Help with Virtual Server on Non-Standard SSL Port

[Chris Keander]

Good day.

 

I'm hoping someone can help a NetScaler VPX noob configure a Load Balanced Virtual Server so that it redirects correctly to a web server running on a non-standard SSL port on the back-end correctly.

 

I'm running NetScaler VPX Release NS11.2: Build 55.13.nc.

I have a web site (Dell EMC Unisphere) that's running on a Windows 2016 server under port 3033.  Firewall rules in place to allow incoming traffic.

 

I've created the server in the NetScaler as well as the LBVSS using the Protocol "SSL_TCP" on Port 3033.  Everything is green indicating the connections are healthy.

I've created the LBVS, also using SSL_TCP on Port 3033, and bound the LBVSS to it, as well as a valid wildcard certificate.

 

After saving changes, everything is green.  No signs of errors.

When I try to access the site using the DNS record I created that points to the VIP, the site does not load.  I can only get the site to load if I specify the port at the end of the URL.

(ie:  https://unisphere.my.domain:3033)
If I just do https://unisphere.my.domain, it doesn't work.

 

I can't seem to make a responder or rewrite rule that would fix this either.   Any suggestions?

 

 

[CarlStalhood]

If your vserver is listening on 3033, then you need to add :3033 to the URL.

 

You could create your vserver with port 443, then no port needed in the URL. However, if your web server is sending responses with URLs that have :3033 in them, then you'll need to rewrite the responses, but you can't do that with SSL_TCP protocol. You'll instead have to change both vserver and service group to SSL protocol. Then you can bind Rewrite policies.

[Chris Keander]

@Carl Stalhood1709151912

 

I appreciate the quick response.  Can you maybe add a little more clarification on how the suggested response rewrites would look like?  Sorry for the novice question.

[Farhan Ali1709152717]

When you access https://unisphere.my.domain

Then the request coming to Netscaler are on port 443. Since you don't have any LB Vserver listening on port 443 hence it's failing.

 

When you access https://unisphere.my.domain:3033

Then the request are coming to Netscaler on port 3033 and since you have a a LB on port 3033 that's why its working.

 

To make it work , you need to create the LB with SSL_TCP protocol on port 443 and bind backend servers to this LB with SSL_TCP on port 3033.

 

This way when you access https://unisphere.my.domain  then the request will come to netscaler on port 443 will be listened by the LB and then Netscaler will send it to backend on port 3033 .

[Chris Keander]

Thank you all for the assistance here!