Avatar of jnordeng

asked on 

How to properly Secure the Management IP in an HA and singular node without breaking portal web page.

Hello.  Via audit and best practice we are working to eliminate port 80 for use on our Netscaler's.  I have 2 IP's on the HA Clusters I have some questions about.  (The env is Netscaler, Storefront, XenApp)

If I enable Secure Access only on the Management Portal IP, the page will no longer load.  Everything I see says to secure the NSIP which I have done, however; the Management IP is used on Traffic Domain 1 and is important in the HA Clusters.  This fails the same on a single node not part of an HA.  Is there another process to secure the Management IP?  This is used if we should fail over to continue monitoring the HA rather than 1 individual node.

Our Netscaler's are running version and are Netscaler MPX 9700 FIPS.

The secondary IP is considered a floating subnet IP between the 2 nodes.  I only have the 2 HA's in production in test a singular node.  So wanted to inquire as to the expected action should I enable the Secure Access only on the Network IP page options?

Thanks in advance for your assistance.

Avatar of undefined
Last Comment
Avatar of Sam Jacobs
Sam Jacobs
Flag of United States of America image

I'm not sure what you mean by the Management Portal IP.
The NSIP (NetScaler IP) is the management IP.
Are you referring to the SNIP (Subnet IP), which is shared by the two nodes?
Avatar of jnordeng


We have an IP set that you can use and it will go between the two NSIP's in a management cluster.  It is configured in a separate traffic zone so that the traffic is separated from the traffic being passed through the Netscaler.  This was a requirement for security and at the business level.  So the mgmt IP is in a different subnet than the NSIP and SNIP.  Does that help?

Avatar of Sam Jacobs
Sam Jacobs
Flag of United States of America image

I've heard of the NSIP and its corresponding SNIP bound to a separate interface and VLAN for security purposes but have not heard of the management IP being different than the NSIP.
The various IPs on the appliance are:
    SNIP or MIP
... as defined here: https://www.schalley.eu/2014/07/18/netscaler-nsipsnipmipvip/

If you could point me to any documentation regarding another type of IP, I would appreciate it. Thanks.
Avatar of jnordeng

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial

Citrix is the synonym for the virtualization and application infrastructure systems developed by the company of the same name. Main areas are application virtualization, Software-As-A-Service (SaaS), cloud-computing and networking. The two most well-known are Citrix XenApp or Citrix CloudPlatform.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo