Let’s talk about a WAF, a Web Application Firewall on a Citrix NetScaler. What’s to be concerned off? Is it worth while considering a NetScaler to be your WAF? I do work for several companies, including Citrix Consulting Services. Recently I worked on some Web Application Firewall projects, so I have some experience on it. Usual concerns will a Citrix NetScaler be really safe WAF? How...
last update: April 16th 2018 I had been asked recently: Johannes, how can we log data about NetScaler Application Firewall policy hits in detail? The standard NetScaler Web Application Firewall log-files NetScaler’s Web Application Firewall logs to /var/log/ns.log. These logs are fine for trouble shooting. There is a good description about these logs here. This is a sample log, stolen from...
last update: 2023/02/03 Tested with NetScaler 11, Citrix ADC 12.1 and 13.0 I needed to use a Citrix ADC (NetScaler) both, as a SAML identity provider (IDP) and service provider (SP). So I set up my test environment accordingly. What my test environment looked like: You see, I created two admin partitions on my Citrix NetScaler ADC, one for the service provider (SP partition), containing both, the...
What’s an IP address calculator? I’m pretty sure it’s something you won’t need. It will help understanding IP addresses. It does calculations on IP addresses and will tell you, if the address is valid (or a network / broadcast address), and if two addresses are on the same subnet. Why did I create an IP address calculator like that? My daughter started studying informatics...
Last update: 2018/03/27 Sometimes we have to schedule commands in a Citrix NetScaler. A good example would be: force HA failover It’s obvious, we don’t want to fail over during day time to not disconnect TCP connections, to not interrupt users. The best time would be something like 3:30 AM. It’s obvious, we don’t want to set an alarm for 3:00 to get up, take a shower...
last update: 2018/04/12 I recently had to protect a website using IP reputation feature. There is some good information about this feature, however I decided to glean information here. Facts about this feature IP reputation is a platinum feature. It is included in web application firewall (there are extra licenses for the WAF available, they also contain IP-reputation). IP-reputation feature...
last updated: December 2020 Creating a Citrix NetScaler Test environment New since February 2020: Instead of downloading, you may just use my environment, hosted at my private data centre. Being a Citrix Certified Instructor I am very much aware of the Red/Green/Blue website used during official Citrix NetScaler training (CNS-220, CNS-222). I created my own test website. I usually use it during...
Last update: January 11th 2022 This one is outdated, as the Citrix ADC Version and MAS (former name of ADM) it refers to, is available no more. However, I wrote a new blog on how to enlarge disk space on a Citrix ADC / NetScaler VPX. My NetScaler VPX ran out of disk space. I did several tricks like adding a second disk and mounting ít into the update directors, to be able to upgrade my NetScaler...
last update: October 22nd 2021 Citrix NetScaler Logging and policy troubleshooting Some times it’s quite hard to understand what’s going on. There is a lot of mystics about policies. And it’s even harder to understand what went on (past tense). “Johannes, there had been several problems connecting to <any blabla application here>” “I’m sorry, I...
Why do I love HDX on UDP in Citrix XenDesktop and XenApp? (HDX Enlightened Data Transport EDT) Well, I’m mainly a network guy. So I’ll take a look at this brand new feature from networking perspective.I’ll start from scratch, so I don’t assume you understand network protocols. But let me tell you a joke about UDP first: I got a short joke about UDP, and I don’t care...