jnordeng
asked on
How to properly Secure the Management IP in an HA and singular node without breaking portal web page.
Hello. Via audit and best practice we are working to eliminate port 80 for use on our Netscaler's. I have 2 IP's on the HA Clusters I have some questions about. (The env is Netscaler, Storefront, XenApp)
If I enable Secure Access only on the Management Portal IP, the page will no longer load. Everything I see says to secure the NSIP which I have done, however; the Management IP is used on Traffic Domain 1 and is important in the HA Clusters. This fails the same on a single node not part of an HA. Is there another process to secure the Management IP? This is used if we should fail over to continue monitoring the HA rather than 1 individual node.
Our Netscaler's are running version 11.1.63.15 and are Netscaler MPX 9700 FIPS.
The secondary IP is considered a floating subnet IP between the 2 nodes. I only have the 2 HA's in production in test a singular node. So wanted to inquire as to the expected action should I enable the Secure Access only on the Network IP page options?
Thanks in advance for your assistance.
If I enable Secure Access only on the Management Portal IP, the page will no longer load. Everything I see says to secure the NSIP which I have done, however; the Management IP is used on Traffic Domain 1 and is important in the HA Clusters. This fails the same on a single node not part of an HA. Is there another process to secure the Management IP? This is used if we should fail over to continue monitoring the HA rather than 1 individual node.
Our Netscaler's are running version 11.1.63.15 and are Netscaler MPX 9700 FIPS.
The secondary IP is considered a floating subnet IP between the 2 nodes. I only have the 2 HA's in production in test a singular node. So wanted to inquire as to the expected action should I enable the Secure Access only on the Network IP page options?
Thanks in advance for your assistance.
Last Comment
ASKER
We have an IP set that you can use and it will go between the two NSIP's in a management cluster. It is configured in a separate traffic zone so that the traffic is separated from the traffic being passed through the Netscaler. This was a requirement for security and at the business level. So the mgmt IP is in a different subnet than the NSIP and SNIP. Does that help?
Thanks
Thanks
I've heard of the NSIP and its corresponding SNIP bound to a separate interface and VLAN for security purposes but have not heard of the management IP being different than the NSIP.
The various IPs on the appliance are:
NSIP
SNIP or MIP
VIP
... as defined here: https://www.schalley.eu/2014/07/18/netscaler-nsipsnipmipvip/
If you could point me to any documentation regarding another type of IP, I would appreciate it. Thanks.
The various IPs on the appliance are:
NSIP
SNIP or MIP
VIP
... as defined here: https://www.schalley.eu/2014/07/18/netscaler-nsipsnipmipvip/
If you could point me to any documentation regarding another type of IP, I would appreciate it. Thanks.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Citrix
Citrix is the synonym for the virtualization and application infrastructure systems developed by the company of the same name. Main areas are application virtualization, Software-As-A-Service (SaaS), cloud-computing and networking. The two most well-known are Citrix XenApp or Citrix CloudPlatform.
14K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
The NSIP (NetScaler IP) is the management IP.
Are you referring to the SNIP (Subnet IP), which is shared by the two nodes?