Jump to content
Welcome to our new Citrix community!

Netscaler selective load balancing based upon source port.


Recommended Posts

I have a use case where a vendor requires a reverse proxy or NAT to contact a group of workstations in my network from the internet.  Each workstation listens on only one port and the vendor initiates all sessions over SSL to a specific workstation based upon the source port used from a defined range.

 

They will provide a certificate that gets installed on the workstations so I think I need to use SSL-BRIDGE protocol.  I am thinking that my only option is to use a Content switch using port * on my DMZ and create switching rules to direct content based upon source port to a specific LB-VIP.  There will initially be 23 devices with more added later.  I was hoping I could route these requests with a policy on a single LB- VIP rather than building a custom VIP for each port-service combination.

 

Any thoughts on this?

 

 

Link to comment
Share on other sites

So they would all be behind 1 single ip but with a port for each station? 

 

What I would do would be to create a separate load balancer for each back end machine port, but all using the same IP address. 

 

Also for security if the vendor is coming from a single ip address I would either do a firewall rule on the nat to the load balancer, or as a listen policy on the load balancers to restrict the access only from that vendor ip.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...