Step-by-Step Guide to Upgrade Citrix NetScaler Firmware

Step-by-Step Guide to Upgrade Citrix NetScaler Firmware

Objective: Update Citrix NetScaler to the latest version to address detected vulnerabilities. Due to low success rates when updating through the GUI, alternative methods will be explored.

Why Update NetScaler?

Updating NetScaler is crucial for several reasons:

  • Security: when the IT security guy chasing you for vulnerabilities

  • Performance: Benefit from performance improvements in newer versions.

  • Features: Access new features and enhancements.

  1. Install WinSCP:
  1. Login to NetScaler using WinSCP:
  • Open WinSCP.

  • Enter the IP address of your NetScaler, username, and password.

  • Click "Login".

    1. Backup Configuration File:

  • Navigate to the /nsconfig directory.

  • Backup the ns.conf file by copying it to your local machine.

  1. Create Full Backup via Web Interface:
  • Log in to NetScaler using your web browser.

  • Navigate to Configuration > System > Backup and Restore.

  • For naming format: File name [DD-MM-YY], select full in level option

  • Create a full backup and download it to your local machine.
    Create Snapshot via vCenter:

  • Log in to vCenter.

  • Locate your NetScaler virtual machine.

  • Create a snapshot for the NetScaler.

  1. Upload Firmware using WinSCP:
  • In WinSCP, navigate to the /var/nsinstall directory.

  • Create a new folder named after the firmware version you are upgrading to.

  • Upload the firmware file to this newly created folder.

  1. Run PuTTY:
  • Open PuTTY.

  • Enter the IP address of your NetScaler and connect.

  1. Access Shell:
  • Once connected, type shell to access the shell prompt.
  1. Check Disk Space:
  • Type df -h to view the available disk space.

  • Ensure the /var partition has at least 4GB of free space.

  1. Navigate to Firmware Directory:
  • Type cd /var/nsinstall/<firmware_folder> to navigate to the firmware directory.

  • Type ls to see all the list that available

  1. Extract Firmware:
  • Type tar -xvzf <firmware_name.tgz> to extract the firmware files.

  • Type ls -tl once the extraction completed to see list is available

  1. Install Firmware:
  • Type installns to start the firmware installation process.

  • Respond to any confirmation prompts as needed. Delete old signature files and kernel images if asked

  1. Wait for Reboot:
  • The NetScaler will automatically reboot once the firmware installation is complete.

  • Can monitor the process at the vcenter

  1. Verify Firmware Version:
  • After the reboot, log in to the NetScaler via the web interface.

  • Make sure it does not change to freemium

  • Check the firmware version by clicking on the profile account in the top right corner.

  • Can also try validation by launching the storefront or SSH to netscaler and type show version