DLP IP Filtering rule test
Tag: Network address translation
Block all inbound/outbound traffic except for selected IP
Is there a way to block all traffic except for the IP I specify ?
UDP tarffic query
Does proxxy support UDP traffic (Probably No) ?
What will happen if some application run on only UDP traffic and that application have ability to define proxy setting in it ?
Clients and Server not communicating
I have installed Symantec Endpoint Protection Manager 14.2 on Server 2016. I have created a client install for Windows 10 which installs without any issues, however the client never connects to the manger unless I configure the client IP to a static IP rather DHCP any suggestions on how to fix this would be much appreciated
request remove our domain and ip form black list
Our company domain:
can’t send mail when destination use messagelab.
can help to remove us form black list?
How to Use Port Control Protocol in NetScaler?
This article describes how to use Port Control Protocol in NetScaler.
In today’s networks NAT device plays an important role providing IPv4 preservation, IPv6 migration, and security and thus the chances of packet translation happening in an end-to-end communication is quite high. In order to have control over these NAT devices, Port Control Protocol was developed (RFC – 6887). Port Control Protocol commonly referred as PCP enables applications and equipment to read/write explicit mappings between an external IP address, protocol and port, and an internal IP address, protocol and port. These explicit mappings allows inbound communication to reach the hosts behind a NAT or firewall.
With DHCP the internal IP address varies often and thus the external IP address/port also changes frequently. While hosting a service on a server behind firewall or NAT, this frequently changing external IP address/port posts a challenge. Below are the list of problems faced commonly in a NAT environment.
- Hosting of web services in private network lead to Dynamic DNS issues (change in NAT IP during reallocation of IP)
- Need to Monitor/Access Home Gateway (HG) devices from outside/office
- No control over NAT and firewall
- Have to raise a request to service provider for static mapping
- Internet of Things (Rapid growth of HG)
- Keep alive messages takes bandwidth consumption
- Battery consumption on mobile devices
PCP comes to rescue here by providing the below mentioned support to overcome the above mentioned problems.
- PCP clients can get updated mappings from NAT device using PCP
- Give controls to applications/devices at HG
- Whenever it wants to act as service, it can request its upstream devices
- Applications decide when the session at upstream devices should terminate
Primary Uses cases for DDNS with PCP
Port Control Protocol (PCP) keeps device (PCP client) and NAT/CGN server (PCP server) dynamically aware about the change in both internal and external IP address and port number. NetScaler should be able to receive PCP request from any client and provide appropriate response for them.
PCP works in a client server model over UDP and uses various OPCODEs are used for performing PCP operations. In NetScaler PCP server can be used with NAT44, NAT64 and DS-Lite.
iOS 11 MDM-enrolled Device Issues with XenMobile in Cluster Mode
Update: This issue has been resolved in 10.8 RTM.
You will need to modify your NetScaler load balancer configuration to use Source IP persistence for all NetScaler MDM load balancers e.g. virtual servers set up for ports 8443 and 443.
For XenMobile Service customers, Citrix Cloud Ops will be performing this configuration change as a maintenance operation, so no action is necessary by customers.
Please refer to this article for more details on Source IP persistence – https://docs.citrix.com/en-us/netscaler/12/getting-started-with-netscaler/load-balancing/configure-persistence-settings.html.
The configuration change can be made either through the command-line or the NetScaler GUI.
- Here are example commands to set Source IP Persistence:
set lb vserver _XM_LB_MDM_XenMobileMDM_172.16.30.62_8443 -persistenceType SOURCEIP
- Here is a screenshot of the GUI to set Source IP Persistence:
If Source IP persistence is already configured on NetScaler and your XenMobile environment has more than 10,000 devices being managed by a XenMobile cluster, plus if network address translation (NAT) is enabled on an appliance such as F5 or a firewall fronting the NetScaler before the XenMobile Server, please monitor the NetScaler and XenMobile for CPU and memory usage. If NetScaler or XenMobile server resources are consistently pegged at 80% of the CPU or memory usage over a long period of time, please contact Citrix Technical Support for further assistance.
Resolve IP after AD Import
Is there a way to resolve the IP address of a computer discovered using the AD import without installing the agent? I’d like to be able to filter by IP before I push the agent out.
How to Enable Subscriber Aware Session Termination in NetScaler?
This article describes how to enable subscriber aware session termination in NetScaler.
In today’s environment, subscribers who goes to internet through Large Scale NAT (LSN, also called Carrier Grade NAT—CGNAT) terminates connections and creates new connections frequently. In such a dynamic environment, it is important for the CGNAT device to identify if the subscriber session is closed and free the resources allocated for the specific subscriber session. In CGNAT context, the NAT resources like IP address, port block (if Port Block Allocation is enabled) shouldbede-allocated so that they can be used by other subscribers. Considering the scale at which subscribers go through the service provider network, this plays a vital role in optimally using NAT resources and has significant impact in CGNAT device performance.
How to configure subscriber aware session termination in NetScaler?
In earlier implementation, when a subscriber is using a CGNAT session ,on receiving Radius-Accounting-Stop message, portblock of the public IP is kept open even after the subscriber is disconnected. It uses LSN session idle time out to deallocate the NAT resources which lead to non-utilization of these resources till the idle timer expires. NetScaler enables service providers to optimally use CGNAT resources by supporting subscriber based session termination.
NetScaler will now be able to close LSN session when Radius-Accounting-Stop message is received for the Framed-IP.
Subscriber Aware Session Removal is an LSN global setting for controlling subscriber aware session removal. With this enabled, whenever the subscriber information is deleted from subscriber database, sessions corresponding to that subscriber will beremoved. If this setting is disabled, subscriber sessions will be timed out as per the idle time out settings.