Netscaler Loadbalancing Configuration for RSA Via Access IDR Cluster

Document created by Alexander Coco Employee on Apr 19, 2016Last modified by Alexander Coco Employee on Jul 24, 2016
Version 2Show Document
  • View in full screen mode

Instructions below tested with Via Access 1.2 and Netscaler 11.0 63.16.

Customers using Citrix Netscaler as a loadbalancer for an IDR cluster must make the following configuration changes to the Netscaler's encryption settings in order for the solution to work properly:

 

  1. Only enable TLSv1, TLSv11, TLSv12.  Disable SSLv2, SSLv3.
  2. Only allow the following SSL ciphers: TLS1-ECDHE-RSA-AES256-SHA and TLS1-ECDHE-RSA-AES128-SHA
  3. Bind all 4 ECC curves (P_256, P_384, P_224, P_521)

 

Below are screenshots from the Netscaler configuration (Web UI and Command Line):

 

image001.png

image002.png

1 person found this helpful

Attachments

    Outcomes