Home > Configuration > System |
| System |
system configuration. |
Configuration APIs |
Use this method to adds a backup file (*.tgz) that was created in remote system by using the "create system backup" method. |
Use this method to adds a method policy to the system. A method policy specifies the access rights of the system user. By default, the appliance already has the following policies defined: * operator * read-only * network * superuser |
Use this method to creates a system-user group, to which you can bind individual users by using the bind system group method. |
Use this method to adds a new user to the system. Note: You must provide the password after the user name. |
Use this method to bind policy to system global. |
Use this method to bind partition to system group. |
Use this method to bind policy to system group. |
Use this method to bind user to system group. |
Use this method to bind partition to system user. |
Use this method to bind policy to system user. |
Use this method to examines Citrix ADC for disk errors. The diskcheck parameter must be provided. |
Use this method to creates a backup file (*.tgz) that is stored in the /var/ns_sys_backup/ directory. This file can be used to restore the appliance by using the "restore system backup" method. |
Use this method to create restore points which will be used to auto restore the system |
Use this method to disable the auto restore feature. |
Use this method to disables extra CPU for Management and returns back to the PE pool |
Use this method to disables nsb tracing |
Use this method to disable verification of system executables |
Use this method to enable the auto restore feature. |
Use this method to enables and dedicates extra CPU for Management from PE pool |
Use this method to enables nsb tracing |
Use this method to enable verification of system executables |
Use this method to get the backed up files that were created in the appliance. |
Use this method to get information about all configured system method policies, or about the specified policy. |
Use this method to get PEmode state |
Use this method to get configured and effective state of Extra Management CPU. Configured and effective state will be different if method is fired but system is not rebooted |
Use this method to get Fips Initialization Status |
Use this method to get information about all global policy bindings. |
Use this method to get information about all system groups configured on the appliance, or about the specified group. |
Use this method to get configured and effective state of nsb tracing. Configured and effective state will be different if method is fired but system is not rebooted |
Use this method to get information about the system parameters. |
Use this method to get the list of restore points. Right now maximum of 3 restorepoints are allowed |
Use this method to get information about all current system sessions, or about the specified session. The system might reclaim sessions with no active connections before expiry time. |
Use this method to get the private key |
Use this method to get information about all system users configured on the appliance, or about the specified user. |
Use this method to import the ssh key. |
Use this method to kills one system session, or all system sessions except the current session. |
Use this method to restores an appliance by using the backup file (*.tgz) that was created by using the "create system backup" method. |
Use this method to removes a backup file (*.tgz) that was created by using the "create system backup" method. |
Use this method to removes a method policy from the appliance. Note: You cannot remove method policies that are bound to a system user. |
Use this method to removes a system group from the appliance. |
Use this method to removes a restore point that was created by using the "set restorepoint" method. |
Use this method to remove the public or private key |
Use this method to removes a system user from the appliance. |
Use this method to set name of adm-user to log in syslogs. |
Use this method to set action to perform when a request matches the policy. This is mandatory parameter. |
Use this method to set regular expression specifying the data that matches the policy. This is mandatory parameter. |
Use this method to set set PEmode to DEFAULT/CPUBOUND. Distribute the PE weights equally if PEmode is set to CPUBOUND. |
Use this method to set allowed Management interfaces of the system users in the group. By default allowed from both API and CLI interfaces. If management interface for a group is set to API, then all users under this group will not allowed to access NS through CLI. GUI interface will come under API interface |
Use this method to set password days to expire for system groups. The daystoexpire value ranges from 30 to 255. |
Use this method to set string to display at the method-line prompt. Can consist of letters, numbers, hyphen (-), period (.), hash (#), space ( ), at (@), equal (=), colon (:), underscore (_), and the following variables: * %u - Will be replaced by the user name. * %h - Will be replaced by the hostname of the Citrix ADC. * %t - Will be replaced by the current time in 12-hour format. * %T - Will be replaced by the current time in 24-hour format. * %d - Will be replaced by the current date. * %s - Will be replaced by the state of the Citrix ADC. Note: The 63-character limit for the length of the string does not apply to the characters that replace the variables. |
Use this method to set cLI session inactivity timeout, in seconds. If Restrictedtimeout argument of system parameter is enabled, Timeout can have values in the range [300-86400] seconds.If Restrictedtimeout argument of system parameter is disabled, Timeout can have values in the range [0, 10-100000000] seconds. Default value is 900 seconds. |
Use this method to set enable or disable basic authentication for Nitro API. |
Use this method to set audit log level, which specifies the types of events to log for cli executed methods. Available values function as follows: * EMERGENCY - Events that indicate an immediate crisis on the server. * ALERT - Events that might require action. * CRITICAL - Events that indicate an imminent server crisis. * ERROR - Events that indicate some type of error. * WARNING - Events that require action in the near future. * NOTICE - Events that the administrator should know about. * INFORMATIONAL - All but low-level events. * DEBUG - All events, in extreme detail. |
Use this method to set password expiry days for all the system users. The daystoexpire value ranges from 30 to 255. |
Use this method to set enable or disable denylist protection. The available options are: * ON - Denylist feature is enabled. * OFF - Denylist feature is disabled. |
Use this method to set enable or disable denylist protection logging. The available options are: * ON - Denylist logging is enabled. * OFF - Denylist logging is disabled. |
Use this method to set enable or disable Doppler |
Use this method to set use this option to set the FIPS mode for key user-land processes. When enabled, these user-land processes will operate in FIPS mode. In this mode, these processes will use FIPS 140-2 certified crypto algorithms. With a FIPS license, it is enabled by default and cannot be disabled. Without a FIPS license, it is disabled by default, wherein these user-land processes will not operate in FIPS mode. |
Use this method to set enable or disable force password change for nsroot user |
Use this method to set enable or disable Google analytics |
Use this method to set when enabled, local users can access Citrix ADC even when external authentication is configured. When disabled, local users are not allowed to access the Citrix ADC, Local users can access the Citrix ADC only when the configured external authentication servers are unavailable. This parameter is not applicable to SSH Key-based authentication |
Use this method to set maximum number of client connection allowed per user.The maxsessionperuser value ranges from 1 to 40 |
Use this method to set minimum length of system user password. When strong password is enabled default minimum length is 8. User entered value can be greater than or equal to 8. Default mininum value is 1 when strong password is disabled. Maximum value is 127 in both cases. |
Use this method to set flush the system if the number of Network Address Translation Protocol Control Blocks (NATPCBs) exceeds this value. |
Use this method to set send a reset signal to client and server connections when their NATPCBs time out. Avoids the buildup of idle TCP connections on both the sides. |
Use this method to set enables or disable password expiry feature for system users. If the feature is ENABLED, by default the last 6 passwords of users will be maintained and will not be allowed to reuse same. When the feature is enabled the daystoexpire, warnpriorndays and pwdhistoryCount will be set with default values. The values can only be set in system for system parameter. It cannot be unset. It is possible to set and unset the values for daytoexpire and warnpriorndays in system groups. Default values if feature is ENABLED: daystoexpire: 30 warnpriorndays: 5 pwdhistoryCount: 6 If the feature is DISABLED the values cannot be set or unset in system parameter and system groups |
Use this method to set string to display at the method-line prompt. Can consist of letters, numbers, hyphen (-), period (.), hash (#), space ( ), at (@), equal (=), colon (:), underscore (_), and the following variables: * %u - Will be replaced by the user name. * %h - Will be replaced by the hostname of the Citrix ADC. * %t - Will be replaced by the current time in 12-hour format. * %T - Will be replaced by the current time in 24-hour format. * %d - Will be replaced by the current date. * %s - Will be replaced by the state of the Citrix ADC. Note: The 63-character limit for the length of the string does not apply to the characters that replace the variables. |
Use this method to set number of passwords to be maintained as history for system users. The pwdhistorycount value ranges from 1 to 10. |
Use this method to set enable or disable Role-Based Authentication (RBA) on responses. |
Use this method to set enable or disable External user reauthentication when authentication parameter changes |
Use this method to set use this option to remove the sensitive files from the system like authorise keys, public keys etc. The methods which will remove sensitive files when this system paramter is enabled are rm cluster instance, rm cluster node, rm ha node, clear config full, join cluster and add cluster instance. |
Use this method to set enable/Disable the restricted timeout behaviour. When enabled, timeout cannot be configured beyond admin configured timeout and also it will have the [minimum - maximum] range check. When disabled, timeout will have the old behaviour. By default the value is disabled |
Use this method to set after enabling strong password (enableall / enablelocal - not included in exclude list), all the passwords / sensitive information must have - Atleast 1 Lower case character, Atleast 1 Upper case character, Atleast 1 numeric character, Atleast 1 special character ( ~, `, !, @, #, $, %, ^, &, *, -, _, =, +, {, }, [, ], |, \, :, <, >, /, ., ,, " "). Exclude list in case of enablelocal is - NS_FIPS, NS_CRL, NS_RSAKEY, NS_PKCS12, NS_PKCS8, NS_LDAP, NS_TACACS, NS_TACACSACTION, NS_RADIUS, NS_RADIUSACTION, NS_ENCRYPTION_PARAMS. So no Strong Password checks will be performed on these ObjectType methods for enablelocal case. |
Use this method to set cLI session inactivity timeout, in seconds. If Restrictedtimeout argument is enabled, Timeout can have values in the range [300-86400] seconds. If Restrictedtimeout argument is disabled, Timeout can have values in the range [0, 10-100000000] seconds. Default value is 900 seconds. |
Use this method to set total time a request can take for authentication/authorization |
Use this method to set configure WAF protection for endpoints used by NetScaler management interfaces. The available options are: * DEFAULT - NetScaler decides which endpoints have WAF protection enabled. * GUI - Endpoints used by the Management GUI Interface are WAF protected. * DISABLED - WAF protection is disabled. |
Use this method to set allowed Management interfaces to the system user. By default user is allowed from both API and CLI interfaces. If management interface for a user is set to API, then user is not allowed to access NS through CLI. GUI interface will come under API interface |
Use this method to set whether to use external authentication servers for the system user authentication or not |
Use this method to set users logging privilege |
Use this method to set maximum number of client connection allowed per user |
Use this method to set password for the system user. Can include any ASCII character. |
Use this method to set string to display at the method-line prompt. Can consist of letters, numbers, hyphen (-), period (.), hash (#), space ( ), at (@), equal (=), colon (:), underscore (_), and the following variables: * %u - Will be replaced by the user name. * %h - Will be replaced by the hostname of the Citrix ADC. * %t - Will be replaced by the current time in 12-hour format. * %T - Will be replaced by the current time in 24-hour format. * %d - Will be replaced by the current date. * %s - Will be replaced by the state of the Citrix ADC. Note: The 63-character limit for the length of the string does not apply to the characters that replace the variables. |
Use this method to set cLI session inactivity timeout, in seconds. If Restrictedtimeout argument of system parameter is enabled, Timeout can have values in the range [300-86400] seconds. If Restrictedtimeout argument of system parameter is disabled, Timeout can have values in the range [0, 10-100000000] seconds. Default value is 900 seconds. |
Use this method to unbind policy from system global. |
Use this method to unbind partition from system group. |
Use this method to unbind policy from system group. |
Use this method to unbind user from system group. |
Use this method to unbind partition from system user. |
Use this method to unbind policy from system user. |
Remove system cpuparam pemode setting. |
Remove system group allowedmanagementinterface setting. |
Remove system group daystoexpire setting. |
Remove system group promptstring setting. |
Remove system group timeout setting. |
Remove system group warnpriorndays setting. |
Remove system parameter basicauth setting. |
Remove system parameter cliloglevel setting. |
Remove system parameter daystoexpire setting. |
Remove system parameter denylist setting. |
Remove system parameter denylistlogging setting. |
Remove system parameter doppler setting. |
Remove system parameter fipsusermode setting. |
Remove system parameter forcepasswordchange setting. |
Remove system parameter googleanalytics setting. |
Remove system parameter localauth setting. |
Remove system parameter maxsessionperuser setting. |
Remove system parameter minpasswordlen setting. |
Remove system parameter natpcbforceflushlimit setting. |
Remove system parameter natpcbrstontimeout setting. |
Remove system parameter passwordhistorycontrol setting. |
Remove system parameter promptstring setting. |
Remove system parameter pwdhistorycount setting. |
Remove system parameter rbaonresponse setting. |
Remove system parameter reauthonauthparamchange setting. |
Remove system parameter removesensitivefiles setting. |
Remove system parameter restrictedtimeout setting. |
Remove system parameter strongpassword setting. |
Remove system parameter timeout setting. |
Remove system parameter totalauthtimeout setting. |
Remove system parameter wafprotection setting. |
Remove system parameter warnpriorndays setting. |
Remove system user allowedmanagementinterface setting. |
Remove system user externalauth setting. |
Remove system user logging setting. |
Remove system user maxsession setting. |
Remove system user promptstring setting. |
Remove system user timeout setting. |
Use this method to updates the system KEK |