Chris Keander Posted October 16, 2019 Share Posted October 16, 2019 Good day. I'm hoping someone can help a NetScaler VPX noob configure a Load Balanced Virtual Server so that it redirects correctly to a web server running on a non-standard SSL port on the back-end correctly. I'm running NetScaler VPX Release NS11.2: Build 55.13.nc. I have a web site (Dell EMC Unisphere) that's running on a Windows 2016 server under port 3033. Firewall rules in place to allow incoming traffic. I've created the server in the NetScaler as well as the LBVSS using the Protocol "SSL_TCP" on Port 3033. Everything is green indicating the connections are healthy. I've created the LBVS, also using SSL_TCP on Port 3033, and bound the LBVSS to it, as well as a valid wildcard certificate. After saving changes, everything is green. No signs of errors. When I try to access the site using the DNS record I created that points to the VIP, the site does not load. I can only get the site to load if I specify the port at the end of the URL. (ie: https://unisphere.my.domain:3033) If I just do https://unisphere.my.domain, it doesn't work. I can't seem to make a responder or rewrite rule that would fix this either. Any suggestions? Link to comment Share on other sites More sharing options...
CarlStalhood Posted October 16, 2019 Share Posted October 16, 2019 If your vserver is listening on 3033, then you need to add :3033 to the URL. You could create your vserver with port 443, then no port needed in the URL. However, if your web server is sending responses with URLs that have :3033 in them, then you'll need to rewrite the responses, but you can't do that with SSL_TCP protocol. You'll instead have to change both vserver and service group to SSL protocol. Then you can bind Rewrite policies. Link to comment Share on other sites More sharing options...
Chris Keander Posted October 16, 2019 Author Share Posted October 16, 2019 @Carl Stalhood1709151912 I appreciate the quick response. Can you maybe add a little more clarification on how the suggested response rewrites would look like? Sorry for the novice question. Link to comment Share on other sites More sharing options...
Farhan Ali1709152717 Posted October 21, 2019 Share Posted October 21, 2019 When you access https://unisphere.my.domain Then the request coming to Netscaler are on port 443. Since you don't have any LB Vserver listening on port 443 hence it's failing. When you access https://unisphere.my.domain:3033 Then the request are coming to Netscaler on port 3033 and since you have a a LB on port 3033 that's why its working. To make it work , you need to create the LB with SSL_TCP protocol on port 443 and bind backend servers to this LB with SSL_TCP on port 3033. This way when you access https://unisphere.my.domain then the request will come to netscaler on port 443 will be listened by the LB and then Netscaler will send it to backend on port 3033 . 1 Link to comment Share on other sites More sharing options...
Chris Keander Posted October 22, 2019 Author Share Posted October 22, 2019 Thank you all for the assistance here! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now