Jump to content
Welcome to our new Citrix community!

Netscaler Gateway with 2-arm mode and internal default gateway


HUSSEIN HAWARY

Recommended Posts

Hi All,

I have a netscaler with 2 arm mode, one for DMZ and one for internal. the default gateway is the internal IP. the problem is that the gateway traffic is not working fine, since the traffic source is public IP and when the netscaler return back the traffic it will go through the local IP (default gateway). i tried to add PBR based on the source (gateway VIP) but it seems not working (or there is misconfiguration). the other option is the traffic domain but gateway working only TD 0 which is the default, so i need to chnage the TD for the existing load balancing virtual servers and services which (i think) can't be done and i have to recreate all the LB services and virtual server. any one had this scenario before? how it worked?

Link to comment
Share on other sites

Hi Carl,

thank you for your answer. I totally agree that the default gateway should be the internet but since there is a problem with the network design we can't change the default gateway to be internet, it must be internal network. Actually i have 3 VLANs, one for management, one for internal and one for DMZ. The default gateway is internal and i'm trying to override this default route for the users which are only  accessing gateway. I need the return traffic for these users to go through the DMZ gateway buy using PBR, is that possible? i was thinking also with MAC Based Forwarding (MBF) so that the traffic coming from DMZ interface , it will return through the same interface.   

Link to comment
Share on other sites

  • 1 year later...
  • 2 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...