Jump to content
Welcome to our new Citrix community!

Enable reputation resolution over the internet


Al Zabar

Recommended Posts

Hi all,

What is the best way to allow repuation to resolve required addresses over the internet and download all packages. I do not have DNS configured on netscaler, but wonder if this can be achieved any other way, either by adding appropriate AAA records or any other way?

In my environment, I have created cache forward to my internal lan,  which has a virtual server, load balanced google IP's, it might be solution to connect to this server?

 

Thanks

Link to comment
Share on other sites

I would use a proxy first.  See details:  https://docs.citrix.com/en-us/citrix-adc/current-release/reputation/ip-reputation.html

 

If you want the adc to do the lookup, you can try to enter local dns host file entry on the adc, but you may need to update on occassion.   You can enter a dns a record for the service

To add dns records:  go to Traffic Management > DNS > Records.  Any locally defined records in the adc's dns tables will be used before an external dns lookup.

 

The Reputation service is hosted  via name at:  api.bcti.brightcloud.com on port 443.   Which is via AWS (see the ip reputation section of admin guide for all connectivity requirements).

You can add a manual dns a record on the local ADC to allow name to ip resolution.  The ADC must be able to talk to the service directly (or via  a web proxy) to download the database details.

 

To configure proxy for ip reputation:  

Using Proxy server:

If the Citrix ADC appliance does not have direct access to the internet and is connected to a proxy, configure the IP Reputation client to send requests to the proxy.

At the command prompt, type:

set reputation settings –proxyServer <proxy server ip> -proxyPort <proxy server port>

 

Link to comment
Share on other sites

On 8/28/2021 at 7:05 PM, Rhonda Rowland1709152125 said:

I would use a proxy first.  See details:  https://docs.citrix.com/en-us/citrix-adc/current-release/reputation/ip-reputation.html

 

If you want the adc to do the lookup, you can try to enter local dns host file entry on the adc, but you may need to update on occassion.   You can enter a dns a record for the service

To add dns records:  go to Traffic Management > DNS > Records.  Any locally defined records in the adc's dns tables will be used before an external dns lookup.

 

The Reputation service is hosted  via name at:  api.bcti.brightcloud.com on port 443.   Which is via AWS (see the ip reputation section of admin guide for all connectivity requirements).

You can add a manual dns a record on the local ADC to allow name to ip resolution.  The ADC must be able to talk to the service directly (or via  a web proxy) to download the database details.

 

To configure proxy for ip reputation:  

Using Proxy server:

If the Citrix ADC appliance does not have direct access to the internet and is connected to a proxy, configure the IP Reputation client to send requests to the proxy.

At the command prompt, type:

set reputation settings –proxyServer <proxy server ip> -proxyPort <proxy server port>

 

Thank you for you reply.

 

In that case I will setup a proxy server on my netscaler as per https://docs.citrix.com/en-us/citrix-adc/current-release/forward-proxy/proxy-modes.html and point reputation to VS server. I assume this is correct configuration?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...