Getting started with NetScaler

This topic describes the basic features and configuration details of a NetScaler appliance. System and network administrators who install and configure network equipment can refer to the content.

Understanding NetScaler

The NetScaler appliance is an application switch which performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4-Layer 7 (L4–L7) network traffic for web applications. For example, a NetScaler appliance load balances decisions on individual HTTP requests instead of long-lived TCP connections. The load balancing feature helps slowing down the failure of a server with less disruption to clients. The ADC features can be broadly classified as:

  1. Data switching
  2. Firewall security
  3. Optimization
  4. Policy infrastructure
  5. Packet flow
  6. System limitation

Data switching

When deployed in front of application servers, a NetScaler ensures optimal distribution of traffic by how it directs client requests. Administrators can segment application traffic according to information in the body of an HTTP or TCP request, and based on L4–L7 header information such as URL, application data type, or cookie. Numerous load balancing algorithms and extensive server health checks improve application availability by ensuring that client requests are directed to the appropriate servers.

Firewall security

The NetScaler security and protection protect web applications from Application Layer attacks. An ADC appliance allows legitimate client requests and can block malicious requests. It provides built-in defenses against denial-of-service (DoS) attacks and supports features that protect against legitimate surges in application traffic that would otherwise overwhelm the servers. An available built-in firewall protects web applications from Application Layer attacks, including buffer overflow exploits, SQL injection attempts, cross-site scripting attacks, and more. In addition, the firewall provides identity theft protection by securing confidential corporate information and sensitive customer data.


Optimization offloads resource-intensive operations, such as Secure Sockets Layer (SSL) processing, data compression, client keep-alive, TCP buffering, and the caching of static and dynamic content from servers. This improves the performance of the servers in the server farm and therefore speeds up applications. An ADC appliance supports several transparent TCP optimizations which mitigate problems caused by high latency and congested network links. Thereby accelerating the delivery of applications while requiring no configuration changes to clients or servers.

Policy infrastructure

A policy defines specific details of traffic filtering and management on a NetScaler. It consists of two parts: the expression and the action. The expression defines the types of requests that the policy matches. The action tells the ADC appliance what to do when a request matches the expression. For example, the expression might be to match a specific URL pattern for a security attack with the configured to drop or reset the connection. Each policy has a priority, and the priorities determine the order in which the policies are evaluated.

When an ADC appliance receives traffic, the appropriate policy list determines how to process the traffic. Each policy on the list contains one or more expressions, which together define the criteria that a connection must meet to match the policy.

For all policy types except rewrite, the appliance implements only the first policy that has a request match. For Rewrite policies, the ADC appliance evaluates the policies in order and performs the associated actions in the same order. Policy priority is important for getting the results you want.


When you specify expressions in the NetScaler GUI, do not specify HTML tags because the GUI removes the tags and only keeps the text.

Packet flow

Depending on requirements, you can choose to configure multiple features. For example, you might choose to configure both compression and SSL offload. As a result, an outgoing packet might be compressed and then encrypted before being sent to the client.

The following figure shows the HTTP2 packet flow in the NetScaler appliance.

Packet flow diagram of NetScaler

The following figure shows the data stream query processing flow in the NetScaler appliance. DataStream is supported for MySQL and MS SQL databases. For information about the DataStream feature, see DataStream.

DataStream Packet Flow Diagram

Note: If the traffic is for a content switching virtual server, the appliance evaluates policies in the following order:

  1. bound to global override.
  2. bound to load balancing virtual server.
  3. bound to content switching virtual server.
  4. bound to global default.

This way, if a policy rule is true and gotopriorityexpression is END, we stop further policy evaluation. In content switching, if no load balancing virtual server is selected or bound to the content switching virtual server, then we evaluate responder policies bound only to the content switching virtual server.

System limitation

There are system limitations for each NetScaler feature when you install NetScaler software 9.2 or later. For more information, see Citrix article, CTX118716.

Getting started with NetScaler