The Citrix ADC, formerly known as Netscaler, is one of the critical components to keep up-to-date as it is internet facing most of the time. This guide is to help you along with the update process. It’s the easiest for a stand-alone ADC, but perhaps you are running the ADC in a HA-Pair.
I would recommend doing the upgrade with the CLI if you feel comfortable with that, as it is easier to monitor the upgrade status. The HA configuration can be done in both CLI and GUI, it does not really matter.
Anyhow, let’s tackle both scenario’s in the GUI and the CLI!
Pick your scenario:
GUI Configuration
- Create Backup
- HA Configuration GUI (Skip if you do not use HA)
- Single ADC GUI Update
CLI Configuration
- Create Backup
- HA Configuration CLI (Skip if you do not use HA)
- Single ADC CLI Update
Create Backup
If you never created a Netscaler backup before, or are uncertain if you do it right please refer to my backup article first:
HA Configuration GUI Update
Before we get started:
1. You can skip this part if you are not using High Availability.
2.Check if your failover is working properly before starting
3. Start on the secondary node with the upgrade
4. HA wont work properly if you only upgrade one Node and leave the other on the old firmware version.
5. Keep in mind that if you have MPX (physical) appliances, the reboot can take up to 45 minutes (but hopefully faster 😉 ).
6. Is your appliance been needing updates for a while? Make sure you only update to each adjecent major release e.g. 11.1 -> 12.0 -> 12.1 > 13.
Dont do 11.1 > 13, this will probably break your firmware.
Health Check:
1. Login on your primary Citrix ADC appliance.
2. Make sure your running configuration is saved..
3. Browse to Configuration/System/HighAvailability.
4. Confirm that the HA-Sync is working properly.
7. Logout of the primary Citrix ADC appliance.
8. Login to the secondary Citrix ADC appliance.
9. Follow the steps from the “Single ADC GUI Update” chapter.
10. Go back to the High Availibility screen form step 4. Click on the secondary now and press ‘Edit’.
11. Disable the HA-Sync on this node.
12. When done, force a failover to your secondary appliance.
13. Confirm that everything works as it should.
14. Now upgrade the ‘new’ secondary (previously primary) appliance.
15. Confirm that everything works at it should.
16. Re-enable the HA-Sync button as shown in step 6.
Single ADC GUI Update
Upgrading
1. We need to download the proper firmware version you require on the Citrix Website. Make sure your appliance is compatible with the firmware version.
2. Currently on a version lower than Citrix ADC 12.0 build 56.20 and onwards? Make sure you upgrade your classic policies first. Consider checking out the following blogpost I wrote on that. The classic policies will not work after version 12.0 build 56.20 which can cause serious impact to your production environment.
3. Go to Configuration > System upgrade.
4. Upload the firmware you just downloaded (see screenshot).
5. Press upgrade (see screenshot).
6. The following screen will pop-up, wait for the upload bar to finish.
7. When finished the system upgrade screen will appear, wait for it to finish mind that it can take some time.
8. If not done automatically, reboot the ADC appliance.
9. You should now be upgraded, refer back to the High Availability section if applicable.
HA Configuration CLI Update
Before we get started:
1. You can skip this part if you are not using High Availability.
2. Start on the secondary node with the upgrade.
3. HA wont work properly if you only upgrade one Node and leave the other on the old firmware version.
4. Keep in mind that if you have MPX (physical) appliances, the reboot can take up to 45 minutes (but hopefully faster 😉 ).
5. Is your appliance been needing updates for a while? Make sure you only update to each adjecent major release e.g. 11.1 -> 12.0 -> 12.1 > 13.
Dont do 11.1 > 13, this will probably break your firmware.
Health Check:
1. Login on your primary Citrix ADC appliance with any SSH tool. I will be using Putty.
2. Save your running configuration with the following command.
save nsconfig
3. In my case the running configuration has not changed, so a save was not required.
4. Check the HA Status with the following command.
show ha nodeA good result would be like the following image I borrowed from the Citrix website:
4. Force the HA-Sync to be sure your freshly saved configuration is also synced
sync ha files all
5. If all went well; logout of the primary Citrix ADC appliance
6. Login to the secondary Citrix ADC appliance
7. Proceed to the Single ADC CLI Update chapter and go to step 8 when done.
8. After the upgrade on the secondary appliance you need to disable the HA-Sync with the following command.
set ha node -hasync disabled
9. Now upgrade the primary Citrix ADC Appliance as per the Single ADC CLI Update chapter
HA Configuration CLI Update
Upgrading
1. We need to download the proper firmware version you require on the Citrix Website. Make sure your appliance is compatible with the firmware version.
2. Currently on a version lower than Citrix ADC 12.0 build 56.20 and onwards? Make sure you upgrade your classic policies first. Consider checking out the following blogpost I wrote on that. The classic policies will not work after version 12.0 build 56.20 which can cause serious impact to your production environment.
3. Connect to your Citrix ADC appliance with any FTP tool. I use WinSCP.
4. Connect to your Citrix ADC appliance and upload your file to the /var/nsinstall/(create a folder here) directory.
5. When done, open up your SSH tool and connect to the Citrix ADC Appliance. I use Putty.
6. Login with your username/password
7. Enter shell mode with the following command.
shell
8. Proceed to the directory where you uploaded the file with the following command.
cd /var/nsintall/(yourfoldernamehere)
9. Extract your .tar file with the following command
tar -xvzf filename.tgz
10. Quite some files will extract, wait for it to be done and then proceed with the following command.
./installns
11. Some prompts might appear in your terminal, answer them as fit.
12. After the upgrade is done you will be prompted to ‘reboot now’, Enter ‘Y’.
13. Proceed back to the HA page if applicable.
Congratulations on your Citrix ADC Upgrade! 🙂
2 Comments on Citrix ADC Upgrade Guide
How to Citrix ADC: CVE-2020-8299 & CVE-2020-8300 – Mick Hilhorst 's Tech Blog
[…] Update your Citrix ADC […]
How to Citrix ADC: CVE-2020-8299 & CVE-2020-8300 – Mick Hilhorst 's Tech Blog
[…] Citrix ADC Upgrade Guide […]