How to take your Citrix NetScaler Gateway (Wizard Built) to the Next Level
After getting a gentle nudge from Claudio about a post suggested (see below) I have finally got round to putting this together. The purpose of this is to show you the steps you would need to take to get your NetScaler Gateway you have built using the inbuilt wizard secure and conforming to your company standards.
Here is a gateway I built using the wizard – I built a new LDAP policy as part of this gateway and did not use the existing one I had on my NetScaler already
First lets run a ssl labs test against the server
So, that’s out the box with the wizard. Lets deal with the security first.
Disable SSL 3 and Create Diffie-Hellman Key
First create a Diffie-Hellman key by going to Traffic Management and SSL. On the right you will see the option to create a Diffie-Hellman Key. Click that and give the key a new file name on the NetScaler and set the DH Parameter Size to 2048
Next open up your new NetScaler Gateway and edit the SSL Parameters for the gateway
Check to enable the DH Param, select your new key, set the refresh to 1000 and disable SSLv3
Read the entire article here, How to take your NetScaler Gateway (Wizard Built) to the Next Level
via Dave Brett at bretty.me.uk