Citrix NetScaler

See it in action: Digital workspace demos!

I will be at this event in Phoenix, register so we can hang out!
Event invite:

Take a behind the scenes look at how digital workspaces are redefining work in today’s modern world. Through an exciting array of demos, learn about key use cases and the technology services that enable secure app and data delivery on any device, any network and any cloud.

Demos you will see:
• BYO road warriors using applications seamlessly across networks and devices
• Ultra-mobility using the latest mobile devices from tablets to smartphones
• Security from the datacenter to multiple device types
• And many more!

Forget the slide deck: this seminar is strictly demo-driven, designed to immerse you in real-world applications of Citrix solutions. You’ll see all the latest products and learn how they integrate from end to end, securely and seamlessly.
Date: October 25, 2016
Time: 11:30 AM – 02:00 PM PDT
Westin Kierland Resort and Spa
6902 E Greenway Parkway
Scottsdale, AZ 85254

Desktop Delivery: 
Virtualization Servers and Hosts: 
Citrix XenApp: 
Application Networking: 

What Do Nest & Transport Layer Security Have in Common?

With emerging threats & new regulations, customers understand the need for the right security solutions – solutions that protect apps & data from any location, solve for new & old threats, meet compliance standards & help prepare for emerging tech....

Application Networking: 

Get Started with Citrix NetScaler

Some interesting links if you want to get started with Citrix NetScaler:

Application Networking: 

CTX113860 - Why Licenses Are Not Recognized in NetScaler 8.0

CTX113860 - Why Licenses Are Not Recognized in NetScaler 8.0

This document was published at:

Document ID: CTX113860, Created on: Jul 12, 2007, Updated: Jul 20, 2007

Products: Citrix Access Gateway 8.0 Enterprise Edition, Citrix NetScaler Application Delivery Software 8.0, Citrix Application Firewall Software 8.0



After being upgraded to release 8.0, the NetScaler does not recognize the licenses installed. One indication is the output of show ns feature and show ns license, where all features are shown as not available. The issue could be reported as a licensing issue where no licenses appear to be installed.

License status:
Web Logging: NO
Surge Protection: NO
Load Balancing: NO
Content Switching: NO
Cache Redirection: NO
Sure Connect: NO
Compression Control: NO
Delta Compression: NO
Priority Queuing: NO
SSL Offloading: NO
Global Server Load Balancing: NO
GSLB Proximity: NO
Http DoS Protection: NO
Dynamic Routing: NO
Content Filtering: NO
Integrated Caching: NO
OSPF Routing: NO
RIP Routing: NO
BGP Routing: NO
Rewrite: NO
IPv6 protocol translation: NO
Application Firewall: NO
Responder: NO
HTML Injection: NO

The /var/log/license.log file will look similar to the one shown below.

root@ns# cat license.log
17:54:58 (lmgrd) -----------------------------------------------
17:54:58 (lmgrd) Please Note:
17:54:58 (lmgrd)
17:54:58 (lmgrd) This log is intended for debug purposes only.
17:54:58 (lmgrd) In order to capture accurate license
17:54:58 (lmgrd) usage data into an organized repository,
17:54:58 (lmgrd) please enable report logging. Use Macrovision's
17:54:58 (lmgrd) software license administration solution,
17:54:58 (lmgrd) FLEXnet Manager, to readily gain visibility
17:54:58 (lmgrd) into license usage data and to create
17:54:58 (lmgrd) insightful reports on critical information like
17:54:58 (lmgrd) license availability and usage. FLEXnet Manager
17:54:58 (lmgrd) can be fully automated to run these reports on
17:54:58 (lmgrd) schedule and can be used to track license
17:54:58 (lmgrd) servers and usage across a heterogeneous
17:54:58 (lmgrd) network of servers including Windows NT, Linux
17:54:58 (lmgrd) and UNIX. Contact Macrovision at
17:54:58 (lmgrd) for more details on how to
17:54:58 (lmgrd) obtain an evaluation copy of FLEXnet Manager
17:54:58 (lmgrd) for your enterprise.
17:54:58 (lmgrd)
17:54:58 (lmgrd) -----------------------------------------------
17:54:58 (lmgrd)
17:54:58 (lmgrd)
17:54:58 (lmgrd) The license server manager (lmgrd) running as root:
17:54:58 (lmgrd) This is a potential security problem
17:54:58 (lmgrd) and is not recommended.
17:54:58 (lmgrd) Using license file "/usr/local/flexlm/licenses/license.dat"
lmstat - Copyright (c) 1989-2006 Macrovision Europe Ltd. and/or Macrovision Corporation. All Rights Reserved.
Flexible License Manager status on Tue 7/3/2007 17:55

Error getting status: Cannot find license file. (-1,359:2 "No such file or directory")
<end of license.log>

The system could be experiencing a problem finding the local system, rather than the issue normally associated with this error message (that is, the file is either not installed or is not in the correct location).


To recognize the license file, the system must be able to locate the localhost correctly. In some cases the hosts file from an earlier kernel installation does not have the correct hosts entries and causes the license files to be ignored on an upgraded 8.0 system.


Before upgrading to 8.0, first make sure the license file is in the correct location. With release 8.0 all license files must be in the /nsconfig/license directory in order to be recognized.

Next, check the hosts files in /nsconfig and in /etc, and make sure both include lines for localhost and for the NetScaler name as defined in the configuration and /nsconfig/rc.conf. A properly configured hosts file should look similar to the following (using nshost as the example name defined for this NetScaler).    localhost    nshost


The lmgrd subroutine is called and runs when the NetScaler starts. If there is a conflict of NetScaler host name in either the /nsconfig/hosts or /etc/hosts file, the lmgrd process skips reading the license files in the /nsconfig/license directory. This limitation requires modifications to the lmgrd subroutine, and requires involvement of Macrovision. Resolution to this limitation is being tracked by Issue 29909.

More Information

It is common to refer to the local system as localhost, which is associated with a loopback address ( When a system needs to address its own IP address, it determines the IP address which resolves to the localhost name. Thus, putting the localhost line into the hosts file allows the NetScaler to properly find its own IP address.

Application Networking: 

CTX110261 - URL Redirection Using Content Switching

CTX110261 - URL Redirection Using Content Switching

This document was published at:

Document ID: CTX110261, Created on: Aug 21, 2006, Updated: Aug 23, 2006

Products: Citrix NetScaler Application Delivery Software 6.1, Citrix NetScaler Application Delivery Software 6.0


There are times when the NetScaler needs to be setup to handle URL redirection. URL Redirection is a technique on the World Wide Web for making a Web page auto redirect under many URLs. This article describes how to configure the NetScaler to direct all incoming requests for the Web root “/” to a particular homepage, but the technique may be adapted (using alternate policies) to configure redirection of arbitrary requests to arbitrary Web pages.


NetScaler version 6.0 or later.


In order to get the NetScaler to redirect a URL to another URL it requires the use of Content Switching virtual server, Content Switching policy, the default content switch policy, two load balancing virtual servers and one dummy service bound to a dummy server. One load balancing virtual server is a “real” virtual server, in the UP state that has the services bound to it, and the other virtual server is a dummy virtual server that is in the DOWN or DISABLED state which is configured for –URLRedirect. This dummy virtual server must also be bound to a dummy service. The Content Switch uses two policies, one that matches what the Uniform Resource Identifier (URI) that the users are typing in and a default policy if the match fails. The Content Switch policies must be bound to the appropriate Target load balanced virtual server for the intended behavior to occur.

The client request, for example, is first sent to the Content Switch virtual server where it will match some policy like “REQ.HTTP.URL == /”. Upon matching the request is switched to the dummy LB virtual server. Because the dummy virtual server is in the DOWN state, it uses the –URLRedirect parameter, for example, to respond to the client with the appropriate HTTP 302 redirect. The client sends a new GET request containing the complete URI specified by the –URLRedirect parameter. The bound policy will not be hit this time, so will fall through to the default policy which will direct the traffic to the “real” load balancing servers, with the complete URI.


1. First create a dummy server and service that will be used to for the dummy virtual server, using the IP address

add server dummy-server

add service dummy-service dummy-server HTTP 80

Note: Using the GUI, the same can be achieved by clearing the “directly addressable” check box.

2. Create two load balanced virtual servers; one for the real virtual server and the other for the dummy virtual server. No IP address should be specified when creating these LB vservers (again, clear “directly addressable if using the GUI”).

add lb vserver Vserver-LB-UP HTTP

add lb vserver Dummy-LB-DOWN HTTP -state DISABLED

3. Bind actual services to the real load balancing virtual server. In this case Vserver-LB-UP.

bind lb vserver Vserver-LB-UP Service1 -weight 1

bind lb vserver Vserver-LB-UP Service2 -weight 1

4. Bind the dummy service to the dummy virtual server and set the dummy virtual server with the URL that should be specified in the 302 redirect response.

bind lb vserver Dummy-LB-DOWN dummy-service -weight 1

set vserver Dummy-LB-DOWN -redirectURL http:/

5. Create a Content Switch policy that matches the URI “/” at the end.

add cs policy CS-redirect -rule "REQ.HTTP.URL == /"

Note: “/*” is not a sensible option as it will match everything after, which will result in an infinite loop of redirects.

6. Create a Content Switch virtual server. This virtual server address will need to be resolvable for the URL that the users are using in the browsers.

add cs vserver CS-Redirect-VIP HTTP 80

7. Bind the Content Switch policy and the default policy to the Content Switch virtual server with the appropriate load balance virtual servers.

bind cs vserver CS-Redirect-VIP Dummy-LB-DOWN -policyName CS-redirect

bind cs vserver CS-Redirect-VIP Vserver-LB-UP

More Information

For more information on URL redirection, refer to CTX108946 – Description of the Redirect URL Feature.

Application Networking: 

CTX110089 - What are the Major Enhancements Related to Access Control Lists in NetScaler Version 6.1

CTX110089 - What are the Major Enhancements Related to Access Control Lists in NetScaler Version 6.1?

This document was published at:

Document ID: CTX110089, Created on: Aug 21, 2006, Updated: Aug 21, 2006

Products: Citrix NetScaler Application Delivery Software 6.1

Q: What are the major enhancements related to access control lists in NetScaler version 6.1?


1. User-defined priority:

In NetScaler versions 6.0 and earlier there are no provisions to assign priorities to access control list statements or systems used to internally prioritize the access control lists. In NetScaler version 6.1, priority values from 1 to 1024 can be assigned to an access control list statement at configuration time. An access control list statement that is added without priority is assigned a priority by the system in a range from 1025 to 2048.

The commands to add an access control list statement with priority or modify the existing priority are as follows:

add ns acl test_acl DENY -srcIP -destIP -priority 10


set ns acl test_acl -priority 20

2. Support for “established” sessions:

The “established” keyword automatically applies the access control list action on return traffic related to a session which already has matched the access control list. Thus if TCP traffic from host A to host B is allowed by access control list 20 and the “established” option is enabled, the return traffic from host B to host A is also allowed by the NetScaler.

The following command adds an access control list statement with the “established” option:

add ns acl test_acl2 DENY -srcIP -destIP -protocol TCP -established

Application Networking: 
Powered by Drupal
Subscribe to RSS - NetScaler