Provision Citrix NetScaler VPX with CLI

Tutorial on how to provision Citrix NetScaler VPX with CLI

Information of Citrix NetScaler VPX

• NSIP – 192.168.1.232/24
• SNIP – 192.168.1.233/24
• Default Gateway – 192.168.1.1
• License – Citrix ADC VPX 1000 – Premium Edition – 12 month Partner USE License
• Version – NetScaler NS13.0: Build 61.48.nc
• SSL Certificate – Let’s Encrypt Wildcard SSL Certificate
• Hardware Specification – 2 x vCPU, 2GB RAM, 20GB HDD (Thin Provisioning), 1 x vNIC

Provision Citrix NetScaler VPX with CLI

Download the OVF file for Citrix NetScaler VPX for VMware

Download OVA file for Citrix ADC VPX for ESX from MyCitrix

Extract and import the OVF to VMware ESXi Host with PowerCLI

Power On the CITRIX-VPX and check the MAC Address assigned to Citrix ADC VPX

Get-VM CITRIX-VPX | Get-NetworkAdapter

Name                 Type       NetworkName  MacAddress         WakeOnLan
                                                                  Enabled
----                 ----       -----------  ----------         ---------
Network adapter 1    e1000      VM Network   00:0c:29:05:57:67       True

Generate a Citrix ADC VPX 1000 – Premium Edition – 12 month Partner USE License with the MAC Address from MyCitrix.com

Initial Configuration

Enter the NS IP, Subnet and Gateway and enter 4 to Save ad Quit

Login with Username & Password, nsroot, nsroot to verify NSIP is configured properly

> sh ns ip
        Ipaddress        Traffic Domain  Type             Mode     Arp      Icmp     Vserver  State
        ---------        --------------  ----             ----     ---      ----     -------  ------
1)      192.168.1.232    0               NetScaler IP     Active   Enabled  Enabled  NA       Enabled

Configure Subnet IP (SNIP)

add ns ip 192.168.1.177 255.255.255.0 -vServer DISABLED

Configure Hostname, DNS, NTP and Timezone

#Host Name
set ns hostName vpx.aventis.com.my
#Set DNS Server
add dns nameServer 192.168.1.200
#Add NTP Server
add ntp server time.windows.com
enable ntp sync
#Set Timezone - Required to reboot
set ns param -timezone "GMT+08:00-MYT-Asia/Kuala_Lumpur"

Upload License file to NetScaler VPX

#Upload and install License
shell
cd /nsconfig/license 

#SCP the license from workstation to VPX
scp VPX-xx.lic [email protected]:/nsconfig/license

#verify license is installed and updated successfully
sh ns license

Save the configuration and reboot

save ns config 
reboot 

Enable Features

Login to VPX via SSH to enable the following features

• WL – Web Logging
• LB – Load Balancing
• SSL – SSL Offload
• SSLVPN – SSL VPN
• AAA –
• CH – Call Home

enable ns feature WL SP LB SSL SSLVPN AAA CH

Import SSL Certificate to NetScaler VPX

Refer to Import PFX Certificate to NetScaler VPX

Appendix

What is NSIP & SNIP

• NetScaler IP (NSIP) address is the IP address at which you access the NetScaler appliance for management purposes and the appliance can have only one NSIP. For security reasons, the NSIP should be a non-routable IP address on your organization’s LAN

• Subnet IP address (SNIP) is a NetScaler owned IP address that is used by the NetScaler appliance to communicate with the servers. The NetScaler appliance uses the subnet IP address as a source IP address to proxy client connections to servers. It also uses the subnet IP address when generating its own packets, such as packets related to dynamic routing protocols, or to send monitor probes to check the health of the servers.