Category Archives: NetScaler

Updated NetScaler 10.5 Content Switching

First I want to say it’s been awhile since I wrote up an article back on NetScaler 9.3 Code, not much has changed but just enough I figured I would write up one for 10.5 Code.


First login to your NetScaler, Expand Traffic Management, Load Balancing, and Click on Servers. Click Add

In this example we will be using Domain Name, this Requires DNS to be configured prior to this step. Note the Server Name Field is just for Display proposes, and the Domain, is the FQDN of the Backend Server we are wanting to utilize.

Next we Need to Create a Service to Bind to the Backend Server, Click Services, And Click Add

The Service Name is just a Display Name, Select Existing Server, Select the Server you created in the Above Step, Select the Correct Protocol, And port number.

Click Continue

Click Done

Click Virtual Servers, Click Add

Name is again just a Display Name, Select Protocol, and in this Example we are going to use Non Addressable for the Type

Click Continue, Click on the No LBVserver Binding

Click Bind

Click The Service we created earlier, Click Insert

Click Save

Click Continue

Click Policies

Click the Plus Sign

Select Cache Policy, Leave Type as Request, Click Continue.

Click Bind

Select the No Cache Reset Policy, Click Insert

Click Ok

Click Done

Now to change it up, Click On Content Switching, Click on Actions, Click Add

The Name Is just a display name, Select the vServer We created from the Dropdown List, Click Create

Click Policies, Click Add

The Name is yet again, just a display name, Select the Action we just created, now for the Magic, In the Expression field, HTTP.REQ.HOSTNAME.CONTAINS(“NameToFilterAgaist”), Click Create

Select Virtual Servers, Select HTTP, Click Edit

Click Content Switching Policies

Click Bind

Select The Policy we just created and Click Insert

Click Ok

Click Done

That’s it, Now as long as your Domain Name and IP all match you should get to your Backend Site.


Thanks for reading




NetScaler Content Switching How-To Video

NetScaler VPX Install and Web Interface

VPX Install

First you will need to download the latest VPX Appilance from (a mycitrix is required)

You will also need to download the Web Interface components

You will need a VM with at least 4GB of RAM to support more than 3 Sites

Once you have imported the machine, Open the console to setup, you will prompt for the following:

IP Address


Default Gateway

Once you have configured the IP Address, enter that into a browser. (Java Required)

You will get a login page simply type nsroot and nsroot, username and password

It is highly recommended to change the Default password

Install Citrix License

You will need to find the Interface on the NetScaler with the lowest MAC Address

Under the Network Folder, > Interfaces

Copy the lowest MAC address

Now go back to your mycitrix account and allocate a NetScaler License

Note if you want to use an Express License

Click on NetScaler VPX Express

About half way through the page you should find a link to Get License

It should be right in-between the Appliances and the Builds/Upgrade packages.

Run through the Allocation Wizard and download the new License file.

Expand the System Folder, and then select Licenses

At the Bottom left of the Frame you should see Manage Licenses…

Click Add… Select the license file you just created and Downloaded, Click Select

Click OK

The device will reboot for the license to take affect

Once it has rebooted, log back in

Expand System and Select Settings

Click on Configure modes

Make sure all the options from the above Screen shot are all checked.

Click Yes to the warning

Click Configure basic features

Make sure all the options from the above Screen shot are all checked.

Click Yes to the warning

Select Web Interface folder

Click On Web Interface

Click Install Web Interface

Click the Dropdown arrow to the right of “Browse (Appliance)” and select Local

Select nswi-1.3.tgz, and click Open

Select diablo-latte-freebsd6-amd64-1.6.0_07-b02.tar.bz2, and Click Open

Click Install,

(Note: if default to 25 sites you will have to have at least 4GB of RAM installed for the VPX otherwise this will error out.)

Web Interface Configuration

Login to the NetScaler and Expand the Web Interface Folder

Select Sites

    Click Add.. at the bottom of the Frame

Click Next

Enter the IP address of the Web Interface Server VIP. Check the Box Enable access through mobile receiver, Click Next

Enter in the XenApp servers here, Just the Data Collectors

    Click next, after you have entered all the Data Collectors

    Highlight the Web Interface Site you just created

    Click on the WebInterface.conf… link at the bottom of the Frame

    Remove the # from the beginning of the Line, and add your Domain Name removing everything else… Click Save

    You will receive a warning, Click Yes

    Click the Add Button at the Bottom of the Frame

    Click Next

    Select XenApp Service Site, Click the Dropdown for Virtual Server, and Select the previously Created Server, Note should be listening on port 80, Click Next

    Click the Add, and add all Data Collectors, Click Next

    Click Finish

    Click Exit

Select the PNA Site (XenApp Service Site)

    Click the config.xml… Button at the bottom of the Frame

    Change the <LogonMethod> from Prompt to Pass-Through, Click Save

    Click Yes to the Warning Message

NetScaler Access Gateway Session Timeout

First log into your NetScaler, Navigate to your Session Profile you want to change the default Session Timeout.  The below screen shot we are extended the Default 20 minute Timeout to 4 Hours (240 Minutes)

Once we change the value on the NetScaler we need to change the Timeout value on the Web Interface Server(s).  Screen shot below shows the configuration Screen.

Also note if you are using a Load Balanced VIP for your Web Interface Servers (Highly Recommended if your not).  You will want to change the Persistent cookie timeout value to match.


Thanks for reading hope this helps


NetScaler Clientless Access Filtering

So I have done some posts before on Content Filtering with the NetScaler this is just bringing it to the next level, and giving your VPN a little extra security and control.

First Start off by creating or using an existing Access Gateway Virtual Server. Now unlike most Virtual Servers we aren’t going to configure anything within the VS. Everything we do is going to be focused on Groups or Users.

Click Add under the Groups section

Type in a Group Name in this example I am using “TEST_LOCKDOWN” (note: this group should match an Active Directory Group)

We aren’t going to select any users.

Click the Authorization Tab

Click Insert Policy

Click New Policy…

Name it and select Deny, now click the Add… Button

Completed Policy… To Deny access to

Now to allow access to all other sites at

Click Insert Policy…

We followed the exaxt same steps as we did for the DENY rule but this time we just add the domain and select ALLOW

Also Notice Very Important Step We want the ALLOW Rule to be checked after the DENY Rule notice the Priority of the above Rules.

Click, now to add the Clientless access part. Select the Policy Tab, Click the Session Module

Click Insert Policy, We already had one, double click on Profile

So Notice in this example we are going to DENY access to the Web Interface Server… But allow the home page to come through.

You could be using Bookmarks or any other type of Clientless access methods but this will always DENY access to

Thanks for reading, please comment or contact me if you have any questions.

Citrix NetScaler and Universial Licenses

SSH to the NetScaler run the following.

Show hostname

Cd /nsconfig

Vi rc.config

Both should be the same, but the rc.config is going to be the one that is used by the licensing service.



SmartCard Pass-Through via NetScaler 9.2 Access Gateway

Ok so here is the first part with ALOT more to come after some fine tuning tomorrow…

Environment Run down:
XenApp 4.5, Web Interface 5.3, and NetScaler 9.2 this can be a VPX box.. Now for the fun stuff.

  • First you will need to install IIS on a Win2k3 box yes this can be 64bit, that is what I have been using
  • Change IIS port to match Current Farm’s XML Port, Restart IIS
  • Now install XenApp 4.5, during the install select share XML port with IIS
  • Now install Web Interface 5.3
  • Create a site with the Access Gateway being the Authentication point (you will need at least a self-signed cert for this step for IIS)
  • You will then want to select SmartCard, and SmartCard Pass-through (you will need to restart the server for this to take affect)
  • Add the local machine as for the XML Service provider under the Site’s Farm Settings
  • Add the local machine as the STA for Secure access

Now to the NetScaler

  • Create an Authentication server using only Cert, then select Principal Name
  • Create a virtual server
  • Select the Server you create above as the authentication method
  • Create a policy set it for ICA Proxy, then point to the Site you create above…

Things should now work

I will be posting a more detailed HOW-TO guide with a video for at least part if not all steps required.

Setting up a NetScaler for URL Redirection

Here are the steps involved in setting up URL Redirection…

Usage cases:

1. One public IP and multiple services requiring the same port number


  1. -> Web Server01 on port 80
  2. -> Web Server02 on port 80

As you can see in most case you would need to Public IP addresses to get this completed however using Content Switching on the NetScaler you can simply make this happen with One Public IP

What you will need to do is the following:

  1. Login to your NetScaler
  2. Click on Content Switching
  3. Create a Virtual Server (This is going to be your Public Server)
  4. Create a Policy with the following, -> Name = WWW or BLOG (this is just a friendly name), Domain =, Rule = nstrue
  5. Repeat step 4 for as many URL Headers as you need redirected
  6. Now for the fun stuff…
  7. Click on Load Balance
  8. Create a Server, Service, and Virtual Server for the above backend servers
  9. Now back to Content Switching…
  10. Open the Virtual Server you created in Step 3
  11. Now add the policies you created in step 4
  12. Now for each Policy you add, add the Virtual Server(s) you created in step 8
  13. Before testing make sure your DNS entries are set correctly so should point to the Virtual Servers IP you created in Step 3 or atleast the NAT’ed address.
  14. Now Time to Test launch a Web Browser and browse to and

I will be adding a video about this configuration shortly, also I will be adding a blog about NAT’ing

Here is the link to the Interactive HOW-TO Video URL Redirect.htm

%d bloggers like this: