1. Home
  2. nsconf
Searching...

nsconf


#NS14.1 Build 38.53
# Last modified by `save config`, Wed Mar 5 21:21:52 2025
set ns config -IPAddress 192.168.43.101 -netmask 255.255.255.0
set ns weblogparam -bufferSizeMB 3
enable ns feature WL SP LB SSL SSLVPN AAA CH
enable ns mode FR L3 Edge USNIP PMTUD
set system parameter -forcePasswordChange ENABLED
set system user nsroot 5ed78992b035767099fc2b5b00ac0b6bb3a03ee2dfbbe9678f1a598ebbbb610fd06b3816385b91dc93acbe3db7332b7e63bf41471d7d90ed4f9b16fc3e90d30d8 -encrypted -timeout 9000 -lastpwdchangetimestamp 1733149349
add system user adminmax 529b6106d73c77befa5c39cfb5226d453a28a6cda472010ff88cf70eaf750d9e4f1a63dabc274fa38bd7afa95f327c9a3bc1349a136dcc1caa909fc5cdc01d8db -encrypted -timeout 900 -maxsession 20
add system group grp_netscaler_admin
set rsskeytype -rsstype ASYMMETRIC
set lacp -sysPriority 32768 -mac 00:0c:29:12:07:85
set ns hostName vpx01.test.local
set interface 0/1 -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "XEN Interface" -ifnum 0/1
set interface LO/1 -haMonitor OFF -haHeartbeat OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype Loopback -ifnum LO/1
add ns ip6 fe80::20c:29ff:fe12:785/64 -scope link-local -type NSIP -vlan 1 -vServer DISABLED -mgmtAccess ENABLED -dynamicRouting ENABLED
add ns ip 192.168.43.102 255.255.255.0 -vServer DISABLED
set nd6RAvariables -vlan 1
set snmp alarm APPFW-GRPC -time 0
set snmp alarm APPFW-GRPC-WEB-JSON -time 0
set snmp alarm APPFW-GRPC-WEB-TEXT -time 0
set snmp alarm CLUSTER-BACKPLANE-HB-MISSING -time 86400
set snmp alarm CLUSTER-NODE-HEALTH -time 86400
set snmp alarm CLUSTER-NODE-QUORUM -time 86400
set snmp alarm CLUSTER-VERSION-MISMATCH -time 86400
set snmp alarm COMPACT-FLASH-ERRORS -time 86400
set snmp alarm HA-BAD-SECONDARY-STATE -time 86400
set snmp alarm HA-NO-HEARTBEATS -time 86400
set snmp alarm HA-SYNC-FAILURE -time 86400
set snmp alarm HA-VERSION-MISMATCH -time 86400
set snmp alarm HARD-DISK-DRIVE-ERRORS -time 86400
set snmp alarm PORT-ALLOC-EXCEED -time 3600
set snmp alarm PORT-ALLOC-FAILED -time 3600
set snmp alarm SYSLOG-CONNECTION-DROPPED -time 3600
bind policy patset ns_vpn_client_useragents AGEE -index 1 -charset ASCII
bind policy patset ns_vpn_client_useragents CitrixReceiver -index 2 -charset ASCII
bind policy patset ns_vpn_client_useragents AGMacClient -index 3 -charset ASCII
bind policy patset ns_vpn_client_useragents "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0" -index 4 -charset ASCII
bind policy patset ns_vpn_client_useragents "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0" -index 5 -charset ASCII
bind policy patset ns_aaa_activesync_useragents Apple-iPhone -index 1 -charset ASCII
bind policy patset ns_aaa_activesync_useragents Apple-iPad -index 2 -charset ASCII
bind policy patset ns_aaa_activesync_useragents SAMSUNG-GT -index 3 -charset ASCII
bind policy patset ns_aaa_activesync_useragents "SAMSUNG GT" -index 4 -charset ASCII
bind policy patset ns_aaa_activesync_useragents AirWatch -index 5 -charset ASCII
bind policy patset ns_aaa_activesync_useragents "TouchDown(MSRPC)" -index 6 -charset ASCII
bind policy patset ns_aaa_relaystate_param_whitelist "citrixauthwebviewdone://" -index 1 -charset ASCII
bind policy patset ns_aaa_relaystate_param_whitelist "citrixsso://" -index 2 -charset ASCII
bind policy patset ns_aaa_relaystate_param_whitelist "citrixng://" -index 3 -charset ASCII
bind policy patset ns_videoopt_quic_abr_sni_whitelist googlevideo.com -index 1
bind policy patset ns_videoopt_quic_abr_sni_whitelist c.youtube.com -index 2
bind policy patset ns_videoopt_quic_abr_sni_blacklist manifest.googlevideo.com -index 1
bind policy patset ns_videoopt_quic_abr_sni_blacklist redirector.googlevideo.com -index 2
set ns encryptionParams -method AES256 -keyValue 698e38bed13e1eb8e98d489e2e24ee62c0509f00627b0e6c6f37e016090a15b6ee2386c76c17d58c4a4aabaf59fe68f4f661c4bb4a0df503eb5dee92c47a8ca329f176392774790078d0a193395769d6 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53
set ns httpProfile nshttp_default_profile -passProtocolUpgrade DISABLED
set ns httpProfile nshttp_default_http_quic_profile -passProtocolUpgrade DISABLED
add server STF01 192.168.43.31
add server AD01 192.168.43.11
set service nshttpd-gui-127.0.0.1-80 -cip ENABLED
set service nshttpd-vpn-127.0.0.1-81 -cip ENABLED
set service nshttps-127.0.0.1-443 -cip ENABLED
add serviceGroup service-group-ldaps-test SSL_TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO
add serviceGroup service-group-storefront SSL -maxClient 0 -maxReq 0 -cip ENABLED X-Forwarded-For -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service-group-ldaps-test2 SSL_TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO
add ssl certKey ca-test.local -cert "ca certificate.cer" -inform DER -CertKeyDigest 5c724daa6df727ef65d907bfe70efc95
add ssl certKey ns-server-certificate -cert vpx01.test.local.pfx -key vpx01.test.local.pfx -inform PFX 214f7f1ceb5d54cc385693f44d42b68d297e4e4256d4babe0145737f60ab607b -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -CertKeyDigest 854e1fefe92fcd612e5a5ba94982e6d3
add ssl certKey storefront.test.local_2024-2026 -cert storefront.test.local.pfx -key storefront.test.local.pfx -inform PFX c1de4e6a21eba1503d8e0c18f9ee3cebae3df0a2d4fd51ebf19ffdc8c657e53c -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -CertKeyDigest 06b26072d1b1563ab5d378f63a3f7857
add ssl certKey netscaler.test.local -cert netscaler.test.local.pfx -key netscaler.test.local.pfx -inform PFX 39bd5aa3ec673e08578438cc33d3329429d7b30dd865098134aa7c283d70142e -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -CertKeyDigest e25501f0a2a26990a308337ba0c26e5e
link ssl certKey ns-server-certificate ca-test.local
link ssl certKey storefront.test.local_2024-2026 ca-test.local
add authentication authnProfile auth-profile-test-local -authnVsName auth-virtual-server-ldap-test-local
add authentication ldapAction auth-ldap-server -serverIP 169.254.0.1 -serverPort 636 -ldapBase "dc=test,dc=local" -ldapBindDn svc_vpx_ldap@test.local -ldapBindDnPassword 0ab7ca2d7742c3a86ae05bb046d9dafa50933cdc3c90a5044826bd36c488bac6 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -ldapLoginName sAMAccountName -secType SSL -ssoNameAttribute userPrincipalName -passwdChange ENABLED -Attribute16 userPrincipalName
add authentication ldapAction AUTHSERVER_LDAP_ADMIN -serverIP 169.254.0.1 -serverPort 636 -ldapBase "DC=test,DC=local" -ldapBindDn svc_vpx_ldap@test.local -ldapBindDnPassword 040378238d83dd8e37ec8291009a305a43e5bcaa82ea2d165159f94c74ffcb35 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -ldapLoginName sAMAccountName -searchFilter "memberOf=CN=grp_netscaler_admin,OU=Citrix Groups,OU=CITRIX,DC=test,DC=local" -groupAttrName memberOf -subAttributeName cn -secType SSL -passwdChange ENABLED
set authentication loginSchema lschema_dual_factor_builtin -authenticationSchema "/nsconfig/loginschema/LoginSchema/DomainDropdown.xml"
add authentication loginSchema SingleAuthMax -authenticationSchema noschema
add authentication loginSchema lschema_SingleAuthMax -authenticationSchema "/nsconfig/loginschema/SingleAuth_new.xml"
set authentication loginSchemaPolicy lschema_dual_factor_builtin -rule true -action lschema_SingleAuthMax
set lb parameter -sessionsThreshold 150000
add lb vserver lb-virtual-server-ldaps-test SSL_TCP 169.254.0.1 636 -persistenceType NONE -cltTimeout 9000
add lb vserver lb-virtual-server-storefront SSL 192.168.43.30 443 -persistenceType SOURCEIP -timeout 20 -cltTimeout 180
set cache parameter -via "NS-CACHE-10.0: 101"
add authentication vserver auth-virtual-server-ldap-test-local SSL 169.254.1.1 443
add vpn vserver netscaler.test.local SSL 192.168.43.100 443 -downStateFlush DISABLED -Listenpolicy NONE -authnProfile auth-profile-test-local
set aaa parameter -maxAAAUsers 4294967295
set ns rpcNode 192.168.43.101 -password 0b5af97c292c5761b02d13340efe71a09fe003ed5ec9714eecd924ede8a9b202a0a220b86f6b421e759f315f996f1847 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -srcIP 192.168.43.101
set lb monitor http2direct HTTP2 -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -grpcStatusCode 12
set lb monitor http2ssl HTTP2 -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -grpcStatusCode 12
set lb monitor ldns-dns LDNS-DNS -query . -queryType Address -deviation 0 -interval 6 -resptimeout 3 -downTime 20
set lb monitor stasecure CITRIX-STA-SERVICE -deviation 0 -interval 2 MIN -resptimeout 4 -downTime 5
set lb monitor sta CITRIX-STA-SERVICE -deviation 0 -interval 2 MIN -resptimeout 4 -downTime 5
add lb monitor monitor-ldap LDAP -scriptName nsldap.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -password abc41000a1cc10253ce68555adce94b15a5af01ef4f639f0aeebd04644ed5010 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -LRTM DISABLED -secure YES -baseDN "CN=svc_vpx_ldap,OU=Services,OU=Accounts,OU=CITRIX,DC=test,DC=local" -bindDN svc_vpx_ldap@test.local
add lb monitor monitor-storefront STOREFRONT -scriptName nssf.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -LRTM DISABLED -secure YES -storename storemax -storefrontcheckbackendservices YES
add lb monitor ldaps-test LDAP -scriptName nsldap.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -password 3a43f32ef669e3ba4959458119e0897b51da88b64fe5472d6c5f9e0124d5aff2 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -LRTM DISABLED -secure YES -baseDN "CN=svc_vpx_ldap,OU=Services,OU=Accounts,OU=CITRIX,DC=test,DC=local" -bindDN svc_vpx_ldap@test.local

add authentication ldapAction ldap_action_auth_nsip -serverIP 169.254.0.1 -serverPort 636 -ldapBase "DC=test,DC=local" -ldapBindDn svc_vpx_ldap@test.local -ldapBindDnPassword password_du_compte_de_service -ldapLoginName sAMAccountName -searchFilter "memberOf=CN=grp_netscaler_admin,OU=Citrix Groups,OU=CITRIX,DC=test,DC=local" -groupAttrName memberOf -subAttributeName cn -secType SSL -passwdChange ENABLED

add lb monitor ldaps-test2 LDAP -scriptName nsldap.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -password d8a1560ae020ec9fe330bab690aeaa2fa56aa235a705ac9527128b9d67427067 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -secure YES -baseDN "CN=svc_vpx_ldap,OU=Services,OU=Accounts,OU=CITRIX,DC=test,DC=local" -bindDN svc_vpx_ldap@test.local
bind rewrite policylabel ns_cvpn_v2_url_label ns_cvpn_v2_bypass_url_pol 20000 NEXT
bind cmp global ns_adv_nocmp_xml_ie -priority 8700 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_nocmp_mozilla_47 -priority 8800 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_cmp_mscss -priority 8900 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_cmp_msapp -priority 9000 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_cmp_content_type -priority 10000 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_nocmp_xml_ie -priority 8700 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
bind cmp global ns_adv_nocmp_mozilla_47 -priority 8800 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
bind cmp global ns_adv_cmp_mscss -priority 8900 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
bind cmp global ns_adv_cmp_msapp -priority 9000 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
bind cmp global ns_adv_cmp_content_type -priority 10000 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
set appflow param -observationPointId 1697360064
add cache contentGroup DEFAULT
set cache contentGroup NSFEO -maxResSize 1994752
add cache contentGroup BASEFILE -relExpiry 86000 -weakNegRelExpiry 600 -maxResSize 256 -memLimit 2
add cache contentGroup DELTAJS -relExpiry 86000 -weakNegRelExpiry 600 -insertAge NO -maxResSize 256 -memLimit 1 -pinned YES
add cache contentGroup ctx_cg_poc -relExpiry 86000 -weakNegRelExpiry 600 -insertAge NO -maxResSize 500 -memLimit 256 -pinned YES
add cache policy _nonGetReq -rule "!HTTP.REQ.METHOD.eq(GET)" -action NOCACHE
add cache policy _advancedConditionalReq -rule "HTTP.REQ.HEADER(\"If-Match\").EXISTS || HTTP.REQ.HEADER(\"If-Unmodified-Since\").EXISTS" -action NOCACHE
add cache policy _personalizedReq -rule "HTTP.REQ.HEADER(\"Cookie\").EXISTS || HTTP.REQ.HEADER(\"Authorization\").EXISTS || HTTP.REQ.HEADER(\"Proxy-Authorization\").EXISTS || HTTP.REQ.IS_NTLM_OR_NEGOTIATE" -action MAY_NOCACHE
add cache policy _uncacheableStatusRes -rule "! ((HTTP.RES.STATUS.EQ(200)) || (HTTP.RES.STATUS.EQ(304)) || (HTTP.RES.STATUS.BETWEEN(400,499)) || (HTTP.RES.STATUS.BETWEEN(300, 302)) || (HTTP.RES.STATUS.EQ(307))|| (HTTP.RES.STATUS.EQ(203)))" -action NOCACHE
add cache policy _uncacheableCacheControlRes -rule "((HTTP.RES.CACHE_CONTROL.IS_PRIVATE) || (HTTP.RES.CACHE_CONTROL.IS_NO_CACHE) || (HTTP.RES.CACHE_CONTROL.IS_NO_STORE) || (HTTP.RES.CACHE_CONTROL.IS_INVALID))" -action NOCACHE
add cache policy _cacheableCacheControlRes -rule "((HTTP.RES.CACHE_CONTROL.IS_PUBLIC) || (HTTP.RES.CACHE_CONTROL.IS_MAX_AGE) || (HTTP.RES.CACHE_CONTROL.IS_MUST_REVALIDATE) || (HTTP.RES.CACHE_CONTROL.IS_PROXY_REVALIDATE) || (HTTP.RES.CACHE_CONTROL.IS_S_MAXAGE))" -action CACHE -storeInGroup DEFAULT
add cache policy _uncacheableVaryRes -rule "((HTTP.RES.HEADER(\"Vary\").EXISTS) && ((HTTP.RES.HEADER(\"Vary\").INSTANCE(1).LENGTH > 0) || (!HTTP.RES.HEADER(\"Vary\").STRIP_END_WS.SET_TEXT_MODE(IGNORECASE).eq(\"Accept-Encoding\"))))" -action NOCACHE
add cache policy _uncacheablePragmaRes -rule "HTTP.RES.HEADER(\"Pragma\").EXISTS" -action NOCACHE
add cache policy _cacheableExpiryRes -rule "HTTP.RES.HEADER(\"Expires\").EXISTS" -action CACHE -storeInGroup DEFAULT
add cache policy _imageRes -rule "HTTP.RES.HEADER(\"Content-Type\").SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"image/\")" -action CACHE -storeInGroup DEFAULT
add cache policy _personalizedRes -rule "HTTP.RES.HEADER(\"Set-Cookie\").EXISTS || HTTP.RES.HEADER(\"Set-Cookie2\").EXISTS" -action NOCACHE
add cache policy ctx_images -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS_INDEX(\"ctx_file_extensions\").BETWEEN(101,150)" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_web_css -rule "HTTP.REQ.URL.ENDSWITH(\".css\")" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_doc_pdf -rule "HTTP.REQ.URL.ENDSWITH(\".pdf\")" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_web_JavaScript -rule "HTTP.REQ.URL.ENDSWITH(\".js\")" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_web_JavaScript-Res -rule "HTTP.RES.HEADER(\"Content-Type\").CONTAINS(\"application/x-javascript\")" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_NOCACHE_Cleanup -rule TRUE -action NOCACHE
add cache policylabel _reqBuiltinDefaults -evaluates REQ
add cache policylabel _resBuiltinDefaults -evaluates RES
add cache policylabel _httpquicReqBuiltinDefaults -evaluates HTTPQUIC_REQ
add cache policylabel _httpquicResBuiltinDefaults -evaluates HTTPQUIC_RES
bind cache policylabel _reqBuiltinDefaults -policyName _nonGetReq -priority 100 -gotoPriorityExpression END
bind cache policylabel _reqBuiltinDefaults -policyName _advancedConditionalReq -priority 200 -gotoPriorityExpression END
bind cache policylabel _reqBuiltinDefaults -policyName _personalizedReq -priority 300 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _uncacheableStatusRes -priority 100 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _uncacheableVaryRes -priority 200 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _uncacheableCacheControlRes -priority 300 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _cacheableCacheControlRes -priority 400 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _uncacheablePragmaRes -priority 500 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _cacheableExpiryRes -priority 600 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _imageRes -priority 700 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _personalizedRes -priority 800 -gotoPriorityExpression END
bind cache policylabel _httpquicReqBuiltinDefaults -policyName _nonGetReq -priority 100 -gotoPriorityExpression END
bind cache policylabel _httpquicReqBuiltinDefaults -policyName _advancedConditionalReq -priority 200 -gotoPriorityExpression END
bind cache policylabel _httpquicReqBuiltinDefaults -policyName _personalizedReq -priority 300 -gotoPriorityExpression END
bind cache policylabel _httpquicResBuiltinDefaults -policyName _uncacheableStatusRes -priority 100 -gotoPriorityExpression END
bind cache policylabel _httpquicResBuiltinDefaults -policyName _uncacheableVaryRes -priority 200 -gotoPriorityExpression END
bind cache policylabel _httpquicResBuiltinDefaults -policyName _uncacheableCacheControlRes -priority 300 -gotoPriorityExpression END
bind cache policylabel _httpquicResBuiltinDefaults -policyName _cacheableCacheControlRes -priority 400 -gotoPriorityExpression END
bind cache policylabel _httpquicResBuiltinDefaults -policyName _uncacheablePragmaRes -priority 500 -gotoPriorityExpression END
bind cache policylabel _httpquicResBuiltinDefaults -policyName _cacheableExpiryRes -priority 600 -gotoPriorityExpression END
bind cache policylabel _httpquicResBuiltinDefaults -policyName _imageRes -priority 700 -gotoPriorityExpression END
bind cache policylabel _httpquicResBuiltinDefaults -policyName _personalizedRes -priority 800 -gotoPriorityExpression END
bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type REQ_DEFAULT -invoke policylabel _reqBuiltinDefaults
bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type RES_DEFAULT -invoke policylabel _resBuiltinDefaults
bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type HTTPQUIC_REQ_DEFAULT -invoke policylabel _httpquicReqBuiltinDefaults
bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type HTTPQUIC_RES_DEFAULT -invoke policylabel _httpquicResBuiltinDefaults
bind lb vserver lb-virtual-server-ldaps-test service-group-ldaps-test
bind lb vserver lb-virtual-server-storefront service-group-storefront
add dns nsRec . a.root-servers.net -TTL 3600000
add dns nsRec . b.root-servers.net -TTL 3600000
add dns nsRec . c.root-servers.net -TTL 3600000
add dns nsRec . d.root-servers.net -TTL 3600000
add dns nsRec . e.root-servers.net -TTL 3600000
add dns nsRec . f.root-servers.net -TTL 3600000
add dns nsRec . g.root-servers.net -TTL 3600000
add dns nsRec . h.root-servers.net -TTL 3600000
add dns nsRec . i.root-servers.net -TTL 3600000
add dns nsRec . j.root-servers.net -TTL 3600000
add dns nsRec . k.root-servers.net -TTL 3600000
add dns nsRec . l.root-servers.net -TTL 3600000
add dns nsRec . m.root-servers.net -TTL 3600000
add dns nameServer 192.168.43.11
set ns diameter -identity netscaler.com -realm com
set subscriber gxInterface -pcrfRealm pcrf.com -servicePathAVP 262099 -servicePathVendorid 3845
add dns addRec k.root-servers.net 193.0.14.129 -TTL 3600000
add dns addRec l.root-servers.net 199.7.83.42 -TTL 3600000
add dns addRec a.root-servers.net 198.41.0.4 -TTL 3600000
add dns addRec b.root-servers.net 192.228.79.201 -TTL 3600000
add dns addRec c.root-servers.net 192.33.4.12 -TTL 3600000
add dns addRec d.root-servers.net 199.7.91.13 -TTL 3600000
add dns addRec m.root-servers.net 202.12.27.33 -TTL 3600000
add dns addRec i.root-servers.net 192.36.148.17 -TTL 3600000
add dns addRec j.root-servers.net 192.58.128.30 -TTL 3600000
add dns addRec g.root-servers.net 192.112.36.4 -TTL 3600000
add dns addRec h.root-servers.net 198.97.190.53 -TTL 3600000
add dns addRec e.root-servers.net 192.203.230.10 -TTL 3600000
add dns addRec f.root-servers.net 192.5.5.241 -TTL 3600000
bind serviceGroup service-group-ldaps-test AD01 636
bind serviceGroup service-group-ldaps-test -monitorName ldaps-test
bind serviceGroup service-group-storefront STF01 443
add route 0.0.0.0 0.0.0.0 192.168.43.2
set ssl service vpndbssvc_-742815753 -sessReuse ENABLED -sessTimeout 120 -ssl3 DISABLED -tls1 DISABLED -dtls1 DISABLED
set ssl service nsrnatsip-127.0.0.1-5061 -sessReuse DISABLED -ssl3 DISABLED -tls1 DISABLED -tls11 DISABLED -dtls1 DISABLED
set ssl service nskrpcs-127.0.0.1-3009 -sessReuse DISABLED -ssl3 DISABLED -tls1 DISABLED -tls11 DISABLED -dtls1 DISABLED
set ssl service nshttps-::1l-443 -sessReuse DISABLED -ssl3 DISABLED -tls1 DISABLED -tls11 DISABLED -dtls1 DISABLED
set ssl service nsrpcs-::1l-3008 -sessReuse DISABLED -ssl3 DISABLED -tls1 DISABLED -tls11 DISABLED -dtls1 DISABLED
set ssl service nshttps-127.0.0.1-443 -sessReuse DISABLED -ssl3 DISABLED -tls1 DISABLED -tls11 DISABLED -dtls1 DISABLED
set ssl service nsrpcs-127.0.0.1-3008 -sessReuse DISABLED -ssl3 DISABLED -tls1 DISABLED -tls11 DISABLED -dtls1 DISABLED
set ssl vserver lb-virtual-server-ldaps-test -dtls1 DISABLED
set ssl vserver lb-virtual-server-storefront -dtls1 DISABLED
set ssl vserver auth-virtual-server-ldap-test-local -dtls1 DISABLED
set ssl vserver netscaler.test.local -dtls1 DISABLED
add authentication Policy ldaps-test-local -rule true -action auth-ldap-server
add authentication Policy AUTHPOL_LDAP_ADMIN -rule true -action AUTHSERVER_LDAP_ADMIN
add vpn sessionAction ctx_gw_session_profile_web -defaultAuthorizationAction ALLOW -windowsAutoLogon ON -icaProxy ON -wihome "https://storefront.test.local/Citrix/storemaxWeb/"
add vpn sessionPolicy virtual-server-session-pol-web true ctx_gw_session_profile_web
set vpn parameter -forceCleanup none -clientConfiguration all
bind system user adminmax superuser 100
bind system group grp_netscaler_admin -policyName superuser 100
bind tunnel global ns_tunnel_nocmp
bind system global AUTHPOL_LDAP_ADMIN -priority 100 -gotoPriorityExpression NEXT
bind vpn global -policyName SETVPNPARAMS_ADV_POL -priority 65534 -gotoPriorityExpression NEXT
bind tm global -policyName SETTMSESSPARAMS_ADV_POL -priority 65534 -gotoPriorityExpression NEXT
bind vpn vserver netscaler.test.local -staServer "http://192.168.43.22"
bind vpn vserver netscaler.test.local -policy _cacheTCVPNStaticObjects -priority 10 -gotoPriorityExpression END -type REQUEST
bind vpn vserver netscaler.test.local -policy _cacheOCVPNStaticObjects -priority 20 -gotoPriorityExpression END -type REQUEST
bind vpn vserver netscaler.test.local -policy _cacheVPNStaticObjects -priority 30 -gotoPriorityExpression END -type REQUEST
bind vpn vserver netscaler.test.local -policy _mayNoCacheReq -priority 40 -gotoPriorityExpression END -type REQUEST
bind vpn vserver netscaler.test.local -policy _cacheWFStaticObjects -priority 10 -gotoPriorityExpression END -type RESPONSE
bind vpn vserver netscaler.test.local -policy _noCacheRest -priority 20 -gotoPriorityExpression END -type RESPONSE
bind vpn vserver netscaler.test.local -policy virtual-server-session-pol-web -priority 100 -gotoPriorityExpression NEXT -type REQUEST
bind authentication vserver auth-virtual-server-ldap-test-local -policy _cacheTCVPNStaticObjects -priority 10 -gotoPriorityExpression END -type REQUEST
bind authentication vserver auth-virtual-server-ldap-test-local -policy _cacheOCVPNStaticObjects -priority 20 -gotoPriorityExpression END -type REQUEST
bind authentication vserver auth-virtual-server-ldap-test-local -policy _cacheVPNStaticObjects -priority 30 -gotoPriorityExpression END -type REQUEST
bind authentication vserver auth-virtual-server-ldap-test-local -policy _mayNoCacheReq -priority 40 -gotoPriorityExpression END -type REQUEST
bind authentication vserver auth-virtual-server-ldap-test-local -policy _cacheWFStaticObjects -priority 10 -gotoPriorityExpression END -type RESPONSE
bind authentication vserver auth-virtual-server-ldap-test-local -policy _noCacheRest -priority 20 -gotoPriorityExpression END -type RESPONSE
bind authentication vserver auth-virtual-server-ldap-test-local -policy lschema_dual_factor_builtin -priority 100 -gotoPriorityExpression END
bind authentication vserver auth-virtual-server-ldap-test-local -policy ldaps-test-local -priority 100 -gotoPriorityExpression NEXT
set ns param -timezone "GMT+01:00-CET-Europe/Paris"
bind ssl serviceGroup service-group-ldaps-test2 -eccCurveName X_25519
bind ssl serviceGroup service-group-ldaps-test2 -eccCurveName P_256
bind ssl serviceGroup service-group-ldaps-test2 -eccCurveName P_384
bind ssl serviceGroup service-group-ldaps-test2 -eccCurveName P_224
bind ssl serviceGroup service-group-ldaps-test2 -eccCurveName P_521
bind ssl serviceGroup service-group-storefront -eccCurveName X_25519
bind ssl serviceGroup service-group-storefront -eccCurveName P_256
bind ssl serviceGroup service-group-storefront -eccCurveName P_384
bind ssl serviceGroup service-group-storefront -eccCurveName P_224
bind ssl serviceGroup service-group-storefront -eccCurveName P_521
bind ssl serviceGroup service-group-ldaps-test -eccCurveName X_25519
bind ssl serviceGroup service-group-ldaps-test -eccCurveName P_256
bind ssl serviceGroup service-group-ldaps-test -eccCurveName P_384
bind ssl serviceGroup service-group-ldaps-test -eccCurveName P_224
bind ssl serviceGroup service-group-ldaps-test -eccCurveName P_521
bind ssl service nsrnatsip-127.0.0.1-5061 -certkeyName ns-server-certificate
bind ssl service nskrpcs-127.0.0.1-3009 -certkeyName ns-server-certificate
bind ssl service nshttps-::1l-443 -certkeyName ns-server-certificate
bind ssl service nsrpcs-::1l-3008 -certkeyName ns-server-certificate
bind ssl service nshttps-127.0.0.1-443 -certkeyName ns-server-certificate
bind ssl service nsrpcs-127.0.0.1-3008 -certkeyName ns-server-certificate
bind ssl service vpndbssvc_-742815753 -eccCurveName X_25519
bind ssl service vpndbssvc_-742815753 -eccCurveName P_256
bind ssl service vpndbssvc_-742815753 -eccCurveName P_384
bind ssl service vpndbssvc_-742815753 -eccCurveName P_224
bind ssl service vpndbssvc_-742815753 -eccCurveName P_521
bind ssl vserver lb-virtual-server-ldaps-test -certkeyName storefront.test.local_2024-2026
bind ssl vserver lb-virtual-server-storefront -certkeyName storefront.test.local_2024-2026
bind ssl vserver auth-virtual-server-ldap-test-local -certkeyName storefront.test.local_2024-2026
bind ssl vserver netscaler.test.local -certkeyName netscaler.test.local
bind ssl vserver lb-virtual-server-ldaps-test -eccCurveName X_25519
bind ssl vserver lb-virtual-server-ldaps-test -eccCurveName P_256
bind ssl vserver lb-virtual-server-ldaps-test -eccCurveName P_384
bind ssl vserver lb-virtual-server-ldaps-test -eccCurveName P_224
bind ssl vserver lb-virtual-server-ldaps-test -eccCurveName P_521
bind ssl vserver lb-virtual-server-storefront -eccCurveName X_25519
bind ssl vserver lb-virtual-server-storefront -eccCurveName P_256
bind ssl vserver lb-virtual-server-storefront -eccCurveName P_384
bind ssl vserver lb-virtual-server-storefront -eccCurveName P_224
bind ssl vserver lb-virtual-server-storefront -eccCurveName P_521
bind ssl vserver auth-virtual-server-ldap-test-local -eccCurveName X_25519
bind ssl vserver auth-virtual-server-ldap-test-local -eccCurveName P_256
bind ssl vserver auth-virtual-server-ldap-test-local -eccCurveName P_384
bind ssl vserver auth-virtual-server-ldap-test-local -eccCurveName P_224
bind ssl vserver auth-virtual-server-ldap-test-local -eccCurveName P_521
bind ssl vserver netscaler.test.local -eccCurveName X_25519
bind ssl vserver netscaler.test.local -eccCurveName P_256
bind ssl vserver netscaler.test.local -eccCurveName P_384
bind ssl vserver netscaler.test.local -eccCurveName P_224
bind ssl vserver netscaler.test.local -eccCurveName P_521
add appfw JSONContentType "^application/json$" -isRegex REGEX
add appfw urlEncodedFormContentType "application/x-www-form-urlencoded"
add appfw urlEncodedFormContentType "application/x-www-form-urlencoded.*" -isRegex REGEX
add appfw multipartFormContentType "multipart/form-data"
add appfw multipartFormContentType "multipart/form-data.*" -isRegex REGEX
add appfw XMLContentType ".*/xml" -isRegex REGEX
add appfw XMLContentType ".*/.*\\+xml" -isRegex REGEX
add appfw XMLContentType ".*/xml-.*" -isRegex REGEX
add appfw gRPCContentType "application/grpc"
add appfw gRPCContentType "application/grpc-web"
add appfw gRPCContentType "application/grpc-web+proto"
add appfw gRpcWebTextContentType "application/grpc-web-text"
add appfw gRpcWebJSONContentType "application/grpc-web+json"
set cloud parameter -Deployment Production
set ip6TunnelParam -srcIP ::
set ptp -state ENABLE
set ns cqaparam -lr1probthresh 0.00e+00 -lr2probthresh 0.00e+00
set videooptimization parameter -RandomSamplingPercentage 0.00e+00
Was this article helpful?
Yes No