Solved

Should we allow traffic between Netscaler SNIP to XML/DDC servers VIP or between NSIP to XML/DDC servers VIP in firewall?

Posted on 2014-09-10
6
267 Views
Last Modified: 2016-10-25
Hello there,

Please advise if we should allow traffic between Netscaler SNIP to XML/DDC servers VIP or between NSIP to XML/DDC servers VIP in firewall?

Netscaler is in DMZ.

Please advise.

Thanks and Regards
0
Comment
Question by:goprasad
  • 3
  • 3
6 Comments
 

Author Comment

by:goprasad
ID: 40315977
Please advise.
0
 
LVL 24

Expert Comment

by:Coralon
ID: 40316126
It does not originate from the VIP.  

If you place a NIC on the internal network, then it will originate with the appropriate SNIP, if there is not, then it will use the DMZ SNIP/NSIP.

Coralon
0
 

Author Comment

by:goprasad
ID: 40316150
Thanks @Coralon, do you meant Netscaler SNIP or NSIP?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 24

Expert Comment

by:Coralon
ID: 40316159
Depends.. if the Netscaler is purely within the DMZ without a leg in the internal network, by default, it will be the same address.  Remember, the netscaler listens to all IP's on all interfaces, but if it has a leg internally, that SNIP will be used as the source.

How are you configured as far as that goes? (single-armed multi-armed, etc.)?

Coralon
0
 

Author Comment

by:goprasad
ID: 40316323
We have configured Netscaler as single arm and the device resides purely in DMZ.  
Therefore the following apply?
Can yo please elaborate on this please -  if the Netscaler is purely within the DMZ without a leg in the internal network, by default, it will be the same address.
0
 
LVL 24

Accepted Solution

by:
Coralon earned 500 total points
ID: 40318387
My apologies, I misspoke on that one.  It's been a while since I've done a Netscaler, and thinking back, you do still have to have your NSIP and a MIP/SNIP. The source of traffic for your Netscaler should be that MIP/SNIP, not the NSIP.  The NSIP is purely for management.  It will absolutely *not* be the VIP.  

You can configure it to use source addressing, which would pass that through, but that brings it's own challenges.  

Assuming you are doing the access gateway piece, you don't need source addressing. You can use the Netscaler to inject an X-Header for the client IP.  (And this is assuming you are doing *more* than just the ICA Proxy, if you are doing just the ICA Proxy, then you don't need to bother with that X-Header).

Coralon
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question