Deployment Guide. Web Filter. Deployment Guide. A Step-by-Step Technical Guide

Similar documents
Deployment Guide. WAN Link Load Balancing. Deployment Guide. A Step-by-Step Technical Guide

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

Layer 2-7 High Availability

Application Template Deployment Guide

Deployment Guide ICA Proxy for XenApp

DEPLOYMENT GUIDE XenApp, Avaya 1X Agent. Deployment Guide. Avaya 1X Agent. XenApp.

Deployment Guide for Microsoft Lync 2010

Set Up a VM-Series Firewall on the Citrix SDX Server

Deployment Guide ICA Proxy for XenApp

Deployment Guide SSL VPN. Deployment Guide. A Step-by-Step Technical Guide

ExamPDF. Higher Quality,Better service!

Link Load Balancing :50:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Deploying NetScaler Gateway in ICA Proxy Mode

Deploying Microsoft Dynamics CRM 2015 with NetScaler

White paper. Microsoft and Citrix VDI: Virtual desktop implementation scenarios

Configuring Citrix NetScaler for IBM WebSphere Application Services

The Benefits of Virtualizing Citrix XenApp with Citrix XenServer

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

Extending Microsoft Hyper-V with Advanced Automation and Management from Citrix

Deployment Guide Oracle Siebel CRM

icrosoft TMG Replacement with NetScaler

Deployment Guide AX Series with Citrix XenApp 6.5

Deployment Guide. Microsoft SharePoint Deployment Guide. Utilizing the Acceleration and Optimization Features of Citrix NetScaler A Technical Guide

Integrated Citrix Servers

Features of a comprehensive application security solution

Deployment Guide for Microsoft SharePoint 2010

White paper. Getting started with EdgeSight for Load Testing

White paper. Improving visibility to user login experience with Citrix EdgeSight

Building a better branch office.

Microsoft SharePoint 2013 with Citrix NetScaler

Deployment Guide Microsoft IIS 7.0

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing

Deployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365

Starting a Management Session

How To Use Netscaler As An Afs Proxy

Deployment Guide for Microsoft Exchange 2010

Using Vasco IDENTIKEY Server with NetScaler

Single Sign On for ShareFile with NetScaler. Deployment Guide

Simplicity is power.

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Configuring Content Switching Feature

Executive summary. Introduction Trade off between user experience and TCO payoff

Accelerating Microsoft Windows 7 migrations with Citrix XenApp

Solutions Guide. Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync citrix.com

Benefits of Citrix NetScaler for Ajax Applications

Configuring Auto Policy-Based Routing

Citrix Access Gateway

Citrix Solutions for Complying with PCI-DSS ENSURING PROTECTION OF WEB APPLICATIONS AND PRIVACY OF CARDHOLDER INFORMATION

> Technical Configuration Guide for Microsoft Network Load Balancing. Ethernet Switch and Ethernet Routing Switch Engineering

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com

Configuring PA Firewalls for a Layer 3 Deployment

Trouble Shooting SiteManager to GateManager access

Thunder ADC for Epic Systems

Advanced virtualization management for Hyper-V and System Center environments.

Virtual LAN Configuration Guide Version 9

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

How To Load Balance On A Libl Card On A S7503E With A Network Switch On A Server On A Network With A Pnet 2.5V2.5 (Vlan) On A Pbnet 2 (Vnet

SAML 2.0 SSO Deployment with Okta

Scaling Next-Generation Firewalls with Citrix NetScaler

QUICK START GUIDE. Cisco C170 Security Appliance

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Improving Microsoft Exchange 2013 performance with NetScaler Hands-on Lab Exercise Guide. Johnathan Campos

Cisco S380 and Cisco S680 Web Security Appliance

Table of Contents Citrix NetScaler Deployment Guide for Microsoft Exchange

White paper. Microsoft SharePoint and Citrix Application Optimization Deployment Best Practices and Performance Validation

Deployment Guide MobileIron Sentry

Citrix XenDesktop with FlexCast technology. Citrix XenDesktop: Desktop Virtualization For All.

HP Load Balancing Module

SOFTWARE LICENSE LIMITED WARRANTY

Deployment Guide. AX Series for Microsoft Lync Server 2010

Deploying F5 to Replace Microsoft TMG or ISA Server

Microsoft Lync Server 2010

Provisioning Server High Availability Considerations

Unified Threat Management

INTEGRATION GUIDE. DIGIPASS Authentication for Citrix NetScaler (with AGEE)

Thunder Series for SAP BusinessObjects (BOE)

Deploying NetScaler with Microsoft Exchange 2016

Technical Guide for Adding XenDesktop 4 to an Existing XenApp 5 Environment

Provisioning ShareFile on Microsoft Azure Storage

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

NetScaler SQL Intelligent Load Balancing. Scaling the Data Tier with.

White Paper. Citrix NetScaler Deployment Guide

Load Balancing Trend Micro InterScan Web Gateway

Deployment Guide for Citrix XenDesktop

Load Balancing McAfee Web Gateway. Deployment Guide

Load Balancing Microsoft Terminal Services. Deployment Guide

Citrix StoreFront 2.0

Barracuda Link Balancer Administrator s Guide

Network Agent Quick Start

Evaluation Virtual Appliance Quick Start Guide for Citrix XenApp

Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing

Load Balancing Bloxx Web Filter. Deployment Guide

Overview of WebMux Load Balancer and Live Communications Server 2005

Exam : 1Y Citrix Access Gateway 8.0 Enterprise Edition: Administration. Title : Version : DEMO

Transcription:

Deployment Guide Web Filter Deployment Guide A Step-by-Step Technical Guide

Deployment Guide Notice: The information in this publication is subject to change without notice. THIS PUBLICATION IS PROVIDED AS IS WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. CITRIX SYSTEMS, INC. ( CITRIX ), SHALL NOT BE LIABLE FOR TECHNICAL OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL, CONSEQUENTIAL OR ANY OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION, EVEN IF CITRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. This publication contains information protected by copyright. Except for internal distribution, no part of this publication may be photocopied or reproduced in any form without prior written consent from Citrix. The exclusive warranty for Citrix products, if any, is stated in the product documentation accompanying such products. Citrix does not warrant products other than its own. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Copyright 2008 Citrix Systems, Inc., 851 West Cypress Creek Road, Ft. Lauderdale, Florida 33309-2009 U.S.A. All rights reserved.

Table of Contents Introduction...4 Solution Requirements...5 Prerequisites...5 Network Diagram...6 First time connectivity...8 Serial Connection...8 Ethernet Connection...8 NetScaler Configuration...9 Deployment Model: Netscaler Two-Arm Mode, Server Load Balancing, RNAT...9 Licensing...10 Basic Features...11 IP Addresses, Interfaces and VLANs...12 RNAT Configuration...15 About RNAT...15 Load Balancing Configuration...16 About Server Load Balancing...16 Create Server Objects...16 Create Service Groups...17 Create LB Virtual Server Objects (VIPs)...18 Load Balancing Methods & Persistence...19 St.Bernard Web Filter...20 Outbound Web Filter...20 Outbound Web Filter for XenApp...24 Appendix A - NetScaler Application Switch Configuration...26 Headquarters NetScaler...26

Introduction Citrix NetScaler optimizes the delivery of web applications increasing security and improving performance and Web server capacity. This approach ensures the best total cost of ownership (TCO), security, availability, and performance for Web applications. The Citrix NetScaler solution is a comprehensive network system that combines high-speed load balancing and content switching with state-of-the-art application acceleration, layer 4-7 traffic management, data compression, dynamic content caching, SSL acceleration, network optimization, and robust application security into a single, tightly integrated solution. Citrix XenApp, a member of the Citrix Delivery Center product family, is an end-to-end Windows application delivery system that offers both client-side and server-side application virtualization, for optimal application performance and flexible delivery options. St. Bernard products are used in enterprises of all sizes across most commercial markets including healthcare, manufacturing, finance, insurance, real estate, and public administration, as well as educational institutions and state/local governments. St. Bernard offers a full suite of secure content management solutions that integrate on-premise appliances with on-demand services to protect corporate networks from online threats, manage bandwidth use and enforce acceptable use policies. This industry-leading hybrid solution platform offers the security and control of an on-premises appliance with the scalability of an on-demand service. St. Bernard is the first and only company to support a true Hybrid Product Line, combining the security and control of h-series appliances with the unlimited scalability of iprism Managed Services. Hybrid solutions provide only the best functions from both an appliance and managed services approach to deliver filtering solutions at the best location within the IT infrastructure to maximize efficiency and value. The Award-winning iprism Web Filter secures organizations from Internet-based threats such as malware, spyware, IM, P2P, and inappropriate content, at the perimeter, while it helps enforce acceptable use and security policies. The new iprism h-series appliances also offer unmatched power, value and performance. With dual quad-core processors and hot-swappable SATA hard drives and power supplies, there isn t an appliance on the market that equals the new iprism h-series. When integrated with Citrix NetScaler and Application Firewall, the St.Bernard offers the extra level of protection that organizations are often looking for to filter outbound traffic. When integrated with Citrix XenApp, the St.Bernard provides an added layer of security by filtering individual client sessions that connect to the internet from the Application Virtualization platform - XenApp. This deployment guide was created as the result of validation testing with The Citrix NetScaler, Application Firewall, Citrix XenApp and St.Bernard iprism h-series Web Filter. This deployment guide walks through the step-by-step configuration details of how to configure the Citrix NetScaler application switch, and the St.Bernard iprism Web Filter. 4

Solution Requirements Application Switch - Citrix NetScaler NAT (Reverse NAT) Application Firewall - Citrix Application Firewall Application Virtualization - Citrix XenApp Web Filter - St.Bernard iprism Web Filter, IM/P2P, Antivirus Prerequisites Citrix NetScaler L4/7 Application Switch, running version 8.0+ (Quantity x 2 for Headquarters & Remote sites). Citrix Application Firewall Citrix XenApp (Citrix Presentation Server) St.Bernard iprism h-series Web Filter Client laptop/workstation running Internet Explorer 6.0+, Ethernet port 9-pin serial cable -or- USB-to-serial cable 5

Network Diagram The following is the Network that was used to develop this deployment guide, and is representative of a solution implemented at a customer site. Shown here with NetScaler in two-arm mode and St.Bernard in one-arm mode along with Citrix XenApp. VLAN Legend NetScaler St.Bernard Web Filter XenApp VLAN 172 VLAN 65 VLAN 1: (Mgmt) Interface 1/2, Untagged NSIP: 169.145.91.71 / 24 SNIP: 169.145.91.1 / 24 Mgmt IP: 172.16.104.111 / 24 Gateway: 172.16.104.1 IP Address: 172.16.104.151 / 24 Gateway: 172.16.104.1 VLAN 65: Interface 1/8, Untagged SNIP: 65.89.216.1 / 24 VIP: 65.89.216.151 / 24 VLAN 172: Interface 1/7, Untagged SNIP: 172.16.104.1 / 24 6

Application Server DFG 65.89.216.1 NAT 65.89.216.2 LB VIP 65.89.216.151 Citrix NetScaler Mgmt int 1/2 10.217.104.71 St.Bernard Web Filter 172.16.104.111 Clients Internet Outside 67.97.253.0/24 vlan 65 Inside 172.16.104.0/24 vlan 172 Mac Windows XenApp Thin Clients Citrix XenApp 7

Serial: 9600, n, 8, 1 Default IP Address: 192.168.100.1 First time connectivity Serial Connection The NetScaler can be accessed by the serial port through any terminal emulation program. Windows Hyperterm is commonly used on a laptop or workstation. Connect a 9-pin Null Modem cable (or USB-to-9-pin cable) from the computer to the NetScaler s console port. In the terminal emulation program configure the settings for 9600 baud, No stop bits, 8 data bits, and 1 parity bit. The login prompt should appear. The default login is nsroot, nsroot. It is advisable to change the nsroot password once connected. Once connected type in the CLI command configns ( nsconfig if at the shell prompt). Select option 1 to change the NetScaler IP Address and Network Mask. Exit, save and reboot. Ethernet Connection The NetScaler can also be accessed by the default IP Address of 192.168.100.1, either through an http, https, telnet or ssh connection. Once connected, the login prompt should appear. The default login is nsroot, nsroot. It is advisable to change the nsroot password once connected. Type in the CLI command configns ( nsconfig if at the shell prompt). Select option 1 to change the NetScaler IP Address and Network Mask. Exit, save and reboot. Note: Changing the NetScaler IP Address always requires a reboot. 8

NetScaler Configuration Deployment Model: Netscaler Two-Arm Mode, Server Load Balancing, RNAT. The NetScaler in this example will be used in two-arm mode. The NetScaler in Two-Arm mode uses different interfaces for the segmentation of VLAN traffic, providing an additional physical layer of separation. This deployment can easily have been implemented using a Trunk port on the Netscaler and Layer 2 switch. For incoming connections to the Application server, we will configure a Load Balancing VIP on the Internet facing subnet. Connect to the NetScaler via the NSIP using a web browser. In this example: NS1: http://10.217.104.71 Ethernet Note: Java will be installed. Default login is: nsroot, nsroot. 9

Basic Features Load Balancing is enabled in Basic Features. From the GUI, navigate to NetScaler System Settings Basic Features. Select Load Balancing and click OK. 11

Important NetScaler IP Addresses Acronym Description Usage Note: NSIP is Mandatory and requires a reboot. NSIP NetScaler IP Address The NetScaler IP (NSIP) is the management IP address for the appliance, and is used for all management related access to the appliance. There can only be one NSIP. SNIP Subnet IP Address The Subnet IP address (SNIP) allows the user to access an Application Switch from an external host that is residing on another subnet. When a subnet IP address is added, a corresponding route entry is made in the route table. The Application Switch uses the SNIP as the source IP Address for outgoing packets, when the USNIP mode is enabled. USNIP is enabled by default. (With USNIP enabled, configuration of MIP is unnecessary). The SNIP can also be used as the Tagged VLAN IP, and for RNAT. MIP Mapped IP Address The mapped IP address (MIP) is becoming outdated. It has traditionally been used by the Application Switch to represent the client when communicating with the backend managed server. Mapped IP addresses (MIP) were used for server-side connections and can be used for Reverse NAT. Think of this as the client s source address on the server-side of the Application Switch, assuming a two-arm proxy deployment. When using the USNIP mode above, MIP s are unnecessary. VIP Virtual IP Address The Virtual Server IP address (VIP) is used by the Application Switch to represent the public facing ip address of the managed services. ARP and ICMP attributes on this IP address allow users to host the same vserver on multiple Application Switches residing on the same broadcast domain. DFG Default Gateway IP Address of the router that forwards traffic outside of the subnet where the appliance is installed. Note: USNIP mode is enabled by default. If both USIP mode and USNIP mode are enabled, USIP mode takes precedence over USNIP mode. IP Addresses, Interfaces and VLANs Assigning IP Addresses to Interfaces is done virtually through the use of port based VLANs. By default, all the interfaces on the system are in a single port-based VLAN as untagged interfaces. This VLAN is the default VLAN with a VID equal to 1. When an interface is added to a new VLAN as an untagged member, the interface is automatically removed from the default VLAN and placed in the new VLAN. This becomes a convenient feature, such that when we plug the Netscaler into a Switch that is using VLANs with tagging, we only need to check the box, to turn on tagging. VLANs are typically used to separate subnet traffic. If Trunking is turned On, you will see an interface as a member of more than one VLAN. 12

Add the remaining IP Addresses IP Addresses (SNIPs) that are used for routing between VLANs and RNAT are added separately according to the table in the network diagram. Note that VIP addresses are created later during Load Balancing configuration, not at this time. The following screen shots are for the NetScaler. Add the remaining IP Addresses. NetScaler Network IPs Add. Note: Dynamic Routing must be enabled on the Subnet IP (SNIP) for these routes to be propagated in routing protocols. Make sure you take this opportunity to Save the configuration on both the Primary and Secondary NetScalers. 13

Create VLANs and Assign Subnet IP Addresses to them. NetScaler Network VLANs Add. Note: For this example: We create VLANs 65 & 172. We assign VLAN 65 to Interface 1/8 and VLAN 172 to interface 1/7. (We did not use VLAN Trunking in this deployment, but easily could have by turning on trunking on one of the NetScaler interfaces, and assigning VLANs 65 & 172 to it). Interface 1/2 is our management interface, in VLAN 1. NetScaler Network VLANs, to add VLAN and Interface assignments on the Application Switch. Be sure to bind the ip address to each VLAN, and enable dynamic routing. Note: Dynamic Routing must be enabled on the VLAN for these routes to be propagated to routing protocols. 14

RNAT Configuration About RNAT The NetScaler system supports Reverse Network Address Translation (RNAT) or NAT for outbound connections. When the system performs RNAT, it replaces the source IP addresses of packets generated by the back-end servers with a NAT IP address. The NAT IP address is a public IP address. By default, the NAT IP address is a MIP. However, you can configure the system to use a Subnet IP address as the NAT IP addresses, which we do in this deployment guide. From the GUI, navigate to NetScaler Network Routing Configure RNAT Create. With this configuration all internal private ip addresses that originate in the 10.217.104.0 network will be translated (NAT d) to 65.89.216.2 as they reach the public internet. We added a separate SNIP 65.89.216.2 to be used for the public NAT address, but could have also used the 65.89.216.1 SNIP to save ip addresses. 15

Load Balancing Configuration About Server Load Balancing Server Load Balancing is used for incoming connections to Application servers. Load balancing allows you to distribute requests sent to a particular virtual server (vserver or VIP) evenly across several physical servers. A client sends a request to the virtual server, which selects a physical server in the server farm and directs the request to the selected physical server. Load balancing allows the Application Switch to choose the physical server with the lowest load and greatest available resources. 1-2-3: Configuring Load Balancing is a simple 1-2-3 process performed by creating objects within the Citrix Application Switch. We create the objects in logical formation from the backend servers to the forward facing internet IP Address: 1) Create Servers 2) Create Services 3) Create Load Balancing VIPs w/persistence Create Server Objects Create server objects that point to the backend Application and Database servers. We can refer to these servers by name as opposed to IP Address, and can then assign availability monitors to them. Create server objects for the Application and Database servers on the backend. From the GUI, navigate to NetScaler Load Balancing Servers Add. 16

Create Service Groups Service Groups are containers for managing load balancing and SSL services to several instances of the same service (port number) on the same or different servers (ip address). Add the Service Group for the HQ Application Server. From the GUI, navigate to NetScaler Load Balancing Service Groups Add. Select an availability monitor to keep in contact with the server/service. If the service goes down, load balancing will mark it down and send traffic to the other available servers/services. Select the Monitors tab. Select http-ecv. http-ecv uses a GET request. Monitors can be added or modified. 17

To get the most performance, select the Advanced tab and turn on Compression and TCP Buffering. The compression computation is an off-loaded task for both http and https from the Application servers. Select the Advanced tab, check TCP Buffering and Compression. Select OK. Add the Server Load Balancing Virtual Server. NetScaler Load Balancing Virtual Servers Add. Create LB Virtual Server Objects (VIPs) The Virtual Server or Virtual IP Address is the logical entity on the system that accepts client connections from the Internet and distributes them to the service groups/objects. The Vserver or VIP is the public facing internet connection. In this example: Our public facing IP Address for the Application server is 65.89.216.151 on port 80. 18

Load Balancing Methods & Persistence The Citrix Application Switch is capable of several Load Balancing Methods. In order to direct traffic correctly to the Application servers, the Citrix Application Switch can also be configured to persist traffic. Select the Methods and Persistence tab. Select the LB Method Round Robin. By default the Citrix Application Switch uses the Least Connections load balancing algorithm, but can be changed to Round Robin. Several persistence methods are available. Make sure you take this opportunity to Save the configuration on both the Primary and Secondary switches. 19

St.Bernard Web Filter Outbound Web Filter The St.Bernard Web Filter intercepts traffic bound for the internet and either blocks or logs it. It is very simple to use. We plugged the "Int" interface into VLAN 172, and allowed the St.Bernard Appliance Manager to find the appliance automatically. We then assigned an ip address to it. 20

Once in contact, select the Manage Selected Appliance System Configuration. To configure the iprism to seamlessly authenticate each user with Active Directory for every session they browse to the Internet, select Users Windows. Select Active Directory, type in the Domain, and a machine account for this iprism. Type in the Administrator and Password so that this iprism machine can join the Domain. 21

22 To configure the iprism policies for blocking and monitoring content, select Access Profiles. Add the profile name. Select which content to block, and which

To apply the iprism policies for to the internal subnet Users Network. Select Add, add the IP Subnet start and end, select the Web Profile. Click Ok. To apply the policy to the Active Directory domain, select Users Profile Mappings. Select Add, select the Domain, type in Domain Admins for the group. Under Web Access Profile, select the profile you created. Click Ok. 23

Outbound Web Filter for XenApp The St.Bernard Web Filter can be configured to work with Citrix XenApp. Because the St.Bernard uses 'Session Authentication' with every user against Active Directory, every individual user that is logged into XenApp via a thin client is captured in the St.Bernard logs and reports by individual username. To configure St.Bernard for use with Citrix XenApp, add the Citrix XenApp server to the Networks list by its IP Address. On the Citrix XenApp, configure internet sessions to proxy through the iprism, on port 3128. 24

25

Appendix A - NetScaler Application Switch Configuration Headquarters NetScaler nshq1> #NS9.0 Build 47.008 set ns config -IPAddress 10.217.104.71 -netmask 255.255.255.0 enable ns feature WL SP LB enable ns mode FR L3 Edge USNIP PMTUD set interface 1/1 -speed AUTO -duplex AUTO -autoneg ENABLED -hamonitor ON -trunk OFF -lacpmode DISABLED -throughput 0 - bandwidthhigh 0 -bandwidthnormal 0 set interface 1/2 -speed AUTO -duplex AUTO -autoneg ENABLED -hamonitor OFF -trunk OFF -lacpmode DISABLED -throughput 0 - bandwidthhigh 0 -bandwidthnormal 0 set interface 1/3 -speed AUTO -duplex AUTO -autoneg ENABLED -hamonitor OFF -trunk OFF -lacpmode DISABLED -throughput 0 -bandwidthhigh 0 -bandwidthnormal 0 set interface 1/4 -speed AUTO -duplex AUTO -autoneg ENABLED -hamonitor OFF -trunk OFF -lacpmode DISABLED -throughput 0 - bandwidthhigh 0 -bandwidthnormal 0 set interface 1/5 -speed AUTO -duplex AUTO -autoneg ENABLED -hamonitor OFF -trunk OFF -lacpmode DISABLED -throughput 0 - bandwidthhigh 0 -bandwidthnormal 0 set interface 1/6 -speed AUTO -duplex AUTO -autoneg ENABLED -hamonitor OFF -trunk OFF -lacpmode DISABLED -throughput 0 - bandwidthhigh 0 -bandwidthnormal 0 set interface 1/7 -speed AUTO -duplex AUTO -flowcontrol RXTX -autoneg ENABLED -hamonitor OFF -trunk OFF -lacpmode DISABLED - throughput 0 -bandwidthhigh 0 -bandwidthnormal 0 set interface 1/8 -speed AUTO -duplex AUTO -flowcontrol RXTX -autoneg ENABLED -hamonitor OFF -trunk OFF -lacpmode DISABLED - throughput 0 -bandwidthhigh 0 -bandwidthnormal 0 add ns ip 10.217.104.73 255.255.255.0 -vserver DISABLED add ns ip 65.89.216.1 255.255.255.0 -vserver DISABLED -dynamicrouting ENABLED add ns ip 172.16.104.1 255.255.255.0 -vserver DISABLED -dynamicrouting ENABLED add ns ip 10.217.104.72 255.255.255.0 -type MIP -vserver DISABLED add ns ip 66.91.171.1 255.255.255.0 -vserver DISABLED -dynamicrouting ENABLED add ns ip 65.89.216.2 255.255.255.0 -vserver DISABLED add vlan 65 -ipv6dynamicrouting ENABLED add vlan 66 -ipv6dynamicrouting ENABLED add vlan 172 -ipv6dynamicrouting ENABLED bind vlan 65 -ifnum 1/8 bind vlan 65 -IPAddress 65.89.216.1 255.255.255.0 bind vlan 66 -ifnum 1/6 26

bind vlan 66 -IPAddress 66.91.171.1 255.255.255.0 bind vlan 172 -ifnum 1/7 bind vlan 172 -IPAddress 172.16.104.1 255.255.255.0 add server Server151 172.16.104.151 add servicegroup ServerGroup151 HTTP -maxclient 0 -maxreq 0 -cip DISABLED -usip NO -clttimeout 180 -svrtimeout 360 -CKA NO -TCPB YES -CMP YES add lb vserver VIP151 HTTP 65.89.216.151 80 -persistencetype NONE -lbmethod ROUNDROBIN -clttimeout 180 bind servicegroup ServerGroup151 Server151 80 -serverid 151 bind lb vserver VIP151 ServerGroup151 bind lb monitor http-ecv ServerGroup151 add route 0.0.0.0 0.0.0.0 65.89.216.250 -distance 205 -cost 1 set rnat 172.16.104.0 255.255.255.0 -natip 65.89.216.2 set ns hostname nshq1 27

Citrix Worldwide Worldwide headquarters Citrix Systems, Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA T +1 800 393 1888 T +1 954 267 3000 Regional headquarters Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054 USA T +1 408 790 8000 Europe Citrix Systems International GmbH Rheinweg 9 8200 Schaffhausen Switzerland T +41 52 635 7700 Asia Pacific Citrix Systems Hong Kong Ltd. Suite 3201, 32nd Floor One International Finance Centre 1 Harbour View Street Central Hong Kong T +852 2100 5000 Citrix Online division 5385 Hollister Avenue Santa Barbara, CA 93111 USA T +1 805 690 6400 www.citrix.com About Citrix Citrix Systems, Inc. (Nasdaq:CTXS) is the global leader and the most trusted name in application delivery infrastructure. More than 200,000 organizations worldwide rely on Citrix to deliver any application to users anywhere with the best performance, highest security and lowest cost. Citrix customers include 100% of the Fortune 100 companies and 98% of the Fortune Global 500, as well as hundreds of thousands of small businesses and prosumers. Citrix has approximately 6,200 channel and alliance partners in more than 100 countries. Annual revenue in 2006 was $1.1 billion. Citrix, NetScaler, GoToMyPC, GoToMeeting, GoToAssist, Citrix Presentation Server, Citrix Password Manager, Citrix Access Gateway, Citrix Access Essentials, Citrix Access Suite, Citrix SmoothRoaming and Citrix Subscription Advantage and are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. UNIX is a registered trademark of The Open Group in the U.S. and other countries. Microsoft, Windows and Windows Server are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. www.citrix.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information