Getting Started with Citrix NetScaler

• Where Does a NetScaler Appliance Fit in the Network?

• How a NetScaler Communicates with Clients and Servers

• Introduction to the Citrix NetScaler Product Line

• Install the hardware

• Access a Citrix ADC

• Configure the ADC for the first time

• Configure high availability

• Configuring a FIPS Appliance for the First Time

• Understanding Common Network Topologies

• System management settings

  • System settings

  • Packet forwarding modes

  • Network interfaces

  • Clock synchronization

  • DNS configuration

  • SNMP configuration

  • Verify Configuration

• Load balance traffic on a NetScaler appliance

  • Load balancing

  • Persistence settings

  • Configure features to protect the load balancing configuration

  • A typical load balancing scenario

• Accelerate load balanced traffic by using compression

• Secure load balanced traffic by using SSL

• Features at a Glance

  • Application Switching and Traffic Management Features

  • Application Acceleration Features

  • Application Security and Firewall Features

  • Application Visibility Feature

FAQ

• AppFlow

• Call Home

• Clustering

• Connection Management

• Content Switching

• Debugging

• Hardware

• High Availability

• Integrated Caching

• Installing, Upgrading, and Downgrading

• Load Balancing

• Citrix NetScaler GUI

• SSL

Solutions for Telecom Service Providers

• Large Scale NAT

  • Points to Consider before Configuring LSN

  • Configuration Steps for LSN

  • Sample LSN Configurations

  • Configuring Static LSN Maps

  • Configuring Application Layer Gateways

  • Logging and Monitoring LSN

  • STUN Timeout

  • TCP SYN Idle Timeout

  • Overriding LSN configuration with Load Balancing Configuration

  • Clearing LSN Sessions

  • Load Balancing SYSLOG Servers

  • Port Control Protocol

• Dual-Stack Lite

  • Points to Consider before Configuring DS-Lite

  • Configuring DS-Lite

  • Configuring DS-Lite Static Maps

  • Configuring Deterministic NAT Allocation for DS-Lite

  • Configuring Application Layer Gateways for DS-Lite

  • Logging and Monitoring DS-Lite

  • Port Control Protocol for DS-Lite

• Large Scale NAT64

  • Points to Consider for Configuring Large Scale NAT64

  • Configuring DNS64

  • Configuring Large Scaler NAT64

  • Configuring Application Layer Gateways for Large Scale NAT64

  • Configuring Static Large Scale NAT64 Maps

  • Logging and Monitoring Large Scale NAT64

  • Port Control Protocol for Large Scale NAT64

• Mapping Address and Port using Translation

• Telco subscriber management

  • Subscriber aware traffic steering

  • Subscriber aware service chaining

  • Policy based TCP profile selection

• Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols

• Provide DNS Infrastructure/Traffic Services, such as, Load Balancing, Caching, and Logging for Telecom Service Providers

• Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider

• Bandwidth Utilization Using Cache Redirection Functionality

• NetScaler TCP Optimization

  • Getting Started

  • Management Network

  • Licensing

  • High Availability

  • Gi-LAN Integration

  • TCP Optimization Configuration

  • Analytics and Reporting

  • Real-time Statistics

  • SNMP

  • Technical Recipes

  • Scalability

  • Optimizing TCP Performance using TCP Nile

  • CQA and Adaptive TCP Optimization

  • Troubleshooting Guidelines

  • Frequently Asked Questions

• NetScaler Video Optimization

  • Getting Started

  • Licensing

  • Configuring Video Optimization over TCP

  • Video Optimization over UDP

• NetScaler URL Filtering

  • URL List

  • URL Categorization

NetScaler Solutions

• Setting Up NetScaler for XenApp/XenDesktop

• Global Server Load Balancing (GSLB) Powered Zone Preference

• NetScaler in a Private Cloud Managed by Microsoft Windows Azure Pack and Cisco ACI

  • Creating a NetScaler Load Balancer in a Plan in the Service Management Portal (Admin Portal)

  • Configuring a NetScaler Load Balancer by Using the Service Management Portal (Tenant Portal)

  • Deleting a NetScaler Load Balancer from the Network

Deploy a Citrix NetScaler VPX instance

• Support matrix and usage guidelines

• Install a NetScaler VPX instance on XenServer

  • Configuring NetScaler Virtual Appliances to use Single Root I/O Virtualization (SR-IOV) Network Interfaces

• Install a NetScaler VPX instance on VMware ESX

  • Configuring NetScaler Virtual Appliances to use VMXNET3 Network Interface

  • Configuring NetScaler Virtual Appliances to use Single Root I/O Virtualization (SR-IOV) Network Interface

  • Migrating the NetScaler VPX from E1000 to SR-IOV or VMXNET3 Network Interfaces

  • Configuring NetScaler Virtual Appliances to use PCI Passthrough Network Interface

• Install a Citrix NetScaler VPX instance on Microsoft Hyper-V servers

• Install a NetScaler VPX instance on Linux-KVM platform

  • Prerequisites for Installing NetScaler VPX Virtual Appliances on Linux-KVM Platform

  • Provisioning the NetScaler Virtual Appliance by using OpenStack

  • Provisioning the NetScaler Virtual Appliance by using the Virtual Machine Manager

  • Configuring NetScaler Virtual Appliances to Use SR-IOV Network Interface

  • Configuring NetScaler Virtual Appliances to use PCI Passthrough Network Interface

  • Provisioning the NetScaler Virtual Appliance by using the virsh Program

  • Managing the NetScaler Guest VMs

  • Provisioning the NetScaler Virtual Appliance with SR-IOV, on OpenStack

  • Configuring a NetScaler VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces

• Deploying NetScaler VPX Instances on AWS

  • Limitations and Usage Guidelines

  • Prerequisites

  • Deploying a NetScaler VPX Standalone Instance on AWS

  • Downloading a NetScaler VPX License

  • Load Balancing Servers in different Availability Zones

  • Deploying a NetScaler VPX HA Pair on AWS

  • Adding Back-End AWS Auto Scaling Service on NetScaler VPX Instances

  • Configuring NetScaler Virtual Appliances to Use SR-IOV Network Interface

  • Upgrading a NetScaler VPX instance on AWS

  • Troubleshooting the NetScaler VPX on AWS

• Deploy a NetScaler VPX instance on Microsoft Azure

  • Configuring a Standalone NetScaler Instance in ARM

  • Configuring Multiple IP Addresses for a Standalone NetScaler Instance

  • Configuring an HA Setup with Multiple IP Addresses and NICs

  • Configuring an HA Setup with Multiple IP Addresses and NICs by Using PowerShell Commands

  • Configuring an HA Setup with a Single IP Address and a Single NIC

  • Configuring GSLB on NetScaler VPX Instances

  • Configuring GSLB on a NetScaler Active-Standby HA Setup

  • Configuring Address Pools (IIP) for a NetScaler Gateway Appliance

  • Configuring Multiple IP Addresses for a NetScaler VPX Instance in Standalone Mode by Using PowerShell Commands

  • Configuring Multiple Azure VIPs for a Standalone NetScaler Instance

  • PowerShell Scripts for Azure Deployment

  • Azure Resource Manager Terminology

• Jumbo frames on NetScaler VPX instances

Licensing

• NetScaler licensing overview

• NetScaler Gateway Universal License

• NetScaler Pooled Capacity

Upgrade and downgrade a NetScaler appliance

• Before you begin

• Upgrade a NetScaler standalone appliance

• Downgrade a NetScaler standalone appliance

• Upgrade a high availability pair

• Downgrade a high availability pair

• Troubleshooting

• FAQs

• New and deprecated commands, parameters, and SNMP OIDs

• Deprecated features and functionalities

AAA application traffic

• How AAA works

• Enabling AAA

• Setting up an authentication virtual server

  • Configuring the authentication virtual server

  • Configuring a traffic management virtual server

  • Configuring DNS

  • Verifying your setup for AAA

• Creating an authentication profile

• Configuring users and groups

• Configuring AAA policies

  • Authentication policies

• Authorizing user access to application resources

• Auditing authenticated sessions

• Session settings

  • Session profiles

  • Session policies

  • Global session settings

• Traffic settings

  • Traffic profiles

  • Traffic policies

  • Form SSO profiles

  • SAML SSO profiles

• Authenticating with client certificates

  • Client certificate pass-through

• Configuring AAA with commonly used protocols

  • Handling authentication, authorization and auditing with Kerberos/NTLM

• NetScaler Kerberos single sign-on

  • An overview of NetScaler Kerberos SSO

  • Setting up NetScaler SSO

  • Generating the KCD keytab script

• SAML authentication

  • NetScaler as a SAML SP

  • NetScaler as a SAML IdP

  • Configuring SAML single sign-on

• OAuth authentication

• Multi-Factor (nFactor) authentication

  • How to configure nFactor authentication

  • How nFactor authentication works

  • Configuring nFactor authentication

• Configuring the OpenID Connect Protocol

Admin Partitioning

• Supported NetScaler configurations

• Configure admin partitions

• VLAN configuration for admin partitions

• VXLAN support for admin partitions

• SNMP support for admin partitions

• Audit log support for admin partitions

AppExpert

• Action Analytics

  • Configure a selector

  • Configure a stream identifier

  • View statistics

  • Group records on attribute values

  • Clear stream session

  • Configure policy for optimizing traffic

  • How to limit bandwidth consumption for user or client device

• AppExpert Applications and Templates

  • How AppExpert application works

  • Get started with AppExpert

  • Customize AppExpert Configuration

  • Configure user authentication

  • Monitor NetScaler statistics

  • Delete an AppExpert application

  • Configure application authentication, authorization, and auditing

  • Set up a custom NetScaler application

  • Creating and Managing Template Files

  • NetScaler Gateway Applications

  • Customizing the Configuration

• AppQoE

  • Enabling AppQoE

  • AppQOE Actions

  • AppQoE Parameters

  • AppQoE Policies

• Entity Templates

  • Configuring an Entity Template

  • Creating an Entity from a Template

  • Managing Entity Template Folders

  • Uploading and Downloading Entity Templates

  • Understanding Load Balancing Entity Templates and Deployment Files

• HTTP Callouts

  • How an HTTP Callout Works

  • Notes on the Format of HTTP Requests and Responses

  • Configuring an HTTP Callout

  • Verifying the Configuration

  • Invoking an HTTP Callout

  • Avoiding HTTP Callout Recursion

  • Caching HTTP Callout Responses

  • Use Case: Filtering Clients by Using an IP Blacklist

  • Use Case: ESI Support for Fetching and Updating Content Dynamically

  • Use Case: Access Control and Authentication

  • Use Case: OWA-Based Spam Filtering

  • Use Case: Dynamic Content Switching

• Pattern Sets and Data Sets

  • How String Matching works with Pattern Sets and Data Sets

  • Configuring a Pattern Set

  • Configuring a Data Set

  • Using Pattern Sets and Data Sets

  • Sample Usage

• Variables

  • Configuring and Using Variables

  • Use Case for Caching User Privileges

  • Use Case for Limiting the Number of Sessions

• Policies and Expressions

  • Introduction to Policies and Expressions

  • Configuring Advanced Policy Infrastructure

  • Configuring Advanced Policy Expression: Getting Started

  • Advanced Policy Expressions: Evaluating Text

  • Advanced Policy Expressions: Working with Dates, Times, and Numbers

  • Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data

  • Advanced Policy Expressions: Parsing SSL Certificates

  • Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs

  • Advanced Policy Expressions: Stream Analytics Functions

  • Advanced Policy Expressions: DataStream

  • Typecasting Data

  • Regular Expressions

  • Configuring Classic Policies and Expressions

  • Expressions Reference-Advanced Policy Expressions

  • Expressions Reference-Classic Expressions

  • Summary Examples of Default Syntax Expressions and Policies

  • Tutorial Examples of Default Syntax Policies for Rewrite

  • Tutorial Examples of Classic Policies

  • Migration of Apache mod_rewrite Rules to the Default Syntax

Rate Limiting

• Configuring a Stream Selector

• Configuring a Traffic Rate Limit Identifier

• Configuring and Binding a Traffic Rate Policy

• Viewing the Traffic Rate

• Testing a Rate-Based Policy

• Examples of Rate-Based Policies

• Sample Use Cases for Rate-Based Policies

• Rate Limiting for Traffic Domains

• Configure rate limit at packet level

• Responder

  • Enabling the Responder Feature

  • Configuring a Responder Action

  • Configuring a Responder Policy

  • Binding a Responder Policy

  • Setting the Default Action for a Responder Policy

  • Responder Action and Policy Examples

  • Diameter Support for Responder

  • RADIUS Support for Responder

  • DNS Support for the Responder Feature

  • Troubleshooting

• Rewrite

  • How Rewrite Works

  • Enabling the Rewrite Feature

  • Configuring a Rewrite Action

  • Configuring a Rewrite Policy

  • Binding a Rewrite Policy

  • Configuring Rewrite Policy Labels

  • Configuring the Default Rewrite Action

  • Bypassing the Safety Check

  • Rewrite Action and Policy Examples

  • URL Transformation

  • RADIUS Support for the Rewrite Feature

  • Diameter Support for Rewrite

  • DNS Support for the Rewrite Feature

• String Maps

• URL Sets

  • Getting Started

  • Advanced Policy Expressions for URL Evaluation

  • Configuring URL Set

  • URL Pattern Semantics

  • URL Categories

AppFlow

• Configuring the AppFlow Feature

• Exporting Performance Data of Web Pages to AppFlow Collector

• Session Reliability on NetScaler High Availability Pair

Application Firewall

• FAQs and Deployment Guide

• Introduction

  • Web Application Security

  • How The Application Firewall Works

  • The Application Firewall Configuration Interfaces

• Configuring the Application Firewall

  • Enabling the Application Firewall

  • The Application Firewall Wizard

  • Manual Configuration

  • Manual Configuration By Using the Configuration Utility

  • Manual Configuration By Using the Command Line Interface

• Signatures

  • Manually Configuring the Signatures Feature

  • Adding or Removing a Signatures Object

  • Configuring or Modifying a Signatures Object

  • Protecting JSON Applications using Signatures

  • Updating a Signatures Object

  • Exporting a Signatures Object to a File

  • The Signatures Editor

  • Signature Updates in High-Availability Deployment and Build Upgrades

• Overview of Security checks

• Top-Level Protections

  • HTML Cross-Site Scripting Check

  • HTML SQL Injection Checks

  • Buffer Overflow Check

  • Cookie Consistency Check

  • Application Firewall Support for Google Web Toolkit

• Data Leak Prevention Checks

  • Credit Card Check

  • Safe Object Check

• Advanced Form Protection Checks

  • Field Formats Check

  • Form Field Consistency Check

  • CSRF Form Tagging Check

  • Managing CSRF Form Tagging Check Relaxations

• URL Protection Checks

  • Start URL Check

  • Deny URL Check

• XML Protection Checks

  • XML Format Check

  • XML Denial-of-Service Check

  • XML Cross-Site Scripting Check

  • XML SQL Injection Check

  • XML Attachment Check

  • Web Services Interoperability Check

  • XML Message Validation Check

  • XML SOAP Fault Filtering Check

• Managing Content Types

• Profiles

  • Creating Application Firewall Profiles

  • Configuring Application Firewall Profiles

  • Changing an Application Firewall Profile Type

  • Exporting and Importing an Application Firewall Profile

  • Configuring and Using the Learning Feature

  • Supplemental Information about Profiles

• Policy Labels

• Policies

  • Firewall Policies

  • Auditing Policies

• Imports

  • Importing and Exporting Files

• Global Configuration

  • Engine Settings

  • Confidential Fields

  • Field Types

  • XML Content Types

  • JSON Content Types

• Statistics and Reports

• Application Firewall Logs

• Appendices

  • PCRE Character Encoding Format

  • Whitehat WASC Signature Types for WAF Use

  • Streaming Support for Request Processing

  • Trace HTML Requests with Security Logs

  • Application Firewall Support for Cluster Configurations

• Debugging and Troubleshooting

  • High CPU

  • Memory

  • Large File Upload Failure

  • Learning

  • Signatures

  • Trace Log

  • Miscellaneous

  • References

Cache Redirection

• Cache redirection policies

  • Built-in cache redirection policies

  • Configure a cache redirection policy

• Cache redirection configurations

  • Configure transparent redirection

  • Configure forward proxy redirection

  • Configure reverse proxy redirection

• Selective cache redirection

  • Enable content switching

  • Configure a load balancing virtual server for the cache

  • Configure policies for content switching

  • Configure precedence for policy evaluation

• Administer a cache redirection virtual server

  • View cache redirection virtual server statistics

  • Enable or disable a cache redirection virtual server

  • Direct policy hits to the cache instead of the origin

  • Back up a cache redirection virtual server

  • Manage client connections for a virtual server

• N-tier cache redirection

  • Configure the upper-tier NetScaler appliances

  • Configure the lower-tier NetScaler appliances

Clustering

• NetScaler configuration support in a cluster

• Prerequisites for cluster nodes

• Cluster overview

  • Synchronization across cluster nodes

  • Striped, partially striped, and spotted configurations

  • Communication in a cluster setup

  • Traffic distribution in a cluster setup

  • Cluster nodegroups

  • Cluster and node states

  • Routing in a cluster

  • IP addressing for a cluster

  • Configuring layer 3 clustering

• Setting up a NetScaler cluster

  • Setting up inter-node communication

  • Creating a NetScaler cluster

  • Adding a node to the cluster

  • Viewing the details of a cluster

• Distributing traffic across cluster nodes

  • Using Equal Cost Multiple Path (ECMP)

  • Using cluster link aggregation

• Managing the NetScaler cluster

  • Configuring linksets

  • Nodegroups for spotted and partially-striped configurations

  • Configuring redundancy for nodegroups

  • Disabling steering on the cluster backplane

  • Synchronizing cluster configurations

  • Synchronizing time across cluster nodes

  • Synchronizing cluster files

  • Viewing the statistics of a cluster

  • Discovering NetScaler appliances

  • Disabling a cluster node

  • Removing a cluster node

  • Removing a node from a cluster deployed using cluster link aggregation

  • Detecting jumbo probe on a cluster

  • Route monitoring for dynamic routes in cluster

  • Monitoring cluster setup using SNMP MIB with SNMP link

  • Monitoring command propagation failures in a cluster deployment

  • Graceful shutdown of nodes

  • IPv6 ready logo support for clusters

  • Managing cluster heartbeat messages

  • Configuring owner node response status

  • Monitor Static Route (MSR) support for inactive nodes in a spotted cluster configuration

  • VRRP interface binding in a single node active cluster

• Cluster setup and usage scenarios

  • Creating a two-node cluster

  • Migrating an HA setup to a cluster setup

  • Transitioning between a L2 and L3 cluster

  • Setting up GSLB in a cluster

  • Using cache redirection in a cluster

  • Using L2 mode in a cluster setup

  • Using cluster LA channel with linksets

  • Backplane on LA channel

  • Common interfaces for client and server and dedicated interfaces for backplane

  • Common switch for client, server, and backplane

  • Common switch for client and server and dedicated switch for backplane

  • Different switch for every node

  • Sample cluster configurations

  • Using VRRP in a cluster setup

• Upgrading or downgrading the NetScaler cluster

• Operations supported on individual cluster nodes

• Support for heterogeneous cluster

• FAQs

• Troubleshooting the NetScaler cluster

  • Tracing the packets of a NetScaler cluster

  • Troubleshooting common issues

Content Switching

• Configuring Basic Content Switching

  • Enabling Content Switching

  • Creating Content Switching Virtual Servers

  • Configuring a Load Balancing Setup for Content Switching

  • Configuring a Content Switching Action

  • Configuring Content Switching Policies

  • Configuring Content Switching Policy Labels

  • Binding Policies to a Content Switching Virtual Server

  • Configuring Policy Based Logging for Content Switching

  • Verifying the Configuration

• Customizing the Basic Content Switching Configuration

• Content Switching for Diameter Protocol

• Protecting the Content Switching Setup against Failure

• Managing a Content Switching Setup

• Managing Client Connections

• Troubleshooting

DataStream

• Configuring Database Users

• Configuring a Database Profile

• Configuring Load Balancing for DataStream

• Configuring Content Switching for DataStream

• Configuring Monitors for DataStream

• Use Case 1: Configuring DataStream for a Master/Slave Database Architecture

• Use Case 2: Configuring the Token Method of Load Balancing for DataStream

• Use Case 3: Logging MSSQL Transactions in Transparent Mode

• Use Case 4: Database Specific Load Balancing

• DataStream Reference

Domain Name System

• Configure DNS resource records

  • Create SRV records for a service

  • Create AAAA Records for a domain name

  • Create address records for a domain name

  • Create MX records for a mail exchange server

  • Create NS records for an authoritative server

  • Create CNAME records for a subdomain

  • Create NAPTR records for telecommunications domain

  • Create PTR records for IPv4 and IPv6 addresses

  • Create SOA records for authoritative information

  • Create TXT records for holding descriptive text

  • View DNS statistics

• Configure a DNS zone

• Configure the NetScaler as an ADNS server

• Configure the NetScaler as a DNS proxy server

• Configure the NetScaler as an end resolver

• Configure the NetScaler as a forwarder

  • Add a name server

  • Set DNS lookup priority

  • Disable and enable name servers

• Configure DNS logging

• Configure DNS suffixes

• DNS ANY query

• Configure negative caching of DNS records

• Caching of EDNS0 client subnet data when the NetScaler appliance is in proxy mode

• Domain name system security extensions

  • Configure DNSSEC

  • Configure DNSSEC when the NetScaler ADC is authoritative for a zone

  • Configure DNSSEC for a zone for which the NetScaler ADC is a DNS proxy server

  • Configure DNSSEC for GSLB domain names

  • Zone maintenance

  • Offload DNSSEC operations to the NetScaler ADC

  • Admin partition support for DNSSEC

• Support wildcard DNS domains

• Mitigate DNS DDoS attacks

Firewall Load Balancing

• Sandwich Environment

• Enterprise Environment

• Multiple-Firewall Environment

Global Server Load Balancing

• GSLB deployment types

  • Active-active site deployment

  • Active-passive site deployment

  • Parent-child topology deployment using the MEP protocol

• GSLB configuration entities

• GSLB methods

  • GSLB algorithms

  • Static proximity

  • Configuring the Dynamic Method (RTT)

• Configure static proximity

  • Add a location file to create a static proximity database

  • Add custom entries to a static proximity database

  • Set location qualifiers

  • Specify proximity method

  • Synchronize GSLB static proximity database

• Configure site-to-site communication

• Configure metrics exchange protocol

• Configure GSLB by using a wizard

  • Configure active-active site

  • Configure active-passive site

  • Configure parent-child topology

• Configure GSLB entities individually

  • Configure an authoritative DNS service

  • Configure a basic GSLB site

  • Configure a GSLB service

  • Configure a GSLB service group

  • Configure a GSLB virtual server

  • Bind GSLB services to a GSLB virtual server

  • Bind a domain to a GSLB virtual server

  • Example of a GSLB setup and configuration

• Synchronize the configuration in a GSLB setup

  • Manual synchronization between sites participating in GSLB

  • Real-time synchronization between sites participating in GSLB

• GSLB dashboard

• Monitor GSLB services

• Use case: Deployment of domain name based autoscale service group

• Use case: Deployment of IP address based autoscale service group

• How-to articles

  • Customize your GSLB configuration

  • Configure persistent connections

  • Manage client connections

  • Configure GSLB for proximity

  • Protect the GSLB setup against failure

  • Configure GSLB for disaster recovery

  • Override static proximity behavior by configuring preferred locations

  • Configure GSLB service selection using content switching

  • Configure GSLB for DNS queries with NAPTR records

  • Use the EDNS0 client subnet option for GSLB

  • Example of a complete parent-child configuration using the metrics exchange protocol

Link Load Balancing

• Configuring a Basic LLB Setup

• Configuring RNAT with LLB

• Configuring a Backup Route

• Resilient LLB Deployment Scenario

• Monitoring an LLB Setup

Load Balancing

• How load balancing works

• Set up basic load balancing

• Load balance virtual server and service states

• Support for load balancing profile

• Load balancing algorithms

  • Least connection method

  • Round robin method

  • Least response time method

  • LRTM method

  • Hashing methods

  • Least bandwidth method

  • Least packets method

  • Custom load method

  • Static proximity method

  • Token method

  • Configure a load balancing method that does not include a policy

• Persistence and persistent connections

  • About Persistence

  • Source IP address persistence

  • HTTP cookie persistence

  • SSL session ID persistence

  • Diameter AVP number persistence

  • Custom server ID persistence

  • IP address persistence

  • SIP Call ID persistence

  • RTSP session ID persistence

  • Configure URL passive persistence

  • Configure persistence based on user-defined rules

  • Configure persistence types that do not require a rule

  • Configure backup persistence

  • Configure persistence groups

  • Share persistent sessions between virtual servers

  • Configure RADIUS load balancing with persistence

  • View persistence sessions

  • Clear persistence sessions

  • Override persistence settings for overloaded services

  • Troubleshooting

• Customize a load balancing configuration

  • Customize the hash algorithm for persistence across virtual servers

  • Configure the redirection mode

  • Configure per-VLAN wildcarded virtual servers

  • Assign weights to services

  • Configure the MySQL and Microsoft SQL server version setting

• Configure diameter load balancing

• Configure FIX load balancing

• Protect a load balancing configuration against failure

  • Redirect client requests to an alternate URL

  • Configure a backup load balancing virtual server

  • Configure spillover

  • Connection failover

  • Flush the surge queue

• Manage a load balancing setup

  • Manage server objects

  • Manage services

  • Manage a load balancing virtual server

  • Load balancing visualizer

• Manage client traffic

  • Configure sessionless load balancing virtual servers

  • Redirect HTTP requests to a cache

  • Direct requests according to priority

  • Direct requests to a custom web page

  • Enable cleanup of virtual server connections

  • Rewrite ports and protocols for HTTP redirection

  • Insert IP address and port of a virtual server in the request header

  • Use a specified source IP for backend communication

  • Set a time-out value for idle client connections

  • Manage RTSP connections

  • Manage client traffic on the basis of traffic rate

  • Identify a connection with layer 2 parameters

  • Configure the prefer direct route option

  • Use a source port from a specified port range for backend communication

  • Configure source IP persistency for backend communication

  • Use IPv6 link local addresses on server side of a load balancing setup

• Advanced load balancing settings

  • Gradually stepping up the load on a new service with virtual server–level slow start

  • The no-monitor option for services

  • Protect applications on protected servers against traffic surges

  • Enable cleanup of virtual server and service connections

  • Graceful shutdown of services

  • Enable or disable persistence session on TROFS services

  • Direct requests to a custom web page

  • Enable access to services when down

  • Enable TCP buffering of responses

  • Enable compression

  • Maintain client connection for multiple client requests

  • Insert the IP address of the client in the request header

  • Use source IP address of the client when connecting to the server

  • Configure the source port for server-side connections

  • Set a limit on the number of client connections

  • Set a limit on number of requests per connection to the server

  • Set a threshold value for the monitors bound to a service

  • Set a timeout value for idle client connections

  • Set a timeout value for idle server connections

  • Set a limit on the bandwidth usage by clients

  • Redirect client requests to a cache

  • Retain the VLAN identifier for VLAN transparency

  • Configure automatic state transition based on percentage health of bound services

• Built-in monitors

  • TCP-based application monitoring

  • SSL service monitoring

  • FTP service monitoring

  • Secure monitoring of servers by using SFTP

  • Set SSL parameters on a secure monitor

  • SIP service monitoring

  • RADIUS service monitoring

  • Monitor accounting information delivery from a RADIUS server

  • DNS and DNS-TCP service monitoring

  • LDAP service monitoring

  • MySQL service monitoring

  • SNMP service monitoring

  • NNTP service monitoring

  • POP3 service monitoring

  • SMTP service monitoring

  • RTSP service monitoring

  • XML broker service monitoring

  • ARP request monitoring

  • XenDesktop Delivery Controller service monitoring

  • Web interface service monitoring

  • Citrix StoreFront stores monitoring

• Custom monitors

  • Configure HTTP-inline monitors

  • Understand user monitors

  • How to use a user monitor to check web sites

  • Understand the internal dispatcher

  • Configure a custom user monitor

  • Understand load monitors

  • Configure load monitors

  • Unbind metrics from a metrics table

  • Configure reverse monitoring for a service

• Configure monitors in a load balancing setup

  • Create monitors

  • Configure monitor parameters to determine the service health

  • Bind monitors to services

  • Modify monitors

  • Enable and disable monitors

  • Unbind monitors

  • Remove monitors

  • View monitors

  • Close monitor connections

  • Ignore the upper limit on client connections for monitor probes

• Manage a large scale deployment

  • Ranges of virtual servers and services

  • Configure service groups

  • Manage service groups

  • Configure automatic domain based service group scaling

  • Translate the IP address of a domain-based server

  • Mask a virtual server IP address

• Configure load balancing for commonly used protocols

  • Load balance a group of FTP servers

  • Load balance DNS servers

  • Load balance domain-name based services

  • Load balance a group of SIP servers

  • Load balance RTSP servers

  • Load balance remote desktop protocol (RDP) servers

• Use case 1: SMPP load balancing

• Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream

• Use case 3: Configure load balancing in direct server return mode

• Use case 4: Configure LINUX servers in DSR mode

• Use case 5: Configure DSR mode when using TOS

• Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field

• Use case 7: Configure load balancing in DSR mode by using IP Over IP

• Use case 8: Configure load balancing in one-arm mode

• Use case 9: Configure load balancing in the inline mode

• Use case 10: Load balancing of intrusion detection system servers

• Use case 11: Isolating network traffic using listen policies

• Use case 12: Configure XenDesktop for load balancing

• Use case 13: Configure XenApp for load balancing

• Use case 14: ShareFile wizard for load balancing Citrix ShareFile

• Troubleshooting

• Load balancing FAQs

Networking

• IP Addressing

  • Configuring NetScaler-Owned IP Addresses

  • How the NetScaler Proxies Connections

  • Enabling Use Source IP Mode

  • Configuring Network Address Translation

  • Configuring Static ARP

  • Setting the Timeout for Dynamic ARP Entries

  • Configuring Neighbor Discovery

  • Configuring IP Tunnels

• Interfaces

  • Configuring MAC-Based Forwarding

  • Configuring Network Interfaces

  • Configuring Forwarding Session Rules

  • Understanding VLANs

  • Configuring a VLAN

  • Configuring NSVLAN

  • Configuring Allowed VLAN List

  • Configuring Bridge Groups

  • Configuring Vitrual MACs

  • Configuring Link Aggregation

  • Redundant Interface Set

  • Binding an SNIP address to an Interface

  • Monitoring the Bridge Table and Changing the Aging time

  • NetScaler Appliances in Active-Active Mode Using VRRP

  • Using the Network Visualizer

  • Configuring Link Layer Discovery Protocol

  • Jumbo Frames

  • NetScaler Support for Microsoft Direct Access Deployment

• Access Control Lists

  • Simple ACLs and Simple ACL6s

  • Extended ACLs and Extended ACL6s

  • MAC Address Wildcard Mask for ACLs

  • Blocking Traffic on Internal Ports

• IP Routing

  • Configuring Dynamic Routes

  • Configuring Static Routes

  • Route Health Injection Based on Virtual Server Settings

  • Configuring Policy-Based Routes

  • Troubleshooting Routing Issues

• Internet Protocol version 6 (IPv6)

• Traffic Domains

  • Inter Traffic Domain Entity Bindings

  • virtual MAC Based Traffic Domains

• VXLAN

NetScaler Extensions

• NetScaler extensions - language overview

  • Simple types

  • Variables

  • Expressions

  • Assignment

  • Tables

  • Control structures

  • Functions

• NetScaler extensions - library reference

• NetScaler extensions API reference

• Protocol extensions

  • Protocol extensions - architecture

  • Protocol extensions - traffic pipeline for user defined TCP client and server behaviors

  • Protocol extensions - use cases

  • Tutorial – Add MQTT protocol to the NetScaler appliance by using protocol extensions

  • Tutorial - Load balancing syslog messages by using protocol extensions

  • Protocol extensions command reference

  • Troubleshoot protocol extensions

• Policy extensions

  • Configure policy extensions

  • Policy extensions - use cases

  • Troubleshooting policy extensions

Optimization

• Client Keep-Alive

• HTTP Compression

• Integrated Caching

  • Configure selectors and basic content groups

  • Configure policies for caching and invalidation

  • Cache support for database protocols

  • Configure expressions for caching policies and selectors

  • Display cached objects and cache statistics

  • Improve cache performance

  • Configure cookies, headers, and polling

  • Configure integrated cache as a forward proxy

  • Default Settings for the Integrated Cache

  • Troubleshooting

• Front End Optimization

• Content Accelerator

• Media Classification

Reputation

• IP Reputation

SSL offload and acceleration

• SSL offloading configuration

• How-to articles

• SSL certificates

  • Create a certificate

  • Install, link, and update certificates

  • Generate a server test certificate

  • Import and convert SSL files

• SSL profiles

  • SSL profile infrastructure

  • Appendix A: Sample migration of the SSL configuration after upgrade

  • Appendix B: Default front-end and back-end SSL profile settings

  • Legacy SSL profile

• Certificate revocation lists

• Monitor certificate status with OCSP

• OCSP stapling

• Ciphers available on the Citrix ADC appliances

  • ECDHE ciphers

  • Diffie-Hellman (DH) key generation and achieving PFS with DHE

  • Cipher redirection

  • Leverage hardware and software to improve ECDHE and ECDSA cipher performance

  • ECDSA cipher suites support

  • Configure user-defined cipher groups on the ADC appliance

• Server certificate support matrix on the ADC appliance

• Client authentication

• Server authentication

• SSL actions and policies

  • SSL policies

  • SSL built-in actions and user-defined actions

  • SSL policy binding

  • SSL policy labels

• Support for DTLS protocol

• Support for Intel Coleto SSL chip based platforms

• MPX 9700/10500/12500/15500 FIPS appliances

  • Configure FIPS appliances in a high availability setup

  • Update the firmware to version 2.2 on a FIPS card

  • Reset a locked HSM

• MPX 14000 FIPS appliances

• SDX 14000 FIPS appliances

  • Limitations

  • Terminology

  • Initialize the HSM

  • Create partitions

  • Provision a new instance or modify an existing instance and assign a partition

  • Configure the HSM for an instance on an SDX 14030/14060/14080 FIPS appliance

  • Create a FIPS key for an instance on an SDX 14030/14060/14080 FIPS appliance

  • Upgrade the FIPS firmware on a VPX instance

• Support for Thales nShield® HSM

  • Architecture overview

  • Prerequisites

  • Configure the ADC-Thales integration

  • Limitations

  • Appendix

• Support for Gemalto SafeNet Network hardware security module

  • Prerequisites

  • Configure a SafeNet client on the ADC

  • Configure Safenet HSMs in a high availability setup on the ADC

  • Additional ADC configuration

  • Citrix ADC appliances in a high availability setup

  • Limitations

  • Appendix

  • FAQ

• Troubleshooting

• SSL FAQs

• Global site certificates

Security

• Content filtering

  • Enable content filtering

  • Configure a content filtering action

  • Configure a content filtering policy

  • Bind a content filtering policy

  • Configure content filtering for a commonly used deployment scenario

  • Troubleshooting

• HTTP denial-of-service protection

  • Layer 3-4 SYN denial-of-service protection

  • Enable HTTP DoS protection

  • Define an HTTP DoS policy

  • Configure an HTTP DoS service

  • Bind an HTTP DoS monitor and policy

  • Tune the client detection/JavaScript challenge response rate

  • Guidelines for HTTP DoS protection deployment

• Priority queuing

  • Enable priority queuing

  • Configure a priority queuing policy

  • Bind a priority queuing policy

  • Set up weighted queuing

• SureConnect

  • Install SureConnect

  • Configure SureConnect

  • Activate SureConnect

  • SureConnect environments

• Surge protection

  • Disable and reenable surge protection

  • Set thresholds for surge protection

  • Flush the surge queue

• DNS security options

System

• Basic operations

  • Clock Synchronization

  • Session timeout

  • System date and time

  • Backup and restore

  • Restart or shut down

  • Generate technical support bundle

  • Extra management CPU

• Authentication and authorization

  • Configuring Users, User Groups, and Command Policies

  • Resetting the Default Administrator (nsroot) Password

  • Example of a User Scenario

  • Configuring External User Authentication

  • SSH Key-based Authentication for NetScaler Administrators

• TCP Configurations

• HTTP Configurations

  • Configuring HTTP/2 on the NetScaler Appliance

• SNMP

  • Configuring the NetScaler to Generate SNMP Traps

  • Configuring the NetScaler for SNMP v1 and v2 Queries

  • Configuring the NetScaler for SNMPv3 Queries

  • Configuring SNMP Alarms for Rate Limiting

  • Configuring SNMP in FIPS Mode

• Audit Logging

  • Configuring the NetScaler Appliance for Audit Logging

  • Installing and Configuring the NSLOG Server

  • Running the NSLOG Server

  • Customizing Logging on the NSLOG Server

  • SYSLOG Over TCP

  • Load Balancing SYSLOG Servers

  • Default Settings for the Log Properties

  • Sample Configuration File (audit.conf)

• Web Server Logging

  • Configuring the NetScaler for Web Server Logging

  • Installing the NetScaler Web Logging (NSWL) Client

  • Configuring the NSWL Client

  • Customizing Logging on the NSWL Client System

• Call Home

• Reporting Tool

• CloudBridge Connector

  • Monitoring CloudBridge Connector Tunnels

  • Configuring a CloudBridge Connector Tunnel between two Datacenters

  • Configuring CloudBridge Connector between Datacenter and AWS Cloud

  • Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Virtual Private Gateway on AWS

  • Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud

  • Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud

  • Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device

  • Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Fortinet FortiGate Appliance

  • CloudBridge Connector Tunnel Diagnostics and Troubleshooting

  • CloudBridge Connector Interoperability – StrongSwan

  • CloudBridge Connector Interoperability – F5 BIG-IP

  • CloudBridge Connector Interoperability – Cisco ASA

• High Availability

  • Points to Consider for a High Availability Setup

  • Configuring High Availability

  • Configuring the Communication Intervals

  • Configuring Synchronization

  • Synchronizing Configuration Files in a High Availability Setup

  • Configuring Command Propagation

  • Restricting High-Availability Synchronization Traffic to a VLAN

  • Configuring Fail-Safe Mode

  • Configuring Virtual MAC Addresses

  • Configuring High Availability Nodes in Different Subnets

  • Configuring Route Monitors

  • Limiting Failovers Caused by Route Monitors in non-INC mode

  • Configuring Failover Interface Set

  • Understanding the Causes of Failover

  • Forcing a Node to Fail Over

  • Forcing the Secondary Node to Stay Secondary

  • Forcing the Primary Node to Stay Primary

  • Understanding the High Availability Health Check Computation

  • High Availability FAQs

  • Troubleshooting High Availability Issues

  • Managing High Availability Heartbeat Messages on a NetScaler Appliance

• TCP Optimization