Jump to content
Welcome to our new Citrix community!

Netscaler MPX 8005 - if possible to predefine default value for adding virtual server?


julie xu

Recommended Posts

HI, 

 

When anytime I add a virtual Server (Protocol SSL), I have default value for SSL as:

   1. SSL Ciphers - Default, 

   2. ECC 4 items

   3. SSL Parameters SSLv3, SSLv2 enabled. 

 

I need manually change them one by one. 

 

Could I ask if possible, I can change the default value so that

   1. SSL Ciphers - my-chphers-group

   2. ECC my-items

   3. SSL Parameters SSLv3, SSLv2 disabled.

 

Or if possible, I can created a profile/template, so that, anyone add a virtual ssl server, can implement same changes.

 

Any comments will be appreciated

 

Thanks in advance

 

Jxu

 

 

 

Link to comment
Share on other sites

Hello,

 

I think you are looking to have a default SSL profile which all your SSL VSERVERS will use by default and then have some other SSL VSERVERS with custom parameters. If thats the case use https://support.citrix.com/article/CTX227225 to enable default SSL profile (WARNING: This applies to all SSL VSERVERS in your box by default) and then create separate SSL profiles for the SSL VSERVERS that require different values.

 

More info:

https://www.citrix.com/content/dam/citrix/en_us/documents/reference-material/validated-reference-design-netscaler-ssl-profiles.pdf

https://docs.citrix.com/en-us/netscaler/12/ssl/ssl-profiles.html

 

Hope that helps

 

Thanks

Link to comment
Share on other sites

As Roman stated, you probably want a default ssl profile.  Here are just a few extra notes for your consideration:

1) You can use ssl profiles to manage most of your settings once and then apply where necessary, if you don't want the default profile.

2) If you do want a default profile auto applied than follow the steps in that article to define one; you can still override with explicit profiles if different settings are needed.

Since default ssl profiles can't be undone once enabled (you can swap settings, but not go back to no default profile), it is strongly recommended you do a test run an test or vpx netscaler to make sure you understand the feature.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...