Site Local GSLB with Citrix ADC

If you know anything about GSLB, you likely know that it is nothing more than a DNS trick that allows you to programatically return an IP (or CNAME) for a name based on service health or proximity to a location. But you may not know that you can also use GSLB in conjunction with Link Load Balancing to ensure that internal resources are highly available. What is Link Load Balancing (LLB)? Link load balancing is … Read more…

Installing Citrix ADC (NetScaler) on Proxmox

A few days ago, I did a thing and one of the first issues I had was getting a NetScaler (Citrix ADC) appliance up and running on the new host…because, you know….priorities. This scenario is certainly supported as the hypervisor is KVM, but on the initial boot, it got stuck here: And that’s no good. How did we get here? Let’s go through the basics as it’s slightly different than just importing an OVF template. … Read more…

NetScaler Authentication Error – /cgi/selfauth

While I was rebuilding my lab, I ran into an issue when building out my demo Exchange OWA front-ended by NetScaler – the error was pretty generic, I would attempt to access the OWA page, was then prompted for authentication by the NetScaler AAA engine running as a part of Unified Gateway, then I was dumped to the following error page: Http/1.1 Service Unavailable – /cgi/selfauth/xxxxx This error page is being presented by the NetScaler, … Read more…

Citrix Secure Gateway is EOL…Now What?

Is Citrix Secure Gateway really End of Life? Not really…it’s tied to the lifecycle of the latest product that it was released with which would be XenApp 6.5 – which is incidentally the last product that it works with. Secure Gateway also does not work with any version of StoreFront, so you’re stuck with Web Interface. What does secure gateway do? It allows for an SSL connection to XenApp and XenDesktop resources to be proxied from … Read more…

Demo NetScaler Datastream with SQL AlwaysOn

Is your database application not performing as well as it should? Is your SQL Server running low on resources? Is your application not written to take advantage of SQL AlwaysOn Availability Groups or database sharding? If you answered yes to any of those questions, then NetScaler Datastream to the rescue! Or, maybe you are looking to demo NetScaler Datastream to get a better idea of what capabilities it has in your SQL environment. If that is … Read more…

Demo NetScaler App Firewall (WAF)

Ever want to try out the feature of the NetScaler known as Application Firewall (AppFW or simply WAF)? Or maybe you need to demo NetScaler App Firewall for one of your customers, but are not sure of the best way to show it off? Well, that’s understandable because App Firewall is powerful and demoing it can be a bit tricky. In this post I’ll cover two of the biggest hurdles in showing off AppFW: Working … Read more…

NetScaler Unified Gateway – Native Receiver

NetScaler unified gateway is one of the great new features in NS version 11. If you’ve worked with some of the more advanced features, then you may be familiar with one of the more common requests: Make a NetScaler Gateway (CAG) the target vServer of a content switching vServer. Fortunately, this is exactly what Unified Gateway does – essentially, Unified Gateway is a content switching vServer with one of the possible target vServers as a non-addressable … Read more…

NetScaler SSL vServer and CookieInsert

The Citrix NetScaler is a great load balancer with numerous options when it comes to the backend loadbalancing method and persistence settings. Here are the available persistence settings based on the type of vServer: Persistence Type HTTP HTTPS TCP UDP/IP SSL_Bridge Source IP YES YES YES YES YES CookieInsert YES YES NO NO NO SSL Session ID NO YES NO NO YES URL Passive YES YES NO NO NO Custom Server ID YES YES NO … Read more…

Microsoft TMG EOL – Replace with Citrix NetScaler

As you may already know, Microsoft has decided to mark its Forefront Threat Management Gateway (TMG – formerly ISA Server) product as end of life. Primary development on it stopped back in September of 2012 and mainstream support ended in April of 2015. The Microsoft TMG product has been around since 1997 under a few different names – Microsoft Proxy Server, Microsoft ISA Server, and currently Forefront Threat Management Gateway. It provides multiple protections using forward\reverse proxy, … Read more…

Customize NetScaler 10

Customize NetScaler 10 I have been meaning to create this post for some time – when NetScaler 10.1 was released, there was some confusion around the best method to customize the interface. The previous method involved using scripts to copy the customized files at boot time – see http://support.citrix.com/article/CTX122271 for details. I know many people are already on NetScaler 11, but for those that have not yet upgraded and are still on 10.5 this should be … Read more…