-
Getting Started with Citrix NetScaler
-
Deploy a Citrix NetScaler VPX instance
-
Install a NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for Installing NetScaler VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the NetScaler Virtual Appliance by using OpenStack
-
Provisioning the NetScaler Virtual Appliance by using the Virtual Machine Manager
-
Configuring NetScaler Virtual Appliances to Use SR-IOV Network Interface
-
Configuring NetScaler Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the NetScaler Virtual Appliance by using the virsh Program
-
Provisioning the NetScaler Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a NetScaler VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Upgrade and downgrade a NetScaler appliance
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Use source IP address of the client when connecting to the server
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
MPX 9700/10500/12500/15500 FIPS appliances
-
Update the firmware to version 2.2 on a FIPS card
-
Support for Gemalto SafeNet Network hardware security module
-
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Update the firmware to version 2.2 on a FIPS card
FIPS firmware version 2.2 supports TLS protocol versions 1.1 and 1.2. From the command line, you can update the firmware version of the FIPS card of a NetScaler MPX 9700/10500/12500/15500 FIPS appliance from version 1.1 to version 2.2.
For successful SIM key propagation from primary to secondary in a high availability (HA) pair, the Cavium firmware version on each appliance should be identical. Perform the firmware update on the secondary appliance first. If executed on the primary appliance first, the long-running update process causes a failover.
Limitations
- Secure renegotiation is supported only on SSL virtual servers and front-end SSL services.
- Creating a certificate signing request by using a key that was created on firmware version 1.1 and updated to firmware version 2.2 fails.
- You cannot create a 1024-bit RSA key on firmware version 2.2. However, if you have imported or created a 1024-bit FIPS key on firmware version 1.1 and you then update to firmware version 2.2, you can use that FIPS key on firmware version 2.2.
- 1024-bit RSA keys are not supported.
- Secure renegotiation using SSLv3 protocol is not supported.
- After you upgrade the firmware, TLSv1.1 and TLSv1.2 are disabled by default on the existing virtual server, internal, front end, and backend services. To use TLS 1.1/1.2, you must explicitly enable these protocols, on the SSL entities, after the upgrade.
- FIPS keys that are created in firmware version 2.2 are not available if you downgrade the firmware to version 1.1.
Prerequisites
Download the following files from the download page on www.citrix.com. The files must be stored in the /var/nsinstall directory on the appliance.
- FW 2.2 File: FW-2.2-130013
- FW 2.2 Signature File: FW-2.2-130013.sign
FW-2.2-130013 is the recommended firmware version. It includes fixes to improve DRBG.
Update the FIPS firmware to version 2.2 on a standalone appliance
-
Log on to the appliance by using the administrator credentials.
-
At the prompt, type the following command to confirm that the FIPS card is initialized.
show fips FIPS HSM Info: HSM Label : NetScaler FIPS Initialization : FIPS-140-2 Level-2 HSM Serial Number : 3.0G1235-ICM000264 HSM State : 2 HSM Model : NITROX XL CN1620-NFBE Hardware Version : 2.0-G Firmware Version : 1.1 Firmware Release Date : Jun04,2010 Max FIPS Key Memory : 3996 Free FIPS Key Memory : 3992 Total SRAM Memory : 467348 Free SRAM Memory : 62512 Total Crypto Cores : 3 Enabled Crypto Cores : 1 Done
-
Save the configuration. At the prompt, type:
save config
-
Perform the update. At the prompt, type:
update ssl fips -fipsFW <path to the extracted contents>/CN16XX-NFBE-FW-2.2-1300013
Press Y when the following prompt appears:
This command will update compatible version of the FIPS firmware. You must save the current configuration (saveconfig) before executing this command. You must reboot the system after execution of this command, for the firmware update to take effect. Do you want to continue?(Y/N)Y Done
Note: You only need to specify the firmware file, because the firmware signature file is placed in the same location.
The update takes up to ten seconds. The update command is blocking, which means that no other actions are executed until the command finishes. The command prompt reappears when execution of the command is completed.
-
Restart the appliance. At the prompt, type:
reboot Are you sure you want to restart NetScaler (Y/N)? [N]:Y
-
Verify that the update is successful. At the prompt, type:
show fips
The firmware version displayed in the output should be 2.2. For example:
sh fips FIPS HSM Info: HSM Label : NetScaler FIPS Initialization : FIPS-140-2 Level-2 HSM Serial Number : 2.1G1207-IC002429 HSM State : 2 HSM Model : NITROX XL CN1620-NFBE Hardware Version : 2.0-G Firmware Version : 2.2 Firmware Build : NFBE-FW-2.2-130013 Max FIPS Key Memory : 3996 Free FIPS Key Memory : 3982 Total SRAM Memory : 467348 Free SRAM Memory : 50472 Total Crypto Cores : 3 Enabled Crypto Cores : 1 Done
Update the FIPS firmware to version 2.2 on appliances in a high availability pair
-
Log on to the secondary node and perform the update as described in [“Update the FIPS firmware to version 2.2 on a standalone appliance”.
Force the secondary node to become primary. At the prompt, type:
force failover
Press Y at the confirmation prompt.
-
Log on to the new secondary node (old primary) and perform the update as described in “Update the FIPS firmware to version 2.2 on a standalone appliance”.
-
Force the new secondary node to become primary again. At the prompt, type:
force failover
Press Y at the confirmation prompt.
Update the FIPS firmware to version 1.1 on a standalone appliance
-
Download the nfb_firmware-r1235_100604 and nfb_firmware-r1235_100604.sign files, to the same directory on the appliance, from the download page on www.citrix.com.
-
Log on to the appliance by using the administrator credentials.
-
At the prompt, type:
update ssl fips -fipsFW /<full path to the file>/nfb_firmware-r1235_100604
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.