAA records for a domain name

  • View DNS statistics

• Configure a DNS zone

• Configure the NetScaler as an ADNS server

• Configure the NetScaler as a DNS proxy server

• Configure the NetScaler as an end resolver

• Configure the NetScaler as a forwarder

• Configure NetScaler as a non-validating security aware stub-resolver

• Jumbo frames support for DNS to handle responses of large sizes

• Configure DNS logging

• Configure DNS suffixes

• DNS ANY query

• Configure negative caching of DNS records

• Caching of EDNS0 client subnet data when the NetScaler appliance is in proxy mode

• Domain name system security extensions

  • Configure DNSSEC

  • Configure DNSSEC when the NetScaler is authoritative for a zone

  • Configure DNSSEC for a zone for which the NetScaler is a DNS proxy server

  • Configure DNSSEC for GSLB domain names

  • Zone maintenance

  • Offload DNSSEC operations to the NetScaler

  • Admin partition support for DNSSEC

• Support for wildcard DNS domains

• Mitigate DNS DDoS attacks

• Use case - configure the automatic DNSSEC key management feature

• Use Case - configure the automatic DNSSEC key management on GSLB deployment

• Use Case - how to revoke a compromised active key

Federal Information Processing Standards (FIPS)

• MPX 14000 FIPS appliances

• SDX 14000 FIPS appliances

  • Limitations

  • Terminology

  • Initialize the HSM

  • Create partitions

  • Provision a new instance or modify an existing instance and assign a partition

  • Configure the HSM for an instance on an SDX 14030/14060/14080 FIPS appliance

  • Create a FIPS key for an instance on an SDX 14030/14060/14080 FIPS appliance

  • Upgrade the FIPS firmware on a VPX instance

• Support for Thales Luna Network hardware security module

  • Prerequisites

  • Configure a Thales Luna client on the ADC

  • Configure Thales Luna HSMs in a high availability setup on the ADC

  • Additional ADC configuration

  • NetScaler appliances in a high availability setup

  • Limitations

  • Appendix

  • FAQ

• Support for Azure Key Vault

• NetScaler FIPS FAQ

Firewall Load Balancing

• Sandwich Environment

• Enterprise Environment

• Multiple-Firewall Environment

Global Server Load Balancing

• GSLB deployment types

  • Active-active site deployment

  • Active-passive site deployment

  • Parent-child topology deployment using the MEP protocol

• GSLB configuration entities

• GSLB methods

  • GSLB algorithms

  • Static proximity

  • Dynamic round trip time method

  • API method

• Configure static proximity

  • Add a location file to create a static proximity database

  • Add custom entries to a static proximity database

  • Set location qualifiers

  • Specify proximity method

  • Synchronize GSLB static proximity database

• Configure site-to-site communication

• Configure metrics exchange protocol

• Configure GSLB by using a wizard

  • Configure active-active site

  • Configure active-passive site

  • Configure parent-child topology

• Configure GSLB entities individually

  • Configure an authoritative DNS service

  • Configure a basic GSLB site

  • Configure a GSLB service

  • Configure a GSLB service group

  • Configure a GSLB virtual server

  • Bind GSLB services to a GSLB virtual server

  • Bind a domain to a GSLB virtual server

  • Example of a GSLB setup and configuration

• Synchronize the configuration in a GSLB setup

  • Manual synchronization between sites participating in GSLB

  • Real-time synchronization between sites participating in GSLB

  • View GSLB synchronization status and summary

  • SNMP traps for GSLB configuration synchronization

• GSLB dashboard

• Monitor GSLB services

• How domain name system works with GSLB

• Priority order for GSLB services

• Upgrade recommendations for GSLB deployment

• Use case: Deployment of domain name based autoscale service group

• Use case: Deployment of IP address based autoscale service group

• How-to articles

  • Customize your GSLB configuration

  • Configure persistent connections

  • Manage client connections

  • Configure GSLB for proximity

  • Protect the GSLB setup against failure

  • Configure GSLB for disaster recovery

  • Override static proximity behavior by configuring preferred locations

  • Configure GSLB service selection using content switching

  • Configure GSLB for DNS queries with NAPTR records

  • Configure GSLB for wildcard domain

  • Use the EDNS0 client subnet option for GSLB

  • Example of a complete parent-child configuration using the metrics exchange protocol

Link Load Balancing

• Configuring a Basic LLB Setup

• Configuring RNAT with LLB

• Configuring a Backup Route

• Resilient LLB Deployment Scenario

• Monitoring an LLB Setup

Load Balancing

• How load balancing works

• Set up basic load balancing

• Load balance virtual server and service states

• Support for load balancing profile

• Load balancing algorithms

  • Least connection method

  • Round robin method

  • Least response time method

  • LRTM method

  • Hashing methods

  • Least bandwidth method

  • Least packets method

  • Custom load method

  • Static proximity method

  • Token method

  • Least request method

  • Configure a load balancing method that does not include a policy

• Persistence and persistent connections

  • About Persistence

  • Source IP address persistence

  • HTTP cookie persistence

  • SSL session ID persistence

  • Diameter AVP number persistence

  • Custom server ID persistence

  • IP address persistence

  • SIP Call ID persistence

  • RTSP session ID persistence

  • Configure URL passive persistence

  • Configure persistence based on user-defined rules

  • Configure persistence types that do not require a rule

  • Configure backup persistence

  • Configure persistence groups

  • Share persistent sessions between virtual servers

  • Configure RADIUS load balancing with persistence

  • View persistence sessions

  • Clear persistence sessions

  • Override persistence settings for overloaded services

  • Troubleshooting

• Insert cookie attributes to ADC generated cookies

• Customize a load balancing configuration

  • Customize the hash algorithm for persistence across virtual servers

  • Configure the redirection mode

  • Configure per-VLAN wildcarded virtual servers

  • Assign weights to services

  • Configure the MySQL and Microsoft SQL server version setting

  • Multi-IP virtual servers

  • Limit the number of concurrent requests on a client connection

• Configure diameter load balancing

• Configure FIX load balancing

• MQTT load balancing

• Protect a load balancing configuration against failure

  • Redirect client requests to an alternate URL

  • Configure a backup load balancing virtual server

  • Configure spillover

  • Connection failover

  • Flush the surge queue

• Manage a load balancing setup

  • Manage server objects

  • Manage services

  • Manage a load balancing virtual server

  • Load balancing visualizer

• Manage client traffic

  • Configure sessionless load balancing virtual servers

  • Redirect HTTP requests to a cache

  • Enable cleanup of virtual server connections

  • Rewrite ports and protocols for HTTP redirection

  • Insert IP address and port of a virtual server in the request header

  • Use a specified source IP for backend communication

  • Set a time-out value for idle client connections

  • Manage RTSP connections

  • Manage client traffic on the basis of traffic rate

  • Identify a connection with layer 2 parameters

  • Configure the prefer direct route option

  • Use a source port from a specified port range for backend communication

  • Configure source IP persistency for backend communication

  • Use IPv6 link local addresses on server side of a load balancing setup

• Advanced load balancing settings

  • Gradually stepping up the load on a new service with virtual server–level slow start

  • The no-monitor option for services

  • Protect applications on protected servers against traffic surges

  • Enable cleanup of virtual server and service connections

  • Graceful shutdown of services

  • Enable or disable persistence session on TROFS services

  • Direct requests to a custom web page

  • Enable access to services when down

  • Enable TCP buffering of responses

  • Enable compression

  • Enable external TCP health check for UDP virtual servers

  • Maintain client connection for multiple client requests

  • Insert the IP address of the client in the request header

  • Retrieve location details from user IP address using geolocation database

  • Use source IP address of the client when connecting to the server

  • Use client source IP address for backend communication in a v4-v6 load balancing configuration

  • Configure the source port for server-side connections

  • Set a limit on the number of client connections

  • Set a limit on number of requests per connection to the server

  • Set a threshold value for the monitors bound to a service

  • Set a timeout value for idle client connections

  • Set a timeout value for idle server connections

  • Set a limit on the bandwidth usage by clients

  • Redirect client requests to a cache

  • Retain the VLAN identifier for VLAN transparency

  • Configure automatic state transition based on percentage health of bound services

  • Static proximity based on NetScaler location

• Built-in monitors

  • TCP-based application monitoring

  • SSL service monitoring

  • HTTP/2 service monitoring

  • Proxy protocol service monitoring

  • FTP service monitoring

  • Secure monitoring of servers by using SFTP

  • Set SSL parameters on a secure monitor

  • SIP service monitoring

  • RADIUS service monitoring

  • Monitor accounting information delivery from a RADIUS server

  • DNS and DNS-TCP service monitoring

  • LDAP service monitoring

  • MySQL service monitoring

  • SNMP service monitoring

  • NNTP service monitoring

  • POP3 service monitoring

  • SMTP service monitoring

  • RTSP service monitoring

  • ARP request monitoring

  • Citrix Virtual Desktops Delivery Controller service monitoring

  • Citrix StoreFront stores monitoring

  • Oracle ECV service monitoring

• Custom monitors

  • Configure HTTP-inline monitors

  • Understand user monitors

  • How to use a user monitor to check web sites

  • Understand the internal dispatcher

  • Configure a user monitor

  • Understand load monitors

  • Configure load monitors

  • Unbind metrics from a metrics table

  • Configure reverse monitoring for a service

• Configure monitors in a load balancing setup

  • Create monitors

  • Configure monitor parameters to determine the service health

  • Bind monitors to services

  • Modify monitors

  • Enable and disable monitors

  • Unbind monitors

  • Remove monitors

  • View monitors

  • Close monitor connections

  • Ignore the upper limit on client connections for monitor probes

• Manage a large scale deployment

  • Ranges of virtual servers and services

  • Configure service groups

  • Manage service groups

  • Configure a desired set of service group members for a service group in one NITRO API call

  • Configure automatic domain based service group scaling

  • Service discovery using DNS SRV records

  • Translate the IP address of a domain-based server

  • Mask a virtual server IP address

• Configure load balancing for commonly used protocols

  • Load balance a group of FTP servers

  • Load balance DNS servers

  • Load balance domain-name based services

  • Load balance a group of SIP servers

  • Load balance RTSP servers

  • Load balance remote desktop protocol (RDP) servers

• Priority order for load balancing services

• Use case 1: SMPP load balancing

• Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream

• Use case 3: Configure load balancing in direct server return mode

• Use case 4: Configure LINUX servers in DSR mode

• Use case 5: Configure DSR mode when using TOS

• Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field

• Use case 7: Configure load balancing in DSR mode by using IP Over IP

• Use case 8: Configure load balancing in one-arm mode

• Use case 9: Configure load balancing in the inline mode

• Use case 10: Load balancing of intrusion detection system servers

• Use case 11: Isolating network traffic using listen policies

• Use case 12: Configure Citrix Virtual Desktops for load balancing

• Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing

• Use case 14: ShareFile wizard for load balancing Citrix ShareFile

• Use case 15: Configure layer 4 load balancing on the NetScaler appliance

• Troubleshooting

• Load balancing FAQs

Networking

• IP Addressing

  • Configuring NetScaler-Owned IP Addresses

  • How the NetScaler Proxies Connections

  • Enabling Use Source IP Mode

  • Configuring Network Address Translation

  • Configuring Static ARP

  • Setting the Timeout for Dynamic ARP Entries

  • Configuring Neighbor Discovery

  • Configuring IP Tunnels

  • Class E IPv4 packets

  • Monitor the free ports available on a NetScaler appliance for a new back-end connection

• Interfaces

  • Configuring MAC-Based Forwarding

  • Configuring Network Interfaces

  • Configuring Forwarding Session Rules

  • Understanding VLANs

  • Configuring a VLAN

  • Configuring NSVLAN

  • Configuring Allowed VLAN List

  • Configuring Bridge Groups

  • Configuring Virtual MACs

  • Configuring Link Aggregation

  • Redundant Interface Set

  • Binding an SNIP address to an Interface

  • Monitoring the Bridge Table and Changing the Aging time

  • NetScaler Appliances in Active-Active Mode Using VRRP

  • Using the Network Visualizer

  • Configuring Link Layer Discovery Protocol

  • Jumbo Frames

  • NetScaler Support for Microsoft Direct Access Deployment

• Access Control Lists

  • Simple ACLs and Simple ACL6s

  • Extended ACLs and Extended ACL6s

  • MAC Address Wildcard Mask for ACLs

  • Blocking Traffic on Internal Ports

• IP Routing

  • Configuring Dynamic Routes

  • Configuring Static Routes

  • Route Health Injection Based on Virtual Server Settings

  • Configuring Policy-Based Routes

  • Traffic distribution in multiple routes based on five tuples information

  • Troubleshooting Routing Issues

• Internet Protocol version 6 (IPv6)

• Traffic Domains

  • Inter Traffic Domain Entity Bindings

  • Virtual MAC Based Traffic Domains

• VXLAN

• Geneve tunnels

• Best practices for networking configurations

• Configure to source NetScaler FreeBSD data traffic from a SNIP address

Observability

• Metrics

• Logs

• Processed insights

• Integration with Prometheus

  • Monitor NetScaler and applications using Prometheus

• Integration with Splunk

  • Export metrics directly from NetScaler to Splunk

  • Export transaction logs directly from NetScaler to Splunk

  • Export management logs directly from NetScaler to Splunk

  • Export audit logs and events directly from NetScaler to Splunk

• Integration with Elasticsearch

  • Export transaction logs directly from NetScaler to Elasticsearch

• NetScaler advanced analytics

• Sample dashboards for endpoints

  • Sample dashboards on Grafana

  • Sample dashboards on Splunk

• NetScaler metrics reference

NetScaler Extensions

• NetScaler extensions - language overview

  • Simple types

  • Variables

  • Expressions

  • Assignment

  • Tables

  • Control structures

  • Functions

• NetScaler extensions - library reference

• NetScaler extensions API reference

• Protocol extensions

  • Protocol extensions - architecture

  • Protocol extensions - traffic pipeline for user defined TCP client and server behaviors

  • Protocol extensions - use cases

  • Tutorial – Add MQTT protocol to the NetScaler appliance by using protocol extensions

  • Tutorial - Load balancing syslog messages by using protocol extensions

  • Protocol extensions command reference

  • Troubleshoot protocol extensions

• Policy extensions

  • Configure policy extensions

  • Policy extensions - use cases

  • Troubleshooting policy extensions

Optimization

• Client Keep-Alive

• HTTP Compression

• Integrated Caching

  • Configure selectors and basic content groups

  • Configure policies for caching and invalidation

  • Cache support for database protocols

  • Configure expressions for caching policies and selectors

  • Display cached objects and cache statistics

  • Improve cache performance

  • Configure cookies, headers, and polling

  • Configure integrated cache as a forward proxy

  • Default Settings for the Integrated Cache

  • Troubleshooting

• Front End Optimization

• Media Classification

Reputation

• IP Reputation

SSL offload and acceleration

• SSL offloading configuration

• Support for TLS 1.3 protocol

• How-to articles

• SSL certificates

  • Create a certificate

  • Install, link, and update certificates

  • Generate a server test certificate

  • Import and convert SSL files

  • Bind an SSL certificate to a virtual server on the NetScaler appliance

• Zero-touch certificate management

• SSL profiles

  • SSL profile infrastructure

  • Secure front-end profile

  • Appendix A: Sample migration of the SSL configuration after upgrade

  • Appendix B: Default front-end and back-end SSL profile settings

  • Legacy SSL profile

  • Migrate the SSL configuration to the enhanced SSL profile

• Certificate revocation lists

• Monitor certificate status with OCSP

• OCSP stapling

• Ciphers available on the NetScaler appliances

  • ECDHE ciphers

  • Diffie-Hellman (DH) key generation and achieving PFS with DHE

  • Cipher redirection

  • Leverage hardware and software to improve ECDHE and ECDSA cipher performance

  • ECDSA cipher suites support

  • Configure user-defined cipher groups on the ADC appliance

• Server certificate support matrix on the ADC appliance

• Client authentication

• Server authentication

• SSL actions and policies

  • SSL policies

  • SSL built-in actions and user-defined actions

  • SSL policy binding

  • SSL policy labels

• Selective SSL logging

• Support for DTLS protocol

• Support for Intel Coleto SSL chip based platforms

• Troubleshooting

• SSL FAQs

Content inspection

• ICAP for remote content inspection

• Inline Device Integration with NetScaler

• Integration with IPS or NGFW as inline devices

• IDS Integration

• IDS Layer 3 Integration

• Content Inspection Statistics for ICAP, IPS, and IDS

SSL forward proxy

• Getting started with SSL forward proxy

• Proxy modes

• SSL interception

• User identity management

• URL filtering for SSL forward proxy

  • URL list

  • URL categorization

  • URL reputation score

• Analytics for SSL forward proxy

• Using ICAP for remote content inspection

• How-to articles

Security

• Surge protection

  • Disable and reenable surge protection

  • Set thresholds for surge protection

  • Flush the surge queue

• DNS security options

System

• Basic operations

• Unified configuration file

• Authentication and authorization for System Users

  • Configuring Users, User Groups, and Command Policies

  • User Account and Password Management

  • Resetting the Default Administrator (nsroot) Password

  • Configuring External User Authentication

  • SSH Key-based Authentication for NetScaler Administrators

  • Two Factor Authentication for System Users

  • Restricted Management Interface Access

• TCP Configurations

• HTTP Configurations

  • Configuring HTTP/2 on the NetScaler Appliance

  • HTTP/2 DoS mitigation

• HTTP/3 over QUIC

  • HTTP/3 Configuration

  • HTTP/3 Policy Configuration

  • HTTP/3 Service Discovery

• gRPC

  • gRPC End-to-End Configuration

  • gRPC Bridging

  • gRPC Reverse Bridging

  • gRPC Call Termination

  • gRPC with Rewrite Policy Configuration

  • gRPC with Responder Policy Configuration

  • gRPC Health Monitor

• QUIC

  • QUIC bridge configuration

• Proxy Protocol

• Client IP Address in TCP Option

• SNMP

  • Configuring the NetScaler to Generate SNMP Traps

  • Custom SNMP traps

  • Configuring the NetScaler for SNMP v1 and v2 Queries

  • Configuring the NetScaler for SNMPv3 Queries

  • Configuring SNMP Alarms for Rate Limiting

  • Configuring SNMP in FIPS Mode

• Audit Logging

  • Configuring the NetScaler Appliance for Audit Logging

  • Installing and Configuring the NSLOG Server

  • Running the NSLOG Server

  • Customizing Logging on the NSLOG Server

  • SYSLOG Over TCP

  • Export SYSLOG securely over SSL

  • Load Balancing SYSLOG Servers

  • Default Settings for the Log Properties

  • Sample Configuration File (audit.conf)

• Web Server Logging

  • Configuring the NetScaler for Web Server Logging

  • Installing the NetScaler Web Logging (NSWL) Client

  • Configuring the NSWL Client

  • Customizing Logging on the NSWL Client System

• Call Home

• Reporting Tool

• CloudBridge Connector

  • Monitoring CloudBridge Connector Tunnels

  • Configuring a CloudBridge Connector Tunnel between two Datacenters

  • Configuring CloudBridge Connector between Datacenter and AWS Cloud

  • Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Virtual Private Gateway on AWS

  • Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud

  • Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud

  • Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device

  • Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Fortinet FortiGate Appliance

  • CloudBridge Connector Tunnel Diagnostics and Troubleshooting

  • CloudBridge Connector Interoperability – StrongSwan

  • CloudBridge Connector Interoperability – F5 BIG-IP

  • CloudBridge Connector Interoperability – Cisco ASA

• High Availability

  • Points to Consider for a High Availability Setup

  • Configuring High Availability

  • Configuring the Communication Intervals

  • Configuring Synchronization

  • Synchronizing Configuration Files in a High Availability Setup

  • Configuring Command Propagation

  • Restricting High-Availability Synchronization Traffic to a VLAN

  • Configuring Fail-Safe Mode

  • Configuring Virtual MAC Addresses

  • Configuring High Availability Nodes in Different Subnets

  • Configuring Route Monitors

  • Limiting Failovers Caused by Route Monitors in non-INC mode

  • Configuring Failover Interface Set

  • Understanding the Causes of Failover

  • Forcing a Node to Fail Over

  • Forcing the Secondary Node to Stay Secondary

  • Forcing the Primary Node to Stay Primary

  • High Availability FAQs

  • Troubleshooting High Availability Issues

  • Managing High Availability Heartbeat Messages on a NetScaler Appliance

  • Remove and Replace a NetScaler in a High Availability Setup

• Request retry

  • Request retry if back-end server resets TCP connection

  • Request retry if back-end server resets TCP connection during connection establishment

  • Request retry if back-end server response times out

• TCP Optimization

• Troubleshooting

  • How to record a packet trace on NetScaler

  • How to free space on /var directory

  • How to download core or crashed files from NetScaler appliance

  • How to collect performance statistics and event logs

  • How to configure log file rotation

  • How to free space on /flash directory