NetScaler Ports Unmasked

On 14 January 2016 by Pete Petersen



In recent conversations with several organizations, it was clear that along with Citrix’s port listing, there needed also some direction on where all the ports were coming from and going to. The above diagram is an attempt to lay out the port list in a single use case (with SDXs with an interface in the DMZ and an interface internally (with a management interface), and the VPXs only having one interface, either in the DMZ or internally, thus being able to pass security audits.

Although there are many potential configurations, hopefully this helps to communicate to network teams which ports need to be opened from the DMZ leading to internal resources from the NetScaler IPs and to get a better idea of the traffic of the various communication processes.

Here is the Citrix port listing documentation: