Jump to content
Welcome to our new Citrix community!

New Gateway url not accessible

Recommended Posts


We are using a vpx instance hosted on Prem Vmware  and gateway urls for running Citrix web.

We use NSIP and SNIP from separate vlans. All management traffic flows through NSIP and all backend traffic is flowing via SNIP.

To achieve this, we have created a PBR and one static route to take all gateway communication via SNIP.



Our SNIP and Netscaler Gateway urls are in same VLAN, we have exhausted all IP addresses in this vlan. For deploying new Gateway urls, we are using ip address from new vlan now.

Vlans are trunked and added to hypervisor.

Still unable to connect to this new deployed citrix site. Here is what we have tried till now.

1.) To ensure firewall is not blocking any connection, used the new ip address on a Windows server with basic IIS set up. Was able to access the site and reach server on port 443.

2.) Added a SNIP from new vlan and a route for this network.

3.) Removed existing static route to ensure there is no clash.


Nothing worked. Not sure, what to do here. Please help.

Link to comment
Share on other sites

Hello Carl,


Seem we had to add the Network card when the vpx instance was powered off.

After doing that, was able to see the new interface and assigned vlan to new interface and SNIP. After some reading, it seem this set up is known as 2 arm or multi arm set up. (Apologies, if it was not clear earlier)


Even after doing all of the above, it was not working. However as soon as we enabled MBF, it started working as expected.

We would like this to work without MBF as to avoid any troubleshooting issues in near future.


Apart from this one newly created route, we have a static route to first SNIP

And, 2 PBRs at the moment:

i) To deny DNS traffic to our NSIP

ii) To allow traffic to our SNIP with source low and high from its own ip range.


Do we have to get rid of route or create a PBR for new SNIP.

Link to comment
Share on other sites

There can only be one default route. If you have multiple client-side routes, then you typically enable MBF. NetScalers in public clouds enable MBF by default, so I'm not concerned about it.


Another option is to create a PBR for all traffic sourced by VIPs (i.e. VIP reply traffic) on a particular VLAN and send that traffic through a router on the VIP VLAN instead of the default route.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...