• Category: Netscaler

Use Netscaler CPX for MAS Testing

After Synergy this year I watched a great presentation by Esther Barthel and Carsten Bruns (SYN220) where they covered MAS Stylebooks and Configuration Jobs.  After getting more and more comfortable with the playbooks they graciously provided, I wanted to create my own and needed a good test environment but didn't want to impact my VPX.  I could have deployed an additional VPX but figured CPX would be a good candidate since it can quickly be reset for testing.  While testing with Docker, I noticed each time my CPX container was shut down it was removed from MAS since it went unreachable.  I did some research and found that a CPX container could be registered with MAS saving a lot of time not having to re-register each time.  In this post, I'll cover how to use Docker with Docker-compose to deploy a CPX container and automatically register with MAS.



Add a comment

Read more: Use Netscaler CPX for MAS Testing

  • Category: Netscaler

Dynamically Load Balance Services with Netscaler CPX

This guide covers how a Netscaler CPX can be quickly deployed to automatically load balance web containers from a Docker-Compose file based on the number of web containers deployed.  The setup uses a PowerShell based script contained in a sidecar image that will add or remove servers from the Netscaler service group based upon the services registered in Consul. This guide is roughly based off of Chiradeep Vittal's demo found here.  For this guide I use Ubuntu 16.04 along with Docker 1.13 and Docker Compose 1.17.1.



Add a comment

Read more: Dynamically Load Balance Services with Netscaler...

  • Category: Netscaler

Running Pester Tests Against Citrix NetScaler

Pester is a testing framework that runs from Microsoft PowerShell allowing for quick test creation for a variety of usecases.  During a recent customer network upgrade I found Pester to be a great tool to validate Netscaler funtionality post-upgrade and thought I would create a simple healthcheck to share with the community.  In this post i'll cover getting started with a handful of simple Pester tests that you can use or modify for your environment.



Add a comment

Read more: Running Pester Tests Against Citrix NetScaler

  • Category: Netscaler

Check Netscaler License Expiration Information Quickly via Powershell

All I did was reboot the thing!

If you have been dealing with Netscaler for awhile chances are you have rebooted an instance only to find no one can connect but everything is pingable.  After trying to refresh your browser multiple times, you frantically login to the Netscaler management IP and discover all your VIPs down, features disabled and SSL certificates no longer listed. WTF!

Add a comment

Read more: Check Netscaler License Expiration Information...

  • Category: Netscaler

Upgrade Netscaler via REST API Install Command

With the recent release of Netscaler firmware 11.1 from Citrix brings a new NITRO API command called "install" which allows firmware upgrades from the API.  I got pretty excited when I saw this and decided to take a look since I always felt this would be a great feature to have.  This post goes through how it functions and includes a powershell script that uses the new functionality for future firmware releases.


Add a comment

Read more: Upgrade Netscaler via REST API Install Command

  • Category: Netscaler

Scoring an A+ for Netscaler from SSLLABS with Powershell


UPDATE 6-13-16: Updated Script to reflect Citrix blog with updated ciphers

UPDATE 2-21-16: Script now creates STS policy and enables Forward Secrecy resulting in A+ for all SSL VIPS!

Citrix released a blog early summer of 2015 outlining steps to take to harden SSL virtual servers to receive an "A+" from SSLLABS.  While the steps are easy to follow and doesn't take a lot of time for one Netscaler instance it can be time consuming for multiple instances. I created the following script to automate the process for all Load Balanced Servers (SSL), Netscaler Gateways and Content Switches (SSL) found on a Netscaler.  If need be you can even harden the management ports.  Simply edit the switches to reflect your environment and run. The script doesn't require any snapins but does require PowerShell 3.0 or greater for REST. Please feel free to leave any feedback on github or the comments below.




Thanks to Carl Stalhood for a great starting point on the Netscaler API portion!

Add a comment
  • Category: Netscaler

2Factor with Google Authenticator and Netscaler

Update January 9, 2018

This post is extremely old and before Citrix offered a real OTP solution.  Please use Carl's guide found here.

If you use 2factor for common websites like Gmail, Wordpress or maybe even your work chances you heard of the Google Authenticator app.  It's a very inexpensive way to add an additional layer of security for authentication and can be used for a wide variety of purposes. In this post we will configure an Ubuntu 14.04 server to work with Netscaler Gateway as a RADIUS server.  Lets get started.

I would like to thank the author of http://www.supertechguy.com/help/security/freeradius-google-auth for a great starting point.

Add a comment

Read more: 2Factor with Google Authenticator and Netscaler

  • Category: Netscaler

Redirect to Full Store Web Path with Netscaler

I hate having to edit single files on multiple servers since it can cause consistency issues and a pain if you need to make changes.  To redirect users to the full Storefront URL it took editing\creating a javascript snippet pointing to the full Storefront web URL.  By using the Netscaler for this process saves the time needed to touch each server and one less thing to worry about. 

add rewrite action rw_action_storefront replace HTTP.REQ.URL "\"/Citrix/StoreWeb\""
add rewrite policy rw_pol_storefront "HTTP.REQ.URL.EQ(\"/\")" rw_action_storefront


Add a comment