Getting Started with Citrix ADC

• Where Does a Citrix ADC Appliance Fit in the Network?

• How a Citrix ADC Communicates with Clients and Servers

• Introduction to the Citrix ADC Product Line

• Install the hardware

• Access a Citrix ADC

• Configure the ADC for the first time

• Secure your Citrix ADC deployment

• Configure high availability

• Change an RPC node password

• Configuring a FIPS Appliance for the First Time

• Understanding Common Network Topologies

• System management settings

  • System settings

  • Packet forwarding modes

  • Network interfaces

  • Clock synchronization

  • DNS configuration

  • SNMP configuration

  • Verify Configuration

• Load balance traffic on a Citrix ADC appliance

  • Load balancing

  • Persistence settings

  • Configure features to protect the load balancing configuration

  • A typical load balancing scenario

• Accelerate load balanced traffic by using compression

• Secure load balanced traffic by using SSL

• Features at a Glance

  • Application Switching and Traffic Management Features

  • Application Acceleration Features

  • Application Security and Firewall Features

  • Application Visibility Feature

Citrix ADC Solutions

• Setting up Citrix ADC for Citrix Virtual Apps and Desktops

• Global Server Load Balancing (GSLB) Powered Zone Preference

• Anycast support in Citrix ADC

• Deploy digital advertising platform on AWS with Citrix ADC

• Citrix ADC in a Private Cloud Managed by Microsoft Windows Azure Pack and Cisco ACI

  • Creating a Citrix ADC Load Balancer in a Plan in the Service Management Portal (Admin Portal)

  • Configuring a Citrix ADC Load Balancer by Using the Service Management Portal (Tenant Portal)

  • Deleting a Citrix ADC Load Balancer from the Network

Citrix cloud native solution

• Kubernetes Ingress solution

• Service mesh

• Solutions for observability

• API gateway for Kubernetes

Deploy a Citrix ADC VPX instance

• Support matrix and usage guidelines

• Install a Citrix ADC VPX instance on a bare metal server

• Install a Citrix ADC VPX instance on Citrix Hypervisor

  • Configuring Citrix ADC Virtual Appliances to use Single Root I/O Virtualization (SR-IOV) Network Interfaces

• Install a Citrix ADC VPX instance on VMware ESX

  • Configuring Citrix ADC Virtual Appliances to use VMXNET3 Network Interface

  • Configuring Citrix ADC Virtual Appliances to use Single Root I/O Virtualization (SR-IOV) Network Interface

  • Migrating the Citrix ADC VPX from E1000 to SR-IOV or VMXNET3 Network Interfaces

  • Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface

• Install a Citrix ADC VPX instance on VMware cloud on AWS

• Install a Citrix ADC VPX instance on Microsoft Hyper-V servers

• Install a Citrix ADC VPX instance on Linux-KVM platform

  • Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform

  • Provisioning the Citrix ADC Virtual Appliance by using OpenStack

  • Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager

  • Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface

  • Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface

  • Provisioning the Citrix ADC Virtual Appliance by using the virsh Program

  • Managing the Citrix ADC Guest VMs

  • Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack

  • Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces

• Deploy a Citrix ADC VPX instance on AWS

  • AWS terminology

  • AWS-VPX support matrix

  • Limitations and usage guidelines

  • Prerequisites

  • How a Citrix ADC VPX instance on AWS works

  • Deploy a Citrix ADC VPX standalone instance on AWS

  • Scenario: standalone instance

  • Download a Citrix ADC VPX license

  • Load balancing servers in different availability zones

  • How high availability on AWS works

  • Deploy a high availability pair on AWS

  • High availability across AWS availability zones

  • Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones

  • Deploy a VPX high-availability pair with private IP addresses across different AWS zones

  • Deploy a Citrix ADC VPX instance on AWS Outposts

  • Add back-end AWS auto scaling service

  • Configure a Citrix ADC VPX instance to use SR-IOV network interface

  • Configure a Citrix ADC VPX instance to use Enhanced Networking with AWS ENA

  • Upgrade a Citrix ADC VPX instance on AWS

  • Troubleshoot a VPX instance on AWS

  • AWS FAQs

• Deploy a Citrix ADC VPX instance on Microsoft Azure

  • Network architecture for Citrix ADC VPX instances on Microsoft Azure

  • Configure a Citrix ADC standalone instance

  • Configure multiple IP addresses for a Citrix ADC VPX standalone instance

  • Configure a high-availability setup with multiple IP addresses and NICs

  • Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands

  • Configure HA-INC nodes by using the Citrix high availability template with Azure ILB

  • Add Azure autoscale settings

  • Azure tags for Citrix ADC VPX deployment

  • Configure GSLB on Citrix ADC VPX instances

  • Configure GSLB on an active-standby high availability setup

  • Configure address pools (IIP) for a Citrix Gateway appliance

  • Configure multiple IP addresses for a Citrix ADC VPX instance in standalone mode by using PowerShell commands

  • Additional PowerShell scripts for Azure deployment

  • Azure terminology

  • Azure FAQs

• Deploy a Citrix ADC VPX instance on Google Cloud Platform

  • Deploy a VPX high-availability pair on Google Cloud Platform

  • Deploy a VPX high-availability pair with external static IP address on Google Cloud Platform

  • Deploy a VPX high-availability pair with private IP addresses on Google Cloud Platform

  • Add back-end GCP Autoscaling service

  • VIP scaling support for Citrix ADC VPX instance on GCP

  • Troubleshoot a VPX instance on GCP

• Jumbo frames on Citrix ADC VPX instances

• FAQ

Licensing

• Allocate and apply a license

Upgrade and downgrade a Citrix ADC appliance

• Before you begin

• Upgrade considerations - SNMP configuration

• Download a Citrix ADC release package

• Upgrade a Citrix ADC standalone appliance

• Downgrade a Citrix ADC standalone appliance

• Upgrade a high availability pair

• In Service Software Upgrade support for high availability

• Downgrade a high availability pair

• Troubleshooting

• FAQs

• New and deprecated commands, parameters, and SNMP OIDs

Solutions for Telecom Service Providers

• Large Scale NAT

  • Points to Consider before Configuring LSN

  • Configuration Steps for LSN

  • Sample LSN Configurations

  • Configuring Static LSN Maps

  • Configuring Application Layer Gateways

  • Logging and Monitoring LSN

  • TCP SYN Idle Timeout

  • Overriding LSN configuration with Load Balancing Configuration

  • Clearing LSN Sessions

  • Load Balancing SYSLOG Servers

  • Port Control Protocol

  • LSN44 in a cluster setup

• Dual-Stack Lite

  • Points to Consider before Configuring DS-Lite

  • Configuring DS-Lite

  • Configuring DS-Lite Static Maps

  • Configuring Deterministic NAT Allocation for DS-Lite

  • Configuring Application Layer Gateways for DS-Lite

  • Logging and Monitoring DS-Lite

  • Port Control Protocol for DS-Lite

• Large Scale NAT64

  • Points to Consider for Configuring Large Scale NAT64

  • Configuring DNS64

  • Configuring Large Scaler NAT64

  • Configuring Application Layer Gateways for Large Scale NAT64

  • Configuring Static Large Scale NAT64 Maps

  • Logging and Monitoring Large Scale NAT64

  • Port Control Protocol for Large Scale NAT64

  • LSN64 in a cluster setup

• Mapping Address and Port using Translation

• Telco subscriber management

  • Subscriber aware traffic steering

  • Subscriber aware service chaining

  • Subscriber aware traffic steering with TCP optimization

  • Policy based TCP profile selection

• Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols

• Provide DNS Infrastructure/Traffic Services, such as, Load Balancing, Caching, and Logging for Telecom Service Providers

• Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider

• Bandwidth Utilization Using Cache Redirection Functionality

• Citrix ADC TCP Optimization

  • Getting Started

  • Management Network

  • Licensing

  • High Availability

  • Gi-LAN Integration

  • TCP Optimization Configuration

  • Analytics and Reporting

  • Real-time Statistics

  • SNMP

  • Technical Recipes

  • Scalability

  • Optimizing TCP Performance using TCP Nile

  • Troubleshooting Guidelines

  • Frequently Asked Questions

• Citrix ADC Video Optimization

  • Getting Started

  • Licensing

  • Configuring Video Optimization over TCP

  • Video Optimization over UDP

• Citrix ADC URL Filtering

  • URL List

  • URL Categorization

FAQs

• Admin Partition

• AppFlow

• Call Home

• Clustering

• Connection Management

• Content Switching

• Debugging

• Hardware

• High Availability

• Integrated Caching

• Installing, Upgrading, and Downgrading

• Load Balancing

• Citrix ADC GUI

• SSL

Authentication, authorization, and auditing application traffic

• How Authentication, authorization, and auditing works

• Enabling authentication, authorization, and auditing

• Setting up an authentication virtual server

  • Configuring the authentication virtual server

  • Configuring a traffic management virtual server

  • Configuring DNS

  • Verifying your setup for authentication, authorization, and auditing

• Creating an authentication profile

• Configuring users and groups

• Configuring authentication, authorization, and auditing policies

  • Authentication policies

• Self-service password reset

• Email OTP

• Configure DTLS VPN virtual server using SSL VPN virtual server

• Configuration support for SameSite cookie attribute

• Native OTP support for authentication

  • Store OTP secret data in an encrypted format

  • OTP encryption tool

• Push notification for OTP

• Authorizing user access to application resources

• Auditing authenticated sessions

• Session settings

  • Session profiles

  • Session policies

  • Global session settings

• Traffic settings

  • Traffic profiles

  • Traffic policies

  • Form SSO profiles

  • SAML SSO profiles

• Authenticating with client certificates

  • Client certificate pass-through

• Configuring Authentication, authorization, and auditing with commonly used protocols

  • Handling authentication, authorization and auditing with Kerberos/NTLM

• Citrix ADC Kerberos single sign-on

  • An overview of Citrix ADC Kerberos SSO

  • Setting up Citrix ADC SSO

  • Generating the KCD keytab script

• Rate Limiting for Citrix Gateway

• Enable SSO for Basic, Digest, and NTLM authentication

• SAML authentication

  • Citrix ADC as a SAML SP

  • Citrix ADC as a SAML IdP

  • Configuring SAML single sign-on

  • Additional features supported for SAML

• OAuth authentication

  • Citrix ADC as an OAUTH SP

  • Citrix ADC as an OAuth IdP

  • API authentication with the Citrix ADC appliance

• Multi-Factor (nFactor) authentication

  • nFactor concepts, entities, and terminology

  • Configuring nFactor authentication

  • nFactor Visualizer for simplified configuration

  • nFactor extensibility

  • reCaptcha configuration for nFactor authentication

  • Sample deployments using nFactor authentication

• Citrix ADC as an Active Directory Federation Service proxy

  • Web Services Federation protocol

  • Active Directory Federation Service Proxy Integration Protocol compliance

• Use an on-premises Citrix Gateway as the identity provider for Citrix Cloud

• Troubleshoot authentication issues in Citrix ADC and Citrix Gateway with aaad.debug module

• How to articles

  • Configure nFactor for Citrix Gateway with WebAuth in first factor and LDAP with password change in second factor

  • Configure EULA as an authentication factor in Citrix ADC nFactor system

  • Configure post-authentication Endpoint Analysis scan as a factor in Citrix ADC nFactor authentication

  • Configure pre-authentication Endpoint Analysis scan as a factor in nFactor authentication

  • Configure periodic Endpoint Analysis scan as a factor in nFactor authentication

  • Configure pre-auth and post-auth EPA scan as a factor in nFactor authentication

  • Configure prefill user name from certificate in Citrix ADC nFactor authentication

  • Configure SAML followed by LDAP or certificate authentication based on SAML attribute extraction in nFactor authentication

  • Configure two-factor authentication with one login schema and one passthrough schema in Citrix ADC nFactor authentication

  • Configure user name and two passwords with group extraction in third factor by nFactor authentication

  • Configure certificate authentication as first factor and LDAP as second factor in Citrix ADC nFactor authentication

  • Configure nFactor for applications with different login site requirements including setup authentication

  • Localize error messages generated by Citrix ADC nFactor system

Admin Partitioning

• Supported Citrix ADC configurations

• Configure admin partitions

• VLAN configuration for admin partitions

• VXLAN support for admin partitions

• SNMP support for admin partitions

• Audit log support for admin partitions

• Display configured PMAC addresses for shared VLAN configuration

AppExpert

• Action Analytics

  • Configure a selector

  • Configure a stream identifier

  • View statistics

  • Group records on attribute values

  • Clear stream session

  • Configure policy for optimizing traffic

  • How to limit bandwidth consumption for user or client device

• AppExpert Applications and Templates

  • How AppExpert application works

  • Get started with AppExpert

  • Customize AppExpert Configuration

  • Configure user authentication

  • Monitor Citrix ADC statistics

  • Delete an AppExpert application

  • Configure application authentication, authorization, and auditing

  • Set up a custom Citrix ADC application

  • Creating and Managing Template Files

  • Citrix Gateway Applications

• AppQoE

  • Enabling AppQoE

  • AppQOE Actions

  • AppQoE Parameters

  • AppQoE Policies

• Entity Templates

• HTTP Callouts

  • How an HTTP Callout Works

  • Notes on the Format of HTTP Requests and Responses

  • Configuring an HTTP Callout

  • Verifying the Configuration

  • Invoking an HTTP Callout

  • Avoiding HTTP Callout Recursion

  • Caching HTTP Callout Responses

  • Use Case: Filtering Clients by Using an IP Blacklist

  • Use Case: ESI Support for Fetching and Updating Content Dynamically

  • Use Case: Access Control and Authentication

  • Use Case: OWA-Based Spam Filtering

  • Use Case: Dynamic Content Switching

• Pattern Sets and Data Sets

  • How String Matching works with Pattern Sets and Data Sets

  • Configuring a Pattern Set

  • Configuring a Data Set

  • Using Pattern Sets and Data Sets

  • Sample Usage

• Variables

  • Configuring and Using Variables

  • Use Case for Caching User Privileges

  • Use Case for Limiting the Number of Sessions

• Policies and Expressions

  • Introduction to Policies and Expressions

  • Configuring Advanced Policy Infrastructure

  • Configuring Advanced Policy Expression: Getting Started

  • Advanced Policy Expressions: Evaluating Text

  • Advanced Policy Expressions: Working with Dates, Times, and Numbers

  • Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data

  • Advanced Policy Expressions: Parsing SSL Certificates

  • Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs

  • Advanced Policy Expressions: Stream Analytics Functions

  • Advanced Policy Expressions: DataStream

  • Typecasting Data

  • Regular Expressions

  • Configuring Classic Policies and Expressions

  • Expressions Reference-Advanced Policy Expressions

  • Expressions Reference-Classic Expressions

  • Summary Examples of Default Syntax Expressions and Policies

  • Tutorial Examples of Default Syntax Policies for Rewrite

  • Tutorial Examples of Classic Policies

  • Migration of Apache mod_rewrite Rules to the Default Syntax

• Rate Limiting

  • Configuring a Stream Selector

  • Configuring a Traffic Rate Limit Identifier

  • Configuring and Binding a Traffic Rate Policy

  • Viewing the Traffic Rate

  • Testing a Rate-Based Policy

  • Examples of Rate-Based Policies

  • Sample Use Cases for Rate-Based Policies

  • Rate Limiting for Traffic Domains

  • Configure rate limit at packet level

• Responder

  • Enabling the Responder Feature

  • Configuring a Responder Action

  • Configuring a Responder Policy

  • Binding a Responder Policy

  • Setting the Default Action for a Responder Policy

  • Responder Action and Policy Examples

  • Diameter Support for Responder

  • RADIUS Support for Responder

  • DNS Support for the Responder Feature

  • How to Redirect HTTP Requests

  • Troubleshooting

• Rewrite

  • How Rewrite Works

  • Enabling the Rewrite Feature

  • Configuring a Rewrite Action

  • Configuring a Rewrite Policy

  • Binding a Rewrite Policy

  • Configuring Rewrite Policy Labels

  • Configuring the Default Rewrite Action

  • Bypassing the Safety Check

  • Rewrite Action and Policy Examples

  • URL Transformation

  • RADIUS Support for the Rewrite Feature

  • Diameter Support for Rewrite

  • DNS Support for the Rewrite Feature

• String Maps

• URL Sets

  • Getting Started

  • Advanced Policy Expressions for URL Evaluation

  • Configuring URL Set

  • URL Pattern Semantics

  • URL Categories

AppFlow

• Configuring the AppFlow Feature

• Exporting Performance Data of Web Pages to AppFlow Collector

• Session Reliability on Citrix ADC High Availability Pair

Application Firewall

• FAQs and Deployment Guide

• Introduction to Citrix Web App Firewall

• Configuring the Application Firewall

  • Enabling the Application Firewall

  • The Application Firewall Wizard

  • Manual Configuration

  • Manual Configuration By Using the GUI

  • Manual Configuration By Using the Command Line Interface

• Signatures

  • Manually Configuring the Signatures Feature

  • Adding or Removing a Signatures Object

  • Configuring or Modifying a Signatures Object

  • Protecting JSON Applications using Signatures

  • Updating a Signatures Object

  • Snort rule integration

  • Exporting a Signatures Object to a File

  • The Signatures Editor

  • Signature Updates in High-Availability Deployment and Build Upgrades

• Overview of Security checks

• Top-Level Protections

  • HTML Cross-Site Scripting Check

  • HTML SQL Injection Checks

  • HTML Command Injection Protection

  • JSON Command Injection Protection

  • XML External Entity Protection

  • Buffer Overflow Check

  • Application Firewall Support for Google Web Toolkit

• Cookie Protection

  • Cookie Consistency Check

  • Cookie Hijacking Protection

  • SameSite cookie attribute

• Data Leak Prevention Checks

  • Credit Card Check

  • Safe Object Check

• Advanced Form Protection Checks

  • Field Formats Check

  • Form Field Consistency Check

  • CSRF Form Tagging Check

  • Managing CSRF Form Tagging Check Relaxations

• URL Protection Checks

  • Start URL Check

  • Deny URL Check

• XML Protection Checks

  • XML Format Check

  • XML Denial-of-Service Check

  • XML Cross-Site Scripting Check

  • XML SQL Injection Check

  • XML Attachment Check

  • Web Services Interoperability Check

  • XML Message Validation Check

  • XML SOAP Fault Filtering Check

• JSON Protection Checks

  • JSON DOS Protection

  • JSON SQL Protection

  • JSON XSS Protection

• Managing Content Types

• Profiles

  • Creating Application Firewall Profiles

  • Enforcing HTTP RFC Compliance

  • Configuring Application Firewall Profiles

  • Application Firewall Profile Settings

  • Changing an Application Firewall Profile Type

  • Exporting and Importing an Application Firewall Profile

  • Detailed troubleshooting with WAF logs

  • File Upload Protection

  • Configuring and Using the Learning Feature

  • Dynamic Profiling

  • Supplemental Information about Profiles

• Policy Labels

• Policies

  • Firewall Policies

  • Auditing Policies

• Imports

  • Importing and Exporting Files

• Global Configuration

  • Engine Settings

  • Confidential Fields

  • Field Types

  • XML Content Types

  • JSON Content Types

• Statistics and Reports

• Application Firewall Logs

• Appendices

  • PCRE Character Encoding Format

  • Whitehat WASC Signature Types for WAF Use

  • Streaming Support for Request Processing

  • Trace HTML Requests with Security Logs

  • Application Firewall Support for Cluster Configurations

• Debugging and Troubleshooting

  • High CPU

  • Memory

  • Large File Upload Failure

  • Learning

  • Signatures

  • Trace Log

  • Miscellaneous

  • References

Signatures Alert Articles

• How to receive notification for signature updates

• Signature update version 27

• Signature update version 28

• Signature update version 29

• Signature update version 30

• Signature update version 32

• Signature update version 33

• Signature update version 34

• Signature update version 35

• Signature update version 36

• Signature update version 37

• Signature update version 38

• Signature update version 39

• Signature update version 40

• Signature update version 41

• Signature update version 42

• Signature update version 43

• Signature update version 44

• Signature update version 45

• Signature update version 46

• Signature update version 47

• Signature update version 48

• Signature update version 49

• Signature update version 50

Bot Management

• Bot Detection

• Bot troubleshooting

• Bot FAQ

Cache Redirection

• Cache redirection policies

  • Built-in cache redirection policies

  • Configure a cache redirection policy

• Cache redirection configurations

  • Configure transparent redirection

  • Configure forward proxy redirection

  • Configure reverse proxy redirection

• Selective cache redirection

  • Enable content switching

  • Configure a load balancing virtual server for the cache

  • Configure policies for content switching

  • Configure precedence for policy evaluation

• Administer a cache redirection virtual server

  • View cache redirection virtual server statistics

  • Enable or disable a cache redirection virtual server

  • Direct policy hits to the cache instead of the origin

  • Back up a cache redirection virtual server

  • Manage client connections for a virtual server

  • Enable external TCP health check for UDP virtual servers

• N-tier cache redirection

  • Configure the upper-tier Citrix ADC appliances

  • Configure the lower-tier Citrix ADC appliances

• Translate destination IP address of a request to origin IP address

Clustering

• Citrix ADC configuration support in a cluster

• Prerequisites for cluster nodes

• Cluster overview

  • Synchronization across cluster nodes

  • Striped, partially striped, and spotted configurations

  • Communication in a cluster setup

  • Traffic distribution in a cluster setup

  • Cluster nodegroups

  • Cluster and node states

  • Routing in a cluster

  • IP addressing for a cluster

  • Configuring layer 3 clustering

• Setting up a Citrix ADC cluster

  • Setting up inter-node communication

  • Creating a Citrix ADC cluster

  • Adding a node to the cluster

  • Viewing the details of a cluster

• Distributing traffic across cluster nodes

  • Using Equal Cost Multiple Path (ECMP)

  • Using cluster link aggregation

• Managing the Citrix ADC cluster

  • Configuring linksets

  • Nodegroups for spotted and partially-striped configurations

  • Configuring redundancy for nodegroups

  • Disabling steering on the cluster backplane

  • Synchronizing cluster configurations

  • Synchronizing time across cluster nodes

  • Synchronizing cluster files

  • Viewing the statistics of a cluster

  • Discovering Citrix ADC appliances

  • Disabling a cluster node

  • Removing a cluster node

  • Removing a node from a cluster deployed using cluster link aggregation

  • Detecting jumbo probe on a cluster

  • Route monitoring for dynamic routes in cluster

  • Monitoring cluster setup using SNMP MIB with SNMP link

  • Monitoring command propagation failures in a cluster deployment

  • Graceful shutdown of nodes

  • Graceful shutdown of services

  • IPv6 ready logo support for clusters

  • Managing cluster heartbeat messages

  • Configuring owner node response status

  • Monitor Static Route (MSR) support for inactive nodes in a spotted cluster configuration

  • VRRP interface binding in a single node active cluster

• Cluster setup and usage scenarios

  • Creating a two-node cluster

  • Migrating an HA setup to a cluster setup

  • Transitioning between a L2 and L3 cluster

  • Setting up GSLB in a cluster

  • Using cache redirection in a cluster

  • Using L2 mode in a cluster setup

  • Using cluster LA channel with linksets

  • Backplane on LA channel

  • Common interfaces for client and server and dedicated interfaces for backplane

  • Common switch for client, server, and backplane

  • Common switch for client and server and dedicated switch for backplane

  • Different switch for every node

  • Sample cluster configurations

  • Using VRRP in a cluster setup

  • Monitoring services in a cluster using path monitoring

• Backup and restore of cluster setup

• Upgrading or downgrading the Citrix ADC cluster

• Operations supported on individual cluster nodes

• Support for heterogeneous cluster

• FAQs

• Troubleshooting the Citrix ADC cluster

  • Tracing the packets of a Citrix ADC cluster

  • Troubleshooting common issues

Content Switching

• Configuring Basic Content Switching

• Customizing the Basic Content Switching Configuration

• Content Switching for Diameter Protocol

• Protecting the Content Switching Setup against Failure

• Managing a Content Switching Setup

• Managing Client Connections

• Persistence support for content switching virtual server

• Troubleshooting

DataStream

• Configuring Database Users

• Configuring a Database Profile

• Configuring Load Balancing for DataStream

• Configuring Content Switching for DataStream

• Configuring Monitors for DataStream

• Use Case 1: Configuring DataStream for a Master/Slave Database Architecture

• Use Case 2: Configuring the Token Method of Load Balancing for DataStream

• Use Case 3: Logging MSSQL Transactions in Transparent Mode

• Use Case 4: Database Specific Load Balancing

• DataStream Reference

Domain Name System

• Configure DNS resource records

  • Create SRV records for a service

  • Create AAAA Records for a domain name

  • Create address records for a domain name

  • Create MX records for a mail exchange server

  • Create NS records for an authoritative server

  • Create CNAME records for a subdomain

  • Create NAPTR records for telecommunications domain

  • Create PTR records for IPv4 and IPv6 addresses

  • Create SOA records for authoritative information

  • Create TXT records for holding descriptive text

  • View DNS statistics

• Configure a DNS zone

• Configure the Citrix ADC as an ADNS server

• Configure the Citrix ADC as a DNS proxy server

• Configure the Citrix ADC as an end resolver

• Configure the Citrix ADC as a forwarder

  • Add a name server

  • Set DNS lookup priority

  • Disable and enable name servers

• Configure Citrix ADC as a non-validating security aware stub-resolver

• Jumbo frames support for DNS to handle responses of large sizes

• Configure DNS logging

• Configure DNS suffixes

• DNS ANY query

• Configure negative caching of DNS records

• Caching of EDNS0 client subnet data when the Citrix ADC appliance is in proxy mode

• Domain name system security extensions

  • Configure DNSSEC

  • Configure DNSSEC when the Citrix ADC is authoritative for a zone

  • Configure DNSSEC for a zone for which the Citrix ADC is a DNS proxy server

  • Configure DNSSEC for GSLB domain names

  • Zone maintenance

  • Offload DNSSEC operations to the Citrix ADC

  • Admin partition support for DNSSEC

• Support for wildcard DNS domains

• Mitigate DNS DDoS attacks

Firewall Load Balancing

• Sandwich Environment

• Enterprise Environment

• Multiple-Firewall Environment

Global Server Load Balancing

• GSLB deployment types

  • Active-active site deployment

  • Active-passive site deployment

  • Parent-child topology deployment using the MEP protocol

• GSLB configuration entities

• GSLB methods

  • GSLB algorithms

  • Static proximity

  • Dynamic round trip time method

  • API method

• Configure static proximity

  • Add a location file to create a static proximity database

  • Add custom entries to a static proximity database

  • Set location qualifiers

  • Specify proximity method

  • Synchronize GSLB static proximity database

• Configure site-to-site communication

• Configure metrics exchange protocol

• Configure GSLB by using a wizard

  • Configure active-active site

  • Configure active-passive site

  • Configure parent-child topology

• Configure GSLB entities individually

  • Configure an authoritative DNS service

  • Configure a basic GSLB site

  • Configure a GSLB service

  • Configure a GSLB service group

  • Configure a GSLB virtual server

  • Bind GSLB services to a GSLB virtual server

  • Bind a domain to a GSLB virtual server

  • Example of a GSLB setup and configuration

• Synchronize the configuration in a GSLB setup

  • Manual synchronization between sites participating in GSLB

  • Real-time synchronization between sites participating in GSLB

  • View GSLB synchronization status and summary

  • SNMP traps for GSLB configuration synchronization

• GSLB dashboard

• Monitor GSLB services

• Use case: Deployment of domain name based autoscale service group

• Use case: Deployment of IP address based autoscale service group

• How-to articles

  • Customize your GSLB configuration

  • Configure persistent connections

  • Manage client connections

  • Configure GSLB for proximity

  • Protect the GSLB setup against failure

  • Configure GSLB for disaster recovery

  • Override static proximity behavior by configuring preferred locations

  • Configure GSLB service selection using content switching

  • Configure GSLB for DNS queries with NAPTR records

  • Configure GSLB for wildcard domain

  • Use the EDNS0 client subnet option for GSLB

  • Example of a complete parent-child configuration using the metrics exchange protocol

Link Load Balancing

• Configuring a Basic LLB Setup

• Configuring RNAT with LLB

• Configuring a Backup Route

• Resilient LLB Deployment Scenario

• Monitoring an LLB Setup

Load Balancing

• How load balancing works

• Set up basic load balancing

• Load balance virtual server and service states

• Support for load balancing profile

• Load balancing algorithms

  • Least connection method

  • Round robin method

  • Least response time method

  • LRTM method

  • Hashing methods

  • Least bandwidth method

  • Least packets method

  • Custom load method

  • Static proximity method

  • Token method

  • Configure a load balancing method that does not include a policy

• Persistence and persistent connections

  • About Persistence

  • Source IP address persistence

  • HTTP cookie persistence

  • SSL session ID persistence

  • Diameter AVP number persistence

  • Custom server ID persistence

  • IP address persistence

  • SIP Call ID persistence

  • RTSP session ID persistence

  • Configure URL passive persistence

  • Configure persistence based on user-defined rules

  • Configure persistence types that do not require a rule

  • Configure backup persistence

  • Configure persistence groups

  • Share persistent sessions between virtual servers

  • Configure RADIUS load balancing with persistence

  • View persistence sessions

  • Clear persistence sessions

  • Override persistence settings for overloaded services

  • Troubleshooting

• Insert cookie attributes to ADC generated cookies

• Customize a load balancing configuration

  • Customize the hash algorithm for persistence across virtual servers

  • Configure the redirection mode

  • Configure per-VLAN wildcarded virtual servers

  • Assign weights to services

  • Configure the MySQL and Microsoft SQL server version setting

  • Multi-IP virtual servers

  • Limit the number of concurrent requests on a client connection

• Configure diameter load balancing

• Configure FIX load balancing

• Protect a load balancing configuration against failure

  • Redirect client requests to an alternate URL

  • Configure a backup load balancing virtual server

  • Configure spillover

  • Connection failover

  • Flush the surge queue

• Manage a load balancing setup

  • Manage server objects

  • Manage services

  • Manage a load balancing virtual server

  • Load balancing visualizer

• Manage client traffic

  • Configure sessionless load balancing virtual servers

  • Redirect HTTP requests to a cache

  • Direct requests according to priority

  • Direct requests to a custom web page

  • Enable cleanup of virtual server connections

  • Rewrite ports and protocols for HTTP redirection

  • Insert IP address and port of a virtual server in the request header

  • Use a specified source IP for backend communication

  • Set a time-out value for idle client connections

  • Manage RTSP connections

  • Manage client traffic on the basis of traffic rate

  • Identify a connection with layer 2 parameters

  • Configure the prefer direct route option

  • Use a source port from a specified port range for backend communication

  • Configure source IP persistency for backend communication

  • Use IPv6 link local addresses on server side of a load balancing setup

• Advanced load balancing settings

  • Gradually stepping up the load on a new service with virtual server–level slow start

  • The no-monitor option for services

  • Protect applications on protected servers against traffic surges

  • Enable cleanup of virtual server and service connections

  • Graceful shutdown of services

  • Enable or disable persistence session on TROFS services

  • Direct requests to a custom web page

  • Enable access to services when down

  • Enable TCP buffering of responses

  • Enable compression

  • Enable external TCP health check for UDP virtual servers

  • Maintain client connection for multiple client requests

  • Insert the IP address of the client in the request header

  • Retrieve location details from user IP address using geolocation database

  • Use source IP address of the client when connecting to the server

  • Use client source IP address for backend communication in a v4-v6 load balancing configuration

  • Configure the source port for server-side connections

  • Set a limit on the number of client connections

  • Set a limit on number of requests per connection to the server

  • Set a threshold value for the monitors bound to a service

  • Set a timeout value for idle client connections

  • Set a timeout value for idle server connections

  • Set a limit on the bandwidth usage by clients

  • Redirect client requests to a cache

  • Retain the VLAN identifier for VLAN transparency

  • Configure automatic state transition based on percentage health of bound services

• Built-in monitors

  • TCP-based application monitoring

  • SSL service monitoring

  • FTP service monitoring

  • Secure monitoring of servers by using SFTP

  • Set SSL parameters on a secure monitor

  • SIP service monitoring

  • RADIUS service monitoring

  • Monitor accounting information delivery from a RADIUS server

  • DNS and DNS-TCP service monitoring

  • LDAP service monitoring

  • MySQL service monitoring

  • SNMP service monitoring

  • NNTP service monitoring

  • POP3 service monitoring

  • SMTP service monitoring

  • RTSP service monitoring

  • XML broker service monitoring

  • ARP request monitoring

  • XenDesktop Delivery Controller service monitoring

  • Citrix StoreFront stores monitoring

• Custom monitors

  • Configure HTTP-inline monitors

  • Understand user monitors

  • How to use a user monitor to check web sites

  • Understand the internal dispatcher

  • Configure a user monitor

  • Understand load monitors

  • Configure load monitors

  • Unbind metrics from a metrics table

  • Configure reverse monitoring for a service

• Configure monitors in a load balancing setup

  • Create monitors

  • Configure monitor parameters to determine the service health

  • Bind monitors to services

  • Modify monitors

  • Enable and disable monitors

  • Unbind monitors

  • Remove monitors

  • View monitors

  • Close monitor connections

  • Ignore the upper limit on client connections for monitor probes

• Manage a large scale deployment

  • Ranges of virtual servers and services

  • Configure service groups

  • Manage service groups

  • Configure a desired set of service group members for a service group in one NITRO API call

  • Configure automatic domain based service group scaling

  • Service discovery using DNS SRV records

  • Translate the IP address of a domain-based server

  • Mask a virtual server IP address

• Configure load balancing for commonly used protocols

  • Load balance a group of FTP servers

  • Load balance DNS servers

  • Load balance domain-name based services

  • Load balance a group of SIP servers

  • Load balance RTSP servers

  • Load balance remote desktop protocol (RDP) servers

• Use case 1: SMPP load balancing

• Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream

• Use case 3: Configure load balancing in direct server return mode

• Use case 4: Configure LINUX servers in DSR mode

• Use case 5: Configure DSR mode when using TOS

• Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field

• Use case 7: Configure load balancing in DSR mode by using IP Over IP

• Use case 8: Configure load balancing in one-arm mode

• Use case 9: Configure load balancing in the inline mode

• Use case 10: Load balancing of intrusion detection system servers

• Use case 11: Isolating network traffic using listen policies

• Use case 12: Configure XenDesktop for load balancing

• Use case 13: Configure XenApp for load balancing

• Use case 14: ShareFile wizard for load balancing Citrix ShareFile

• Troubleshooting

• Load balancing FAQs

Networking

• IP Addressing

  • Configuring NetScaler-Owned IP Addresses

  • How the Citrix ADC Proxies Connections

  • Enabling Use Source IP Mode

  • Configuring Network Address Translation

  • Configuring Static ARP

  • Setting the Timeout for Dynamic ARP Entries

  • Configuring Neighbor Discovery

  • Configuring IP Tunnels

  • Class E IPv4 packets

• Interfaces

  • Configuring MAC-Based Forwarding

  • Configuring Network Interfaces

  • Configuring Forwarding Session Rules

  • Understanding VLANs

  • Configuring a VLAN

  • Configuring NSVLAN

  • Configuring Allowed VLAN List

  • Configuring Bridge Groups

  • Configuring Virtual MACs

  • Configuring Link Aggregation

  • Redundant Interface Set

  • Binding an SNIP address to an Interface

  • Monitoring the Bridge Table and Changing the Aging time

  • Citrix ADC Appliances in Active-Active Mode Using VRRP

  • Using the Network Visualizer

  • Configuring Link Layer Discovery Protocol

  • Jumbo Frames

  • Citrix ADC Support for Microsoft Direct Access Deployment

• Access Control Lists

  • Simple ACLs and Simple ACL6s

  • Extended ACLs and Extended ACL6s

  • MAC Address Wildcard Mask for ACLs

  • Blocking Traffic on Internal Ports

• IP Routing

  • Configuring Dynamic Routes

  • Configuring Static Routes

  • Route Health Injection Based on Virtual Server Settings

  • Configuring Policy-Based Routes

  • Troubleshooting Routing Issues

• Internet Protocol version 6 (IPv6)

• Traffic Domains

  • Inter Traffic Domain Entity Bindings

  • Virtual MAC Based Traffic Domains

• VXLAN

• Best practices for networking configurations

• Configure to source Citrix ADC FreeBSD data traffic from a SNIP address

Citrix ADC Extensions

• Citrix ADC extensions - language overview

  • Simple types

  • Variables

  • Expressions

  • Assignment

  • Tables

  • Control structures

  • Functions

• Citrix ADC extensions - library reference

• Citrix ADC extensions API reference

• Protocol extensions

  • Protocol extensions - architecture

  • Protocol extensions - traffic pipeline for user defined TCP client and server behaviors

  • Protocol extensions - use cases

  • Tutorial – Add MQTT protocol to the Citrix ADC appliance by using protocol extensions

  • Tutorial - Load balancing syslog messages by using protocol extensions

  • Protocol extensions command reference

  • Troubleshoot protocol extensions

• Policy extensions

  • Configure policy extensions

  • Policy extensions - use cases

  • Troubleshooting policy extensions

Optimization

• Client Keep-Alive

• HTTP Compression

• Integrated Caching

  • Configure selectors and basic content groups

  • Configure policies for caching and invalidation

  • Cache support for database protocols

  • Configure expressions for caching policies and selectors

  • Display cached objects and cache statistics

  • Improve cache performance

  • Configure cookies, headers, and polling

  • Configure integrated cache as a forward proxy

  • Default Settings for the Integrated Cache

  • Troubleshooting

• Front End Optimization

• Content Accelerator

• Media Classification

Reputation

• IP Reputation

SSL offload and acceleration

• SSL offloading configuration

• TLSv1.3 protocol support as defined in RFC 8446

• How-to articles

• SSL certificates

  • Create a certificate

  • Install, link, and update certificates

  • Generate a server test certificate

  • Import and convert SSL files

• SSL profiles

  • SSL profile infrastructure

  • Secure front-end profile

  • Appendix A: Sample migration of the SSL configuration after upgrade

  • Appendix B: Default front-end and back-end SSL profile settings

  • Legacy SSL profile

• Certificate revocation lists

• Monitor certificate status with OCSP

• OCSP stapling

• Ciphers available on the Citrix ADC appliances

  • ECDHE ciphers

  • Diffie-Hellman (DH) key generation and achieving PFS with DHE

  • Cipher redirection

  • Leverage hardware and software to improve ECDHE and ECDSA cipher performance

  • ECDSA cipher suites support

  • Configure user-defined cipher groups on the ADC appliance

• Server certificate support matrix on the ADC appliance

• Client authentication

• Server authentication

• SSL actions and policies

  • SSL policies

  • SSL built-in actions and user-defined actions

  • SSL policy binding

  • SSL policy labels

• Selective SSL logging

• Support for DTLS protocol

• Support for Intel Coleto SSL chip based platforms

• MPX 9700/10500/12500/15500 FIPS appliances

  • Configure FIPS appliances in a high availability setup

  • Update the firmware to version 2.2 on a FIPS card

  • Reset a locked HSM

• MPX 14000 FIPS appliances

• SDX 14000 FIPS appliances

  • Limitations

  • Terminology

  • Initialize the HSM

  • Create partitions

  • Provision a new instance or modify an existing instance and assign a partition

  • Configure the HSM for an instance on an SDX 14030/14060/14080 FIPS appliance

  • Create a FIPS key for an instance on an SDX 14030/14060/14080 FIPS appliance

  • Upgrade the FIPS firmware on a VPX instance

• Support for nCipher nShield® HSM

  • Architecture overview

  • Prerequisites

  • Configure the ADC-nCipher integration

  • Limitations

  • Appendix

• Support for Gemalto SafeNet Network hardware security module

  • Prerequisites

  • Configure a SafeNet client on the ADC

  • Configure Safenet HSMs in a high availability setup on the ADC

  • Additional ADC configuration

  • Citrix ADC appliances in a high availability setup

  • Limitations

  • Appendix

  • FAQ

• Support for Azure Key Vault

• Troubleshooting

• SSL FAQs

Content inspection

• ICAP for remote content inspection

• Inline Device Integration with Citrix ADC

• Integration with IPS or NGFW as inline devices

• IDS Integration

• IDS Layer 3 Integration

• Content Inspection Statistics for ICAP, IPS, and IDS

SSL forward proxy

• Getting started with SSL forward proxy

• Proxy modes

• SSL interception

• User identity management

• URL filtering for SSL forward proxy

  • URL list

  • URL categorization

  • URL reputation score

• Analytics for SSL forward proxy

• Using ICAP for remote content inspection

• How-to articles

Security

• Content filtering

  • Enable content filtering

  • Configure a content filtering action

  • Configure a content filtering policy

  • Bind a content filtering policy

  • Configure content filtering for a commonly used deployment scenario

  • Troubleshooting

• HTTP DOS protection

  • Layer 3-4 SYN denial-of-service protection

  • Enable HTTP DoS protection

  • Define an HTTP DoS policy

  • Configure an HTTP DoS service

  • Bind an HTTP DoS monitor and policy

  • Tune the client detection/JavaScript challenge response rate

  • Guidelines for HTTP DoS protection deployment

  • Troubleshooting

• Priority Queuing

  • Enable priority queuing

  • Configure a priority queuing policy

  • Bind a priority queuing policy

  • Set up weighted queuing

• Surge protection

  • Disable and reenable surge protection

  • Set thresholds for surge protection

  • Flush the surge queue

• DNS security options

System

• Basic operations

  • Clock Synchronization

  • Session timeout

  • System date and time

  • Backup and restore

  • Restart or shut down

  • Generate technical support bundle

  • Extra management CPU

  • Configure HTTP and HTTPS management ports

  • How to Collect Technical Support Bundle

• Authentication and authorization for System Users

  • Configuring Users, User Groups, and Command Policies

  • User Account and Password Management

  • Resetting the Default Administrator (nsroot) Password

  • Configuring External User Authentication

  • SSH Key-based Authentication for Citrix ADC Administrators

  • Two Factor Authentication for System Users

  • Restricted Management Interface Access

• TCP Configurations

• HTTP Configurations

  • Configuring HTTP/2 on the Citrix ADC Appliance

  • HTTP/2 DoS mitigation

• gRPC

  • gRPC End-to-End Configuration

  • gRPC Bridging

  • gRPC Reverse Bridging

  • gRPC Call Termination

  • gRPC with Rewrite Policy Configuration

  • gRPC with Responder Policy Configuration

• Proxy Protocol

• Client IP Address in TCP Option

• SNMP

  • Configuring the Citrix ADC to Generate SNMP Traps

  • Configuring the Citrix ADC for SNMP v1 and v2 Queries

  • Configuring the Citrix ADC for SNMPv3 Queries

  • Configuring SNMP Alarms for Rate Limiting

  • Configuring SNMP in FIPS Mode

• Audit Logging

  • Configuring the Citrix ADC Appliance for Audit Logging

  • Installing and Configuring the NSLOG Server

  • Running the NSLOG Server

  • Customizing Logging on the NSLOG Server

  • SYSLOG Over TCP

  • Load Balancing SYSLOG Servers

  • Default Settings for the Log Properties

  • Sample Configuration File (audit.conf)

• Web Server Logging

  • Configuring the Citrix ADC for Web Server Logging

  • Installing the Citrix ADC Web Logging (NSWL) Client

  • Configuring the NSWL Client

  • Customizing Logging on the NSWL Client System

• Call Home

• Reporting Tool

• CloudBridge Connector

  • Monitoring CloudBridge Connector Tunnels

  • Configuring a CloudBridge Connector Tunnel between two Datacenters

  • Configuring CloudBridge Connector between Datacenter and AWS Cloud

  • Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Virtual Private Gateway on AWS

  • Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud

  • Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud

  • Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device

  • Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Fortinet FortiGate Appliance

  • CloudBridge Connector Tunnel Diagnostics and Troubleshooting

  • CloudBridge Connector Interoperability – StrongSwan

  • CloudBridge Connector Interoperability – F5 BIG-IP

  • CloudBridge Connector Interoperability – Cisco ASA

• High Availability

  • Points to Consider for a High Availability Setup

  • Configuring High Availability

  • Configuring the Communication Intervals

  • Configuring Synchronization

  • Synchronizing Configuration Files in a High Availability Setup

  • Configuring Command Propagation

  • Restricting High-Availability Synchronization Traffic to a VLAN

  • Configuring Fail-Safe Mode

  • Configuring Virtual MAC Addresses

  • Configuring High Availability Nodes in Different Subnets

  • Configuring Route Monitors

  • Limiting Failovers Caused by Route Monitors in non-INC mode

  • Configuring Failover Interface Set

  • Understanding the Causes of Failover

  • Forcing a Node to Fail Over

  • Forcing the Secondary Node to Stay Secondary

  • Forcing the Primary Node to Stay Primary

  • Understanding the High Availability Health Check Computation

  • High Availability FAQs

  • Troubleshooting High Availability Issues

  • Managing High Availability Heartbeat Messages on a Citrix ADC Appliance

  • Remove and Replace a Citrix ADC in a High Availability Setup

• Request retry

  • Request retry

• TCP Optimization

• Troubleshooting

  • How to Record a Packet Trace on Citrix ADC

  • How-to Free Space on /Var Directory

  • How to Download Core or Crashed Files from Citrix ADC Appliance

  • How to Collect Performance Statistics and Event Logs

  • How to Configure Log File Rotation