Forum Discussion

Stefan_Hill's avatar
Stefan_Hill
Icon for Nimbostratus rankNimbostratus
Jan 16, 2015

LTM 11.4.1 forwarding to Netscaler 10.5 with ssl offloading and inspection

Hello   I have the following scenario. My citrix clients are connecting over F5 to a netscaler. Behind the netscaler is the whole environment with StoreFront 2.6 etc. The F5 is doing ssl offloadin...
application delivery
ASM Advanced WAF
LTM
security
Stefan_Hill's avatar
Stefan_Hill
Icon for Nimbostratus rankNimbostratus
Jan 27, 2015

I did the tcpdump in the past with tcpdump -ni vlanxxx:nnnp -s0 -c 100000 -w /var/tmp/sh_netscaler_050115.cap host x.x.x.x decrypted it in wireshark with a pms file....and gave it to F5 support.

 

  • mark_06_140158's avatar
    mark_06_140158
    Icon for Nimbostratus rankNimbostratus
    Feb 16, 2015
    Hi WE had a similar issue. The process starts with HTTPS to give users a list of avaialble apps/ desktops. IT then delivers an appropriate ICA file to the client over https. All works fine as the http filter understands the traffic. When the user opens the app the citrix receiver (client) then iniitiates ICA over SSL. This ICA traffic is not understood by the HTTP filter, hence it breaks. I am trying to find out how to configure the LTM to distinguish whether the decrypted traffic is HTTP or ICA and then ONLY apply the HTTP filter to the coorect stream. Any ideas?