Citrix ADC

Preconfiguration check tool

Note:

You can download the NSPEPI and preconfig check tool from public GITHUB. For more information, see Github NEPEPI page and Github preconfig page for detailed instructions to download the tools. We recommend customers to use tools available in GitHub for the most complete and up-to-date version.

A pre-validation tool is available in Citrix ADC 12.1, 13.0 and 13.1 versions to check if any invalid or removed functionality is still used in any feature configuration. The tools validates the nsconfig file if it contains commands or parameters in a command that has been removed in Citrix ADC 13.1 version. If the validation result shows usage of removed or invalid commands, then before upgrading your appliance, you must first modify the configuration to the Citrix recommended alternative.

The tool also validates the usage of Classic policy expressions used in feature configuration that does not support Classic policies. You can modify either manually or use the nspepi tool.

The tool validates the following usage:

  1. Classic policy expressions in Content Switching, Cache Redirection, AppFW, SSL, and CMP features.
  2. Filter feature (also known as Content Filtering) - actions, policies, and binding
  3. SPDY in HTTP profile, sure connect (SC), priority queuing (PQ), HTTP Denial of Service (DoS), and HTML Injection features.
  4. Classic expressions in load balancing persistence rules.
  5. “Pattern” and “bypassSafetyCheck” parameters in Rewrite actions.
  6. “SYS.EVAL_CLASSIC_EXPR” in Advanced expressions.
  7. “patclass” configuration entity.
  8. “HTTP.REQ.BODY” with no argument in Advanced expressions.
  9. Q and S prefixes in Advanced expressions.
  10. “PolicyType” parameter for the cmp parameter setting.

Run pre-revalidation tool in UNIX Shell

At the command prompt, type:

check_invalid_config <config_file>
<!--NeedCopy-->

Example:

root@ns# check_invalid_config/nsconfig/ns.conf

Where, config file is Citrix ADC configuration file. The file must be from a saved configuration such as ns.conf.

Sample output with validation errors

Following is a sample output of the configuration file with errors in Citrix ADC version 13.1:

add policy expression x "sys.eval_classic_expr(\"ns_true\")"
add cmp policy cmp_pol -rule ns_true -resAction GZIP
add cs policy cs_pol_2 -rule ns_true
add cs policy cs_pol_3 -domain www.abc.com
add cs policy cs_pol_4 -url "/abc"
add rewrite action act_1 replace_all "http.req.body(1000)" http.req.url -pattern abcd
add rewrite action act_123 replace_all http.req.url "\"aaaa\"" -pattern abcd
add responder action ract respondwith "Q.URL + Q.HEADER(\"abcd\")"
add responder policy rsp_pol "sys.eval_classic_expr(\"ns_true\")" DROP
add appfw policy aff_pol_1 "http.req.body.length.gt(10)" APPFW_BYPASS
add appfw policy aff_pol ns_true APPFW_BYPASS

<!--NeedCopy-->

Upon getting these errors, you can use the nspepi upgrade tool to convert your configuration or manually convert your configuration. For more information, see nspepi tool topic.

Note:

You can run the nspepi tool only on Citrix ADC version 12.1, 13.0 and later versions.

Sample output with no validation errors

Following is a sample output of the configuration file with no removed or invalid configuration:

root@ns# check_invalid_config /var/tmp/new_ns.conf  
No issue detected with the configuration.
root@ns#
<!--NeedCopy-->
Preconfiguration check tool