Jump to content
Welcome to our new Citrix community!

Configuring GeoLocation Feature on Citrix Gateway


Marc Kuhn

Recommended Posts

Hi guys

i'm trying to configure my Citrix Gateway (version 13.0-36.27 like that, that the access to our Citrix farm is only available if you are inside Switzerland. I was thinking first, that Citrix Gateways have already a built-in database, which is located here: /var/netscaler/inbuilt_db/Citrix_Netscaler_InBuilt_GeoIP_DB.csv. But that folder is empty.

 

Then i checked that kb from Citrix: https://support.citrix.com/article/CTX130701?recommended

 

I tried that but i found out that this isn't imported correctly:

 

citrixgeolocation.thumb.jpg.55d77a94b593e07d6994bf3fda0daac1.jpg

 

I just saw in Carl Stalhood's Site a link to a conversion tool:

https://github.com/citrix/MaxMind-GeoIP-Database-Conversion-Citrix-ADC-Format

 

Also, i'm not sure if that file is the right one:

citrixgelocation2.thumb.jpg.b052c0c2a579ff1ee8d0b84fe30c44c1.jpg

 

I as didn't tried to configure that before i would like to have it configured the recommended way. Does anyone can give me an advice how to achive my goal?

 

Many thanks and best regards,

Marc

Link to comment
Share on other sites

Hi Marc,

 

5 minutes ago, Marc Kuhn said:

also just found that website with a nice script: https://latebits.com/2019/12/05/netscaler-geoip-with-maxmind-db/

 

but i don't know where to run that script. Would it be in the CLI, but how can i run that?

 

You would run the script (scheduled with crontab) on a Linux host that has network access to the NetScaler, as the script downloads the DB from MaxMind, converts it, and then uploads it to the NetScaler using scp.

 

Best,

 

Koenraad

  • Like 1
Link to comment
Share on other sites

Hi Koenraad

 

thanks for your quick feedback. I don't have any Linux host in my network other then the Citrix Gateway so then that isn't a possibility :-/ So the question would be then is which is the correct way to do it. I was thinking that Citrix Gateway has his own db.

 

Best regards,
Marc 

Link to comment
Share on other sites

Hi Marc,

 

Do you have the need to have the file updated regularly? Or would it be fine if you converted it now, uploaded it to the NetScaler, and not update it in a while or not even at all?

Because in that case, you could just spin up a Linux VPS somewhere on a cloud provider, execute the conversion, then download that result from the VPS and upload it to the NetScaler.

 

Best,

 

Koenraad

Link to comment
Share on other sites

Hi Koenraad

 

i think it would make sense to have it updated regularly but at the moment i'm looking for a configuration in general on the Netscaler. I found these two links:

 

https://vzerotohero.com/2019/02/using-citrix-adc-netscaler-to-block-web-application-access-based-on-geolocation/

 

https://bretty.me.uk/secure-citrix-adc-gateway-and-web-services-using-geo-ip/

 

I will check them but i'm still wondering, if that is correct not to have a built-in database for Geolocation.

 

Best regards,

Marc

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...