NS Initial Konfiguration
Lizenz ID MAC
Netzwerk
Hostname vom NetScaler ändern
Hochverfügbarkeit für Netscaler aktivieren
Netscaler Initial Konfiguration
configns
shell lmutil lmhostid
VLAN an Interface und IP Subnetz an VLAN zuweisen
add vlan 48 bind vlan 48 -ifnum 1/1 –tagged bind vlan 48 -ipAddress 10.10.48.0 255.255.255.0
Hostname voon NetScaler ändern
shell cd /nsconfig vi rc.conf cd /etc vi hosts
High Availability Pair on NetScaler
set ha node -hastatus STAYPRIMARY set ha node -hastatus STAYSECONDARY disable interface <interface_num> add node <id> <ipAddress> set ns rpcnode <ipAddress> -password <string> show ns rpcnode show ha node sync ha files all sync HA files ssl set ha node -hastatus ENABLED force HA failover
Zeit Synchtonisation ohne neustrat
add ntp server 10.10.10.10 -minpoll 6 -maxpoll 11 rm /etc/ntp.conf ln -s /nsconfig/ntp.conf /etc/ntp.conf /bin/sh /etc/ntpd_ctl full_start
add ssl vserver <NAME> –HSTS ENABLED –maxage 157680000 –IncludeSubdomain YES add sslProfile <NAME> –HSTS ENABLED –maxage 157680000 –IncludeSubdomain YES oder add rewrite action insert_STS_header insert_http_header Strict-Transport-Security "\"max-age=157680000\"" add rewrite policy enforce_STS true insert_STS_header
SSL-Profile
Deny SSL Renegotation ALL set ssl parameter -denySSLReneg FRONTEND_CLIENT
add ssl cipher SSLLABS-PROF bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256 bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256 bind ssl cipher SSLLABS-PROF -cipherName TLS1-ECDHE-RSA-AES256-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1-ECDHE-RSA-AES128-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256 bind ssl cipher SSLLABS-PROF -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1-AES-256-CBC-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1-AES-128-CBC-SHA IOS Geräte bekommen Fehler "Error Number 183", wenn diese Cipher gebunden sind: bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384 bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384
Direct Server Return
netsh interface ipv4 set interface "Your production network adaptor name" weakhostreceive=enabled
netsh interface ipv4 set interface "Your loopback network adaptor name" weakhostreceive=enabled
netsh interface ipv4 set interface "Your loopback network adaptor name" weakhostsend=enabled
Links:
How to Allocate NetScaler VPX Licenses
How to Associate an IP Subnet with a NetScaler Interface by Using VLANs