Product Documentation

Configuring a NetScaler for the First Time

Dec 22, 2016
Initial configuration is the same for the multifunction Citrix NetScaler, the dedicated NetScaler Gateway Enterprise Edition, and the dedicated Citrix NetScaler Application Firewall appliances. You can use any of the following interfaces for initial configuration of your appliance:
  • First-time use wizard—If you use a web browser to connect to the appliance, you are prompted to enter the network configuration and licensing information, if it is not already specified.
  • LCD keypad—You can specify the network settings, but you must use a different interface to upload your licenses.
  • Serial console—After connecting to the serial console, you can use the command line interface to specify the network settings and upload your licenses.
  • NITRO API—You can use the NITRO API suite to configure the NetScaler appliance.

For initial configuration, use nsroot as both the administrative user name and the password. For subsequent access, use the password assigned during initial configuration.

The default credentials for a NetScaler root administrator is "nsroot". However, for security reasons, you might enforce a password change to ensure the credentials are changed to a new value other than the default value. To implement this, a new parameter, "forcePasswordChange" is used.

If you, as a root administrator log on with default credentials and set forcePasswordChange to ENABLED, on your next subsequent logon attempt, you will be prompted to change the password, and will not be allowed to log on without doing so. After the password is changed, the prompt no longer appears.

Note: You are prompted to change the current password to a new one only if the ForcePasswordChange parameter is enabled. Otherwise, you can access the appliance with the default login credentials (user name: NSROOT, password: NSROOT).

If you are setting up two NetScaler appliances as a high availability pair, you configure one as primary and the other as secondary.

The configuration procedure for a FIPS appliance is slightly different from the procedure for a NetScaler MPX appliance or a NetScaler virtual appliance.

Using the First-time Setup Wizard

To configure a NetScaler appliance (or NetScaler virtual appliance) for the first time, you need an administrative computer configured on the same network as the appliance.

You must assign a NetScaler IP (NSIP) address as the management IP address of your NetScaler appliance. This is the address at which you access the NetScaler for configuration, monitoring, and other management tasks. Assign a subnet IP (SNIP) address for your NetScaler to communicate with the backend servers. Specify a host name to identify your NetScaler, an IP address for a DNS server to resolve domain names, and the time zone in which your NetScaler is located.

The wizard automatically appears if any of the following conditions are met:
  • The appliance is configured with the default IP address (192.168.100.1).
  • A subnet IP address is not configured.
  • Licenses are not present on the appliance.

To perform first-time configuration of your appliance

  1. In a web browser, type: http://192.168.100.1
    Note: The NetScaler software is preconfigured with a default IP address. If you have already assigned as NSIP address, type that address in a web browser.
  2. In User Name and Password, type the administrator credentials. The following screen appears.

  3. To configure or to change a previously configured setting, click inside each section. When done, click Continue.
  4. When prompted, select Reboot.

Using the LCD Keypad

When you first install the appliance, you can configure the initial settings by using the LCD keypad on the front panel of the appliance. The keypad interacts with the LCD display module, which is also on the front panel of these appliances.

Note: You can use the LCD keypad for initial configuration on a new appliance with the default configuration. The configuration file (ns.conf) should contain the following command and default values.

set ns config -IPAddress 192.168.100.1 -netmask 255.255.0.0

The functions of the different keys are explained in the following table.

Table 1. LCD Key Functions
Key Function
< Moves the cursor one digit to the left.
> Moves the cursor one digit to the right.
^ Increments the digit under the cursor.
v Decrements the digit under the cursor.
. Processes the information, or terminates the configuration, if none of the values are changed. This key is also known as the ENTER key.

To perform the initial configuration by using the LCD keypad press the "<" key.

You are prompted to enter the subnet mask, NetScaler IP address (NSIP), and gateway in that order respectively. The subnet mask is associated with both the NSIP and default gateway IP address. The NSIP is the IPv4 address of the NetScaler appliance. The default gateway is the IPv4 address for the router, which will handle external IP traffic that the NetScaler cannot otherwise route. The NSIP and the default gateway should be on the same subnet.

If you enter a valid value for the subnet mask, such as 255.255.255.224, you are prompted to enter the IP address. Similarly, if you enter a valid value for the IP address, you are prompted to enter the gateway address. If the value you entered is invalid, the following error message appears for three seconds, where xxx.xxx.xxx.xxx is the IP address you entered, followed by a request to re-enter the value.

Invalid addr! 
xxx.xxx.xxx.xxx

If you press the ENTER (.) key without changing any of the digits, the software interprets this as a user exit request. The following message will be displayed for three seconds.

Exiting menu... 
xxx.xxx.xxx.xxx

If all the values entered are valid, when you press the ENTER key, the following message appears.

Values accepted, 
Rebooting...

The subnet mask, NSIP, and gateway values are saved in the configuration file.

Note: For information about deploying a high availability (HA) pair, see "High Availability."

Using the NetScaler Serial Console

When you first install the appliance, you can configure the initial settings by using the serial console. With the serial console, you can change the system IP address, create a subnet or mapped IP address, configure advanced network settings, and change the time zone.

Note: To locate the serial console port on your appliance, see "RS232 Serial Console Port" in "Ports."

To configure initial settings by using a serial console

  1. Connect the console cable into your appliance. For more information, see "Connecting the Console Cable" in "Connecting the Cables."
  2. Run the vt100 terminal emulation program of your choice on your computer to connect to the appliance and configure the following settings: 9600 baud, 8 data bits, 1 stop bit, parity, and flow control set to NONE.
  3. Press ENTER. The terminal screen displays the Logon prompt.
    Note: You might have to press ENTER two or three times, depending on which terminal program you are using.
  4. Log on to the appliance with the administrator credentials. Your sales representative or Citrix Customer Service can provide you with the administrator credentials.
  5. At the prompt, type config ns to run the NetScaler configuration script.
  6. To complete the initial configuration of your appliance, follow the prompts.
    Note: To prevent an attacker from breaching your ability to send packets to the appliance, choose a non-routable IP address on your organization's LAN as your appliance IP address.

    You can replace steps 5 and 6 with the following NetScaler commands. At the NetScaler command prompt, type:

    set ns config -ipaddress<IPAddress> -netmask<subnetMask>

    add ns ip<IPAddress> <subnetMask> -type<type>

    add route<network> <netmask> <gateway>

    set system user <userName> -password

    save ns config

    reboot

    Example

    set ns config -ipaddress 10.102.29.60 -netmask 255.255.255.0  
    add ns ip 10.102.29.61 255.255.255.0 -type snip  
    add route 0.0.0.0 0.0.0.0 10.102.29.1  
    set system user nsroot -password  
    Enter password: ***** 
    Confirm password: ***** 
    save ns config  
    reboot
    
    You have now completed initial configuration of your appliance. To continue configuring the appliance, choose one of the following options:

     

    Citrix NetScaler.
    If you are configuring your appliance as a standard NetScaler with other licensed features, see "Load Balancing."
    Citrix NetScaler Application Firewall.
    If you are configuring your appliance as a standalone application firewall, see "Application Firewall."
    NetScaler Gateway.
    If you are configuring your appliance as an NetScaler Gateway, see "NetScaler Gateway 10.5."
    Note: For information about deploying a high availability (HA) pair, see "Configuring High Availability."

Configuring a NetScaler by Using the NITRO API

You can use the NITRO API to configure the NetScaler appliance. NITRO exposes its functionality through Representational State Transfer (REST) interfaces. Therefore, NITRO applications can be developed in any programming language. Additionally, for applications that must be developed in Java or .NET or Python, NITRO APIs are exposed through relevant libraries that are packaged as separate Software Development Kits (SDKs). For more information, see NITRO API.