Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


How design a Citrix Netscaler deployment?

Posted on 2013-01-29
Medium Priority
Last Modified: 2016-10-25
Hello Everyone,

Just purchased a new Netscaler 8200.  We want to use this for reverse proxy, NLB and SSL vpn.  I am trying to figure out the best deployment scenario for our environment.  

Basic Setup:
The netscaler has a management nic.  Is this interface any different then the other interfaces?  Does having a management nic on different network mean that it would be a 2 arm deployment?

If everything is behind a firewall should I even bother with a management nic?  With the management nic routing becomes more complicated.

For SSL vpn is it best to have a nic the inside and one on the DMZ?  Or should I just have a single nic in the DMZ?  

Reverse proxy
If we want to do reverse proxy in the DMZ for servers that reside on internal network is single arm ok?

Question by:jdflory
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 38833695

Following Citrix document will give you comprehensive details of how to setup SSL VPN and reverse proxy.


Single arm should be okay for Reverse proxy setup. Single arm setup is easy to implement and troubleshoot; not many network changes required and provides good security..


Author Comment

ID: 38835383
Is single arm ok for vpn?  Should I be looking at each service separately?  Like single arm for reverse proxy and dual arm for vpn?

If I have single arm for vpn would have to open all ports from netscaler to inside network?


Accepted Solution

gsmartin earned 1000 total points
ID: 38835739
First, the NetScaler IP (NSIP) address is the IP address at which you access the NetScaler for management purposes. The NetScaler can have only one NSIP, which is also called the Management IP address. You must add this IP address when you configure the NetScaler for the first time. If you modify this address, you must reboot the NetScaler. You cannot remove an NSIP address. For security reasons, NSIP should be a non-routable IP address on your organization's LAN.  

FYI... This is Citrix's description of NSIP.  I have my Management IP (NSIP) configured and isolated on a separate internal management network.

Other interfaces have their specific purpose and it's important to understand each i.e. SNIP (Subnet IP), MIP (Mapped IP), VIP (Virtual IP).  SNIP is typically used as your VLAN IP, MIP is typically used as a Last resort proxy (atleast one MIP has to be configured), and VIP is used as a virtual IP address to virtually sit in front of your servers, which the client machines will communicate to.


Further, in respect to VPN, I have a single arm configuration for VPN with multiple VLANs on the same interface and it works very well with no problems.  The single arm configuration was easier to deploy when I was new to the Netscaler, but now I am working on switching over to the dual arm configuration.
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question