Linton-NetScalerConf
Jump to CustomersLinton > Linton > NetScalerConf
set snmp alarm HA-VERSION-MISMATCH -time 86400 -timeout 86400 set snmp alarm HA-SYNC-FAILURE -time 86400 -timeout 86400 set snmp alarm HA-NO-HEARTBEATS -time 86400 -timeout 86400 set snmp alarm HA-BAD-SECONDARY-STATE -time 86400 -timeout 86400 set snmp alarm APPFW-START-URL -timeout 1 set snmp alarm APPFW-DENY-URL -timeout 1 set snmp alarm APPFW-REFERER-HEADER -timeout 1 set snmp alarm APPFW-CSRF-TAG -timeout 1 set snmp alarm APPFW-COOKIE -timeout 1 set snmp alarm APPFW-FIELD-CONSISTENCY -timeout 1 set snmp alarm APPFW-BUFFER-OVERFLOW -timeout 1 set snmp alarm APPFW-FIELD-FORMAT -timeout 1 set snmp alarm APPFW-SAFE-COMMERCE -timeout 1 set snmp alarm APPFW-SAFE-OBJECT -timeout 1 set snmp alarm APPFW-POLICY-HIT -timeout 1 set snmp alarm APPFW-VIOLATIONS-TYPE -timeout 1 set snmp alarm APPFW-XSS -timeout 1 set snmp alarm APPFW-XML-XSS -timeout 1 set snmp alarm APPFW-SQL -timeout 1 set snmp alarm APPFW-XML-SQL -timeout 1 set snmp alarm APPFW-XML-ATTACHMENT -timeout 1 set snmp alarm APPFW-XML-DOS -timeout 1 set snmp alarm APPFW-XML-VALIDATION -timeout 1 set snmp alarm APPFW-XML-WSI -timeout 1 set snmp alarm APPFW-XML-SCHEMA-COMPILE -timeout 1 set snmp alarm APPFW-XML-SOAP-FAULT -timeout 1 set snmp alarm DNSKEY-EXPIRY -timeout 1 set snmp alarm HA-LICENSE-MISMATCH -timeout 86400 set snmp alarm CLUSTER-NODE-HEALTH -time 86400 -timeout 86400 set snmp alarm CLUSTER-NODE-QUORUM -time 86400 -timeout 86400 set snmp alarm CLUSTER-VERSION-MISMATCH -time 86400 -timeout 86400 set snmp alarm PORT-ALLOC-FAILED -time 3600 -timeout 3600 add ssl certKey ns-server-certificate -cert ns-server.cert -key ns-server.key add ssl certKey wildcard.lvc.org -cert "/nsconfig/ssl/wildcard.crt" -key "/nsconfig/ssl/wildcard.key" add ssl certKey "RapidSSL Primary" -cert "/nsconfig/ssl/RapidSSL_Primary.pem" add ssl certKey "RapidSSL Secondary" -cert "/nsconfig/ssl/RapidSSL_Secondary.pem" add ssl certKey Equifax_Secure_Certificate_Auth -cert Equifax_Secure_Certificate_Authority.pem link ssl certKey wildcard.lvc.org "RapidSSL Secondary" link ssl certKey "RapidSSL Primary" Equifax_Secure_Certificate_Auth link ssl certKey "RapidSSL Secondary" "RapidSSL Primary" add authentication ldapAction 10.0.0.2_LDAP -serverIP 10.0.0.2 -ldapBase "dc=linton,dc=internal" -ldapBindDn pvsuser@linton.internal -ldapBindDnPassword ff22404e57ef712d -encrypted -ldapLoginName sAMAccountName add authentication ldapPolicy 10.0.0.2_LDAP_pol NS_TRUE 10.0.0.2_LDAP set lb parameter -sessionsThreshold 150000 add lb vserver 178.21.233.251http_redirect HTTP 178.21.233.251 80 -persistenceType NONE -redirectURL "https://access.lvc.org" -cltTimeout 180 set cache parameter -via "NS-CACHE-10.0: 25" set aaa parameter -maxAAAUsers 5 add vpn vserver "Remote Access" SSL 178.21.233.251 443 -icaOnly ON add vpn vserver "Internal Access" SSL 10.0.0.26 443 set ns rpcNode 10.36.0.25 -password 8a7b474124957776a0cd31b862cbe4d72b5cbd59868a136d4bdeb56cf03b28 -encrypted -srcIP 10.36.0.25 bind cmp global ns_adv_nocmp_xml_ie -priority 8700 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ns_adv_nocmp_mozilla_47 -priority 8800 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ns_adv_cmp_mscss -priority 8900 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ns_adv_cmp_msapp -priority 9000 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ns_adv_cmp_content_type -priority 10000 -gotoPriorityExpression END -type RES_DEFAULT set responder param -undefAction NOOP add ca action NOOP_CA -type noop add dns nameServer 10.0.0.1 add dns nameServer 10.0.0.2 set ns diameter -identity netscaler.com -realm com set ns tcpbufParam -memLimit 200 set dns parameter -dns64Timeout 1000 add dns nsRec . a.root-servers.net -TTL 3600000 add dns nsRec . b.root-servers.net -TTL 3600000 add dns nsRec . c.root-servers.net -TTL 3600000 add dns nsRec . d.root-servers.net -TTL 3600000 add dns nsRec . e.root-servers.net -TTL 3600000 add dns nsRec . f.root-servers.net -TTL 3600000 add dns nsRec . g.root-servers.net -TTL 3600000 add dns nsRec . h.root-servers.net -TTL 3600000 add dns nsRec . i.root-servers.net -TTL 3600000 add dns nsRec . j.root-servers.net -TTL 3600000 add dns nsRec . k.root-servers.net -TTL 3600000 add dns nsRec . l.root-servers.net -TTL 3600000 add dns nsRec . m.root-servers.net -TTL 3600000 add dns addRec l.root-servers.net 199.7.83.42 -TTL 3600000 add dns addRec b.root-servers.net 192.228.79.201 -TTL 3600000 add dns addRec d.root-servers.net 199.7.91.13 -TTL 3600000 add dns addRec j.root-servers.net 192.58.128.30 -TTL 3600000 add dns addRec h.root-servers.net 128.63.2.53 -TTL 3600000 add dns addRec f.root-servers.net 192.5.5.241 -TTL 3600000 add dns addRec k.root-servers.net 193.0.14.129 -TTL 3600000 add dns addRec a.root-servers.net 198.41.0.4 -TTL 3600000 add dns addRec c.root-servers.net 192.33.4.12 -TTL 3600000 add dns addRec m.root-servers.net 202.12.27.33 -TTL 3600000 add dns addRec i.root-servers.net 192.36.148.17 -TTL 3600000 add dns addRec g.root-servers.net 192.112.36.4 -TTL 3600000 add dns addRec e.root-servers.net 192.203.230.10 -TTL 3600000 add dns suffix linton.internal set lb monitor ldns-dns LDNS-DNS -query . -queryType Address add route 0.0.0.0 0.0.0.0 178.21.233.241 add route 10.28.0.0 255.255.0.0 10.0.0.1 add route 192.168.0.0 255.255.0.0 10.36.0.1 set ssl service nshttps-::1l-443 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service nsrpcs-::1l-3008 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service nskrpcs-127.0.0.1-3009 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service nshttps-127.0.0.1-443 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service nsrpcs-127.0.0.1-3008 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl vserver "Remote Access" -tls11 DISABLED -tls12 DISABLED set ssl vserver "Internal Access" -tls11 DISABLED -tls12 DISABLED add vpn sessionAction AC_OS_178.21.233.251_S_ -splitTunnel OFF -transparentInterception OFF -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -icaProxy ON -wihome "http://sf.linton.internal/Citrix/StoreWeb" -ClientChoices OFF -ntDomain LINTON -clientlessVpnMode OFF -storefronturl "http://sf.linton.internal" add vpn sessionAction AC_WB_178.21.233.251_S_ -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -icaProxy ON -wihome "http://sf.linton.internal/Citrix/StoreWeb" -ClientChoices OFF -ntDomain LINTON -clientlessVpnMode OFF add vpn sessionPolicy PL_OS_178.21.233.251 "REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver && REQ.HTTP.HEADER X-Citrix-Gateway EXISTS" AC_OS_178.21.233.251_S_ add vpn sessionPolicy PL_WB_178.21.233.251 "REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver" AC_WB_178.21.233.251_S_ set vpn parameter -proxy OFF -forceCleanup none -clientOptions all -clientConfiguration all -UITHEME GREENBUBBLE bind vpn global -staServer "http://xdc01.linton.internal/scripts/ctxsta.dll" bind vpn global -staServer "http://xdc02.linton.internal/scripts/ctxsta.dll" bind vpn vserver "Remote Access" -staServer "http://xdc01.linton.internal" bind vpn vserver "Remote Access" -staServer "http://xdc02.linton.internal" bind vpn vserver "Internal Access" -staServer "http://xdc02.linton.internal" bind vpn vserver "Internal Access" -staServer "http://xdc01.linton.internal" bind vpn vserver "Remote Access" -policy 10.0.0.2_LDAP_pol bind vpn vserver "Remote Access" -policy PL_OS_178.21.233.251 -priority 100 bind vpn vserver "Remote Access" -policy PL_WB_178.21.233.251 -priority 100 bind vpn vserver "Remote Access" -policy _cacheTCVPNStaticObjects -priority 10 -gotoPriorityExpression END -type REQUEST bind vpn vserver "Remote Access" -policy _cacheOCVPNStaticObjects -priority 20 -gotoPriorityExpression END -type REQUEST bind vpn vserver "Remote Access" -policy _cacheVPNStaticObjects -priority 30 -gotoPriorityExpression END -type REQUEST bind vpn vserver "Remote Access" -policy _noCacheRest -priority 40 -gotoPriorityExpression END -type REQUEST bind vpn vserver "Internal Access" -policy 10.0.0.2_LDAP_pol bind vpn vserver "Internal Access" -policy PL_OS_178.21.233.251 -priority 100 bind vpn vserver "Internal Access" -policy PL_WB_178.21.233.251 -priority 100 bind vpn vserver "Internal Access" -policy _cacheTCVPNStaticObjects -priority 10 -gotoPriorityExpression END -type REQUEST bind vpn vserver "Internal Access" -policy _cacheOCVPNStaticObjects -priority 20 -gotoPriorityExpression END -type REQUEST bind vpn vserver "Internal Access" -policy _cacheVPNStaticObjects -priority 30 -gotoPriorityExpression END -type REQUEST bind vpn vserver "Internal Access" -policy _noCacheRest -priority 40 -gotoPriorityExpression END -type REQUEST bind ssl service nshttps-::1l-443 -certkeyName ns-server-certificate bind ssl service nsrpcs-::1l-3008 -certkeyName ns-server-certificate bind ssl service nskrpcs-127.0.0.1-3009 -certkeyName ns-server-certificate bind ssl service nshttps-127.0.0.1-443 -certkeyName ns-server-certificate bind ssl service nsrpcs-127.0.0.1-3008 -certkeyName ns-server-certificate bind ssl vserver "Remote Access" -certkeyName wildcard.lvc.org bind ssl vserver "Internal Access" -certkeyName wildcard.lvc.org bind ssl vserver "Remote Access" -eccCurveName P_256 bind ssl vserver "Remote Access" -eccCurveName P_384 bind ssl vserver "Remote Access" -eccCurveName P_224 bind ssl vserver "Remote Access" -eccCurveName P_521 bind ssl vserver "Internal Access" -eccCurveName P_256 bind ssl vserver "Internal Access" -eccCurveName P_384 bind ssl vserver "Internal Access" -eccCurveName P_224 bind ssl vserver "Internal Access" -eccCurveName P_521 set L3Param -icmpErrGenerate DISABLED set ns encryptionParams -method AES256 -keyValue ff0e316156e61408f0ac61e26c99fd941b44840edceb0c7e66f3b04e9b0f4817b1b0b34458e84826a507d7769812518641d112b8 -encrypted set ip6TunnelParam -srcIP :: set ptp -state ENABLE set ns param -timezone "GMT+00:00-GMT-Europe/London"