Jump to content
Welcome to our new Citrix community!

How to show client IP in Syslog when accessing over 2 NAT's


Marc Kuhn

Recommended Posts

Hi guys

 

we needed to configure our Netscaler a special way, so when accessing it, we are not using 1 PAT to the Netscaler, we are using 2 PAT's. That's because we need the GeoLocation Feature which we don't have available on the Internet Firewall. There is a second internal Fortigate Firewall, which supports GeoLocation perfectly. As the cost's for the Netscaler to have the GeoLocation Feature is a lot, also we already had the Firewall's already up and running.

 

Everything is working just fine, exept the Syslog. We are not able like that 2 hop architecture to see the client-ip, which is kind of important for us. It just shows us the NAT IP and not the Clients IP.

 

Is there a way to configure the Netscaler for the Netscaler Virtual Server to have the Clients IP in the Syslog? We have a HA with two Citrix ADC VPX 200 - Advanced Edition appliances.

 

Many thanks for your help

 

Best regards,
Marc

Link to comment
Share on other sites

Great, i just did that like recommended in Carl's guide. I will need to open an additional firewall port it looks like. The State is "UP", but the Effective State is "DOWN". I guess the ones from the NSIP are missing currently:

 

image.thumb.png.dad02931aa78ef16bd8cadb20deeb8dc.png

 

Thanks for your help, i will need to check with our Network guys tomorrow. I let you know if that configuration is working.

 

Best regards,
Marc

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...