AuthorJohannes Norz

Johannes Norz is a Citrix Certified Citrix Technology Advocate (CTA), Citrix Certified Instructor (CCI) and Citrix Certified Expert on Application Delivery and Security. He frequently works for Citrix international Consulting Services and several education centres all around the globe. Johannes lives in Austria. He had been borne in Innsbruch (https://www.youtube.com/watch?v=UvdF145Lf2I)

Securing Citrix Gateway using Citrix ADC Bot Management, Citrix Web Application Firewall and DOS-Protection

By Johannes Norz
28 October 2021
13 Min read
Add comment
S

last update: November 18th 2021 Recently, I had been asked, how to protect a gateway from threads. It’s easy, I thought, Citrix ADC has everything needed in good quality: A Bot Management, Web Application Firewall (WAF), and AppQoE (Application quality of experience, a DOS protection feature). So nothing easier than that: Create the policies desired and bind them to the gateway. Shortly...

Read onRead laterAdd comment

Need for speed?

By Johannes Norz
25 October 2021
17 Min read
Add comment
N

HTTP v3 and HTTP v2 on a Citrix ADC / NetScaler last update: October 27th 2021 HTTP/1.0 and HTTP/1.1 are dead. They are inefficient plain text protocols. The amount of data to be transferred is huge and latency is a big problem, mostly for intercontinental connections. But what alternatives do we have? Are there alternatives? A view on the history of HTTP HTTP/0.9 – The one-line protocol The...

Read onRead laterAdd comment

Citrix ADC / NetScaler: How to find out, which users use which Ciphers?

By Johannes Norz
22 September 2021
8 Min read
Add comment
C

There is something I frequently get asked for: How can we find out, which users use which ciphers? Will Citrix ADC show this information? Does ADM show it? A simple answer would be: No chance, ADC can’t do it at all. ADM – however – can do. If you don’t like ADM (I’d wonder why) you can’t. Let’s not make things that simple. We all are engineers. The word...

Read onRead laterAdd comment

Export Citrix ADC (NetScaler) Syslog and TCP connection tables into Microsoft Excel

By Johannes Norz
21 September 2021
3 Min read
Add comment
E

I recently had been asked, if it would be possible to export syslog files and the TCP connection table into Microsoft Excel. Exporting Syslog to Microsoft Excel Exporting the syslog file is quite simple: It’s just a tiny bash script: rm /var/log/output.csv while read -r month day time servity ip date timezone hostname ppe spacer msg; do printf "%s;" "$month $day $time" "$servity" "$ip"...

Read onRead laterAdd comment

Citrix ADC / NetScaler, Rule based persistence

By Johannes Norz
17 September 2021
4 Min read
Add comment
C

Citrix ADC / NetScaler has three types of persistence that sound similar: Rule-Based Persistence (RULE) Custom Server ID (CUSTOMSERVERID) URL Passive (URLPASSIVE) Rule-based persistnce set lb vserver <servername> -persistenceType RULE -rule "<request-rule>" -resRule "<response-rule>" -cltTimeout <persistence timeout> With rule-based persistence, we use the existing...

Read onRead laterAdd comment

Priority of policies in Citrix ADC / NetScaler Content Switching in combination with Load Balancing

By Johannes Norz
6 September 2021
7 Min read
Add comment
P

In Theory, it’s easy: Load Balancing is stronger than Content Switching. I tested with 13.0 82.42 on a Citrix ADC VPX. With some surprise to me: There had been differences between the features tested. I tested with Responder Policies, Citrix ADC Bot Protection, and Citrix Web Application Firewall. The setup I used a content switching vServer (192.168.229.200) and a non-addressable load-balancing...

Read onRead laterAdd comment

A sorry-server responding if all services are down

By Johannes Norz
2 June 2021
4 Min read
Add comment
A

This is something, people tend to ask for: A sorry server responding with a meaningful message in case all services are down. It’s an easy task to do, so I decided to write a quick guide on how to create a setup like that. What we need A load-balancing vServer does not respond, as soon as all services are down. However, there are “protection Servers”. And that’s what I will use...

Read onRead laterAdd comment

RADIUS on Citrix ADC / NetScaler

By Johannes Norz
2 June 2021
5 Min read
Add comment
R

© image: Wikipedia Two and a half years ago, I have written an article about LDAP. I always planned to add an article about RADIUS as well, but I never did. Today, I had to troubleshoot a RADIUS problem, so I did the necessary traces. It is a DUO server, but most other servers behave similarly. Here we go! What is RADIUS RADIUS (Remote Authentication Dial-In User Service) is a protocol to...

Read onRead laterAdd comment

Set a subnet mask in Microsoft DHCP

By Johannes Norz
28 May 2021
3 Min read
Add comment
S

During one of my Citrix ADC projects, I came across a strange problem. I had to give external users access to a certain IoT device. These very devices don’t support static addressing (!) and are well known for being exploitable, however, there is no really secure alternative available on the market. Because of this, my customer wanted to restrict these crappy devices to a certain range of...

Read onRead laterAdd comment

Replying with a 301 Moved Permanently
instead of a 404 not found

By Johannes Norz
8 February 2021
7 Min read
Add comment
R

last update: May 6th 2021 I recently moved my blog to a new host, so several objects don’t exist anymore. Unfortunately, this will lead to plenty of 404 not found, instead of giving users access to the website as a whole. So I decided to replace all not found with redirects to a certain page, it might be any kind of sorry page or the default page. It’s up to you. The problem Changing...

Read onRead laterAdd comment

Recent Posts

Recent Comments