Jump to content
Welcome to our new Citrix community!

GSLB weak or Invalid SSL Certificate


Ali Sadeghi

Recommended Posts

Hi There,

We have two MPX 8005 Netscalers with GSLB configured between them in our Toronto (primary) and Vancouver (DR) Datacenters.  Recently our Security team ran an internal Penetration Test, and noticed a weak or invalid ssl cert error on tcp/3008 and tcp/3009 being used.  Our two sites are connected to each other through MPLS circuit. My questions are as follow:

 

Q1) Would it be possible to prevent these tcp/3008 & tcp/3009 from being exposed to the Internet and only allow them between the two Netscalers only?

Q2) Would it be possible to configure the GSLB using the Private IP address of the Netscalers and MPLS, rather than their Public IP's and Internet?

 

Please advise,

 

Ali

Link to comment
Share on other sites

  • 2 weeks later...

Carl,

 

Thanks for the respond. I am considering creating ACLs on our firewalls. Just to make sure that I am not going to break any user's access to Citrix or NetScaler VPN by limiting the ports tcp/3008, and tcp/3009 connections between the two MPX appliances, correct?

 

 

Please advise,

 

Ali

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...