#NS11.1 Build 51.26
# Last modified by `save config`, Thu Jun 22 11:52:57 2017
set ns config -IPAddress 192.168.88.62 -netmask 255.255.255.0
enable ns feature LB CS SSL REWRITE RESPONDER
enable ns mode FR L3 Edge USNIP PMTUD
set system parameter -doppler DISABLED
set system user nsroot 
set rsskeytype -rsstype ASYMMETRIC
set lacp -sysPriority 32768 -mac 00:50:56:9a:7c:b8
set ns hostName PHOTONNS1
set interface 0/1 -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "XEN Interface" -ifnum 0/1
set interface LO/1 -haMonitor OFF -haHeartbeat OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype Loopback -ifnum LO/1
add ns ip6 fe80::20c:29ff:fef7:d6a4/64 -scope link-local -type NSIP -vlan 1 -vServer DISABLED -mgmtAccess ENABLED -dynamicRouting ENABLED
add ns ip 192.168.88.63 255.255.255.0 -vServer DISABLED
set nd6RAvariables -vlan 1
set snmp alarm APPFW-BUFFER-OVERFLOW -timeout 1
set snmp alarm APPFW-COOKIE -timeout 1
set snmp alarm APPFW-CSRF-TAG -timeout 1
set snmp alarm APPFW-DENY-URL -timeout 1
set snmp alarm APPFW-FIELD-CONSISTENCY -timeout 1
set snmp alarm APPFW-FIELD-FORMAT -timeout 1
set snmp alarm APPFW-POLICY-HIT -timeout 1
set snmp alarm APPFW-REFERER-HEADER -timeout 1
set snmp alarm APPFW-SAFE-COMMERCE -timeout 1
set snmp alarm APPFW-SAFE-OBJECT -timeout 1
set snmp alarm APPFW-SQL -timeout 1
set snmp alarm APPFW-START-URL -timeout 1
set snmp alarm APPFW-VIOLATIONS-TYPE -timeout 1
set snmp alarm APPFW-XML-ATTACHMENT -timeout 1
set snmp alarm APPFW-XML-DOS -timeout 1
set snmp alarm APPFW-XML-SCHEMA-COMPILE -timeout 1
set snmp alarm APPFW-XML-SOAP-FAULT -timeout 1
set snmp alarm APPFW-XML-SQL -timeout 1
set snmp alarm APPFW-XML-VALIDATION -timeout 1
set snmp alarm APPFW-XML-WSI -timeout 1
set snmp alarm APPFW-XML-XSS -timeout 1
set snmp alarm APPFW-XSS -timeout 1
set snmp alarm CLUSTER-BACKPLANE-HB-MISSING -time 86400 -timeout 86400
set snmp alarm CLUSTER-NODE-HEALTH -time 86400 -timeout 86400
set snmp alarm CLUSTER-NODE-QUORUM -time 86400 -timeout 86400
set snmp alarm CLUSTER-VERSION-MISMATCH -time 86400 -timeout 86400
set snmp alarm COMPACT-FLASH-ERRORS -time 86400 -timeout 86400
set snmp alarm CONFIG-CHANGE -timeout 86400
set snmp alarm CONFIG-SAVE -timeout 86400
set snmp alarm HA-BAD-SECONDARY-STATE -time 86400 -timeout 86400
set snmp alarm HA-NO-HEARTBEATS -time 86400 -timeout 86400
set snmp alarm HA-SYNC-FAILURE -time 86400 -timeout 86400
set snmp alarm HA-VERSION-MISMATCH -time 86400 -timeout 86400
set snmp alarm HARD-DISK-DRIVE-ERRORS -time 86400 -timeout 86400
set snmp alarm HA-STATE-CHANGE -timeout 86400
set snmp alarm HA-STICKY-PRIMARY -timeout 86400
set snmp alarm PORT-ALLOC-FAILED -time 3600 -timeout 3600
set snmp alarm SYNFLOOD -timeout 1
bind policy patset ns_vpn_client_useragents AGEE -index 1 -charset ASCII
bind policy patset ns_vpn_client_useragents CitrixReceiver -index 2 -charset ASCII
bind policy patset ns_vpn_client_useragents AGMacClient -index 3 -charset ASCII
bind policy patset ns_vpn_client_useragents "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0" -index 4 -charset ASCII
bind policy patset ns_vpn_client_useragents "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0" -index 5 -charset ASCII
bind policy patset ns_aaa_activesync_useragents Apple-iPhone -index 1 -charset ASCII
bind policy patset ns_aaa_activesync_useragents Apple-iPad -index 2 -charset ASCII
bind policy patset ns_aaa_activesync_useragents SAMSUNG-GT -index 3 -charset ASCII
bind policy patset ns_aaa_activesync_useragents "SAMSUNG GT" -index 4 -charset ASCII
bind policy patset ns_aaa_activesync_useragents AirWatch -index 5 -charset ASCII
bind policy patset ns_aaa_activesync_useragents "TouchDown(MSRPC)" -index 6 -charset ASCII
set ssl profile ns_default_ssl_profile_backend -sessionTicketLifeTime 0
add ssl profile FrontEnd-Secure -sessReuse ENABLED -sessTimeout 120 -tls1 DISABLED -tls11 DISABLED -denySSLReneg FRONTEND_CLIENT
add server PHOTONCTRL2 192.168.88.60
add server PHOTONCTRL1 192.168.88.55
add server LIGHTWAVE1 192.168.88.57
add server LIGHTWAVE2 192.168.88.61
add server PHOTONCTRL3 192.168.88.70
add service SVC-LIGHTWAVE-LIGHTWAVE1-SSL LIGHTWAVE1 SSL 443 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service SVC-PHOTON-PHOTONCTRL1-MGMTUI-SSL PHOTONCTRL1 SSL 443 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service SVC-PHOTON-PHOTONCTRL1-API-SSL PHOTONCTRL1 SSL 9000 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service SVC-LIGHTWAVE-LIGHTWAVE2-SSL LIGHTWAVE2 SSL 443 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service SVC-PHOTON-PHOTONCTRL2-MGMTUI-SSL PHOTONCTRL2 SSL 443 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service SVC-PHOTON-PHOTONCTRL2-API-SSL PHOTONCTRL2 SSL 9000 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service SVC-PHOTON-PHOTONCTRL3-API-SSL PHOTONCTRL3 SSL 9000 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service SVC-PHOTON-PHOTONCTRL3-MGMTUI-SSL PHOTONCTRL3 SSL 443 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add ssl certKey ns-server-certificate -cert ns-server.cert -key ns-server.key
add ssl certKey RootCA -cert Pigeonnuggets-RootCA.cer -inform DER
add ssl certKey PhotonPlatform -cert PhotonPlatform.pfx -key PhotonPlatform.pfx.ns -inform PFX -passcrypt 
add ssl certKey Lightwave -cert Lightwave.pfx -key Lightwave.pfx.ns -inform PFX -passcrypt 
link ssl certKey PhotonPlatform RootCA
set lb parameter -sessionsThreshold 150000
add lb vserver LB-VS-PHOTONCTLR-API-SSL SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver LB-VS-LIGHTWAVE-SSL SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver LB-VS-PHOTONCTLR-MGMT-UI-SSL SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
set cache parameter -via "NS-CACHE-10.0:  62"
add cs vserver CS-PHOTONCTLR-API-SSL SSL 192.168.88.56 443 -cltTimeout 180
add cs vserver CS-LIGHTWAVE-SSL SSL 192.168.88.65 443 -cltTimeout 180
add cs vserver CS-PHOTONCTLR-MGMT-UI-SSL SSL 192.168.88.56 4343 -cltTimeout 180
set aaa parameter -maxAAAUsers 1000
set ns rpcNode 192.168.88.62 -password 946863c68f50f9232ef8af664a4ce032d02040d2d7f2d1b4a8f3d2040e22236ceee8951a116d7ef78af0b126a4707470 -encrypted -encryptmethod ENCMTHD_3 -srcIP 192.168.88.62
add rewrite action RWA-INSERT-X-FORWARDED-PROTO insert_http_header X-FORWARDED-PROTO HTTP.REQ.URL.PROTOCOL
add rewrite action RWA-LIGHTWAVE-INTERNAL-ADDRESS replace "HTTP.RES.HEADER(\"Location\").AFTER_STR(\"https://\").BEFORE_STR(\"/openidconnect\")" "\"lightwave.pigeonnuggets.com\""
add rewrite action RWA-LIGHTWAVE-REDIRECT-ADDRESS-LB replace "HTTP.RES.HEADER(\"Location\").AFTER_STR(\"redirect_uri=https://\").BEFORE_STR(\"/oauth_callback.html\")" "\"photonplatform.pigeonnuggets.com:4343\""
add rewrite action RWA-API-REWRITE-LIGHTWAVE-ENDPOINT replace q/HTTP.RES.BODY(2000).AFTER_STR("\"endpoint\":").BEFORE_STR(",")/ q/"\"lightwave.pigeonnuggets.com\""/ -comment "Replaces the Endpoint URI in the API call to the DNS name of the Load Balancer"
add rewrite action RWA-INSERT-STS-HEADER insert_http_header Strict-Transport-Security "\"max-age=157680000\""
add rewrite policy RWP-INSERT-X-FORWARDED-PROTO TRUE RWA-INSERT-X-FORWARDED-PROTO
add rewrite policy RWP-PHOTONPLATFORM-REWRITE-EXTERNAL-LW "HTTP.RES.HEADER(\"Location\").EXISTS && HTTP.RES.HEADER(\"Location\").CONTAINS(\"/openidconnect/oidc/authorize/\")" RWA-LIGHTWAVE-INTERNAL-ADDRESS -comment "Rewrite the internal Lightwave IP address in the Redirect to the Load Balancer"
add rewrite policy RWP-PHOTONPLATFORM-REWRITE-REDIRECTURI "HTTP.RES.HEADER(\"Location\").EXISTS && HTTP.RES.HEADER(\"Location\").CONTAINS(\"/openidconnect/oidc/authorize/\")" RWA-LIGHTWAVE-REDIRECT-ADDRESS-LB -comment "Rewrite the internal Photon URI in the Redirect to the Load Balancer"
add rewrite policy RWP-PHOTONPLATFORM-REWRITE-API-LW "HTTP.REQ.URL.PATH.EQ(\"/v1/system/auth\")" RWA-API-REWRITE-LIGHTWAVE-ENDPOINT -comment "Rewrite the internal Lightwave IP address in the Redirect to the Load Balancer for a call to the API"
add rewrite policy RWP-ENFORCE-STS-HEADER TRUE RWA-INSERT-STS-HEADER
bind cmp global ns_adv_nocmp_xml_ie -priority 8700 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_nocmp_mozilla_47 -priority 8800 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_cmp_mscss -priority 8900 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_cmp_msapp -priority 9000 -gotoPriorityExpression END -type RES_DEFAULT
bind cmp global ns_adv_cmp_content_type -priority 10000 -gotoPriorityExpression END -type RES_DEFAULT
add responder action RSA-REDIRECT-API-MGMT redirect "\"https://\" + http.REQ.HOSTNAME.HTTP_URL_SAFE + \":4343\"" -comment "Redirects request to the root (/) of the API to the Management Service on 4343" -responseStatusCode 302
add responder policy RSP-REDIRECT-API-TO-MGMTUI "HTTP.REQ.URL.PATH.EQ(\"/\")" RSA-REDIRECT-API-MGMT -comment "Redirects client requests to / of the API to the Management Interface"
add cache contentGroup DEFAULT
set cache contentGroup NSFEO -maxResSize 1994752
add cache contentGroup BASEFILE -relExpiry 86000 -weakNegRelExpiry 600 -maxResSize 256 -memLimit 2
add cache contentGroup DELTAJS -relExpiry 86000 -weakNegRelExpiry 600 -insertAge NO -maxResSize 256 -memLimit 1 -pinned YES
add cache contentGroup ctx_cg_poc -relExpiry 86000 -weakNegRelExpiry 600 -insertAge NO -maxResSize 500 -memLimit 256 -pinned YES
add cache policy _nonGetReq -rule "!HTTP.REQ.METHOD.eq(GET)" -action NOCACHE
add cache policy _advancedConditionalReq -rule "HTTP.REQ.HEADER(\"If-Match\").EXISTS || HTTP.REQ.HEADER(\"If-Unmodified-Since\").EXISTS" -action NOCACHE
add cache policy _personalizedReq -rule "HTTP.REQ.HEADER(\"Cookie\").EXISTS || HTTP.REQ.HEADER(\"Authorization\").EXISTS || HTTP.REQ.HEADER(\"Proxy-Authorization\").EXISTS || HTTP.REQ.IS_NTLM_OR_NEGOTIATE" -action MAY_NOCACHE
add cache policy _uncacheableStatusRes -rule "! ((HTTP.RES.STATUS.EQ(200)) || (HTTP.RES.STATUS.EQ(304)) || (HTTP.RES.STATUS.BETWEEN(400,499)) || (HTTP.RES.STATUS.BETWEEN(300, 302)) || (HTTP.RES.STATUS.EQ(307))|| (HTTP.RES.STATUS.EQ(203)))" -action NOCACHE
add cache policy _uncacheableCacheControlRes -rule "((HTTP.RES.CACHE_CONTROL.IS_PRIVATE) || (HTTP.RES.CACHE_CONTROL.IS_NO_CACHE) || (HTTP.RES.CACHE_CONTROL.IS_NO_STORE) || (HTTP.RES.CACHE_CONTROL.IS_INVALID))" -action NOCACHE
add cache policy _cacheableCacheControlRes -rule "((HTTP.RES.CACHE_CONTROL.IS_PUBLIC) || (HTTP.RES.CACHE_CONTROL.IS_MAX_AGE) || (HTTP.RES.CACHE_CONTROL.IS_MUST_REVALIDATE) || (HTTP.RES.CACHE_CONTROL.IS_PROXY_REVALIDATE) || (HTTP.RES.CACHE_CONTROL.IS_S_MAXAGE))" -action CACHE -storeInGroup DEFAULT
add cache policy _uncacheableVaryRes -rule "((HTTP.RES.HEADER(\"Vary\").EXISTS) && ((HTTP.RES.HEADER(\"Vary\").INSTANCE(1).LENGTH > 0) || (!HTTP.RES.HEADER(\"Vary\").STRIP_END_WS.SET_TEXT_MODE(IGNORECASE).eq(\"Accept-Encoding\"))))" -action NOCACHE
add cache policy _uncacheablePragmaRes -rule "HTTP.RES.HEADER(\"Pragma\").EXISTS" -action NOCACHE
add cache policy _cacheableExpiryRes -rule "HTTP.RES.HEADER(\"Expires\").EXISTS" -action CACHE -storeInGroup DEFAULT
add cache policy _imageRes -rule "HTTP.RES.HEADER(\"Content-Type\").SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"image/\")" -action CACHE -storeInGroup DEFAULT
add cache policy _personalizedRes -rule "HTTP.RES.HEADER(\"Set-Cookie\").EXISTS || HTTP.RES.HEADER(\"Set-Cookie2\").EXISTS" -action NOCACHE
add cache policy ctx_images -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS_INDEX(\"ctx_file_extensions\").BETWEEN(101,150)" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_web_css -rule "HTTP.REQ.URL.ENDSWITH(\".css\")" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_doc_pdf -rule "HTTP.REQ.URL.ENDSWITH(\".pdf\")" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_web_JavaScript -rule "HTTP.REQ.URL.ENDSWITH(\".js\")" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_web_JavaScript-Res -rule "HTTP.RES.HEADER(\"Content-Type\").CONTAINS(\"application/x-javascript\")" -action CACHE -storeInGroup ctx_cg_poc
add cache policy ctx_NOCACHE_Cleanup -rule TRUE -action NOCACHE
add cache policylabel _reqBuiltinDefaults -evaluates REQ
add cache policylabel _resBuiltinDefaults -evaluates RES
bind cache policylabel _reqBuiltinDefaults -policyName _nonGetReq -priority 100 -gotoPriorityExpression END
bind cache policylabel _reqBuiltinDefaults -policyName _advancedConditionalReq -priority 200 -gotoPriorityExpression END
bind cache policylabel _reqBuiltinDefaults -policyName _personalizedReq -priority 300 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _uncacheableStatusRes -priority 100 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _uncacheableVaryRes -priority 200 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _uncacheableCacheControlRes -priority 300 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _cacheableCacheControlRes -priority 400 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _uncacheablePragmaRes -priority 500 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _cacheableExpiryRes -priority 600 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _imageRes -priority 700 -gotoPriorityExpression END
bind cache policylabel _resBuiltinDefaults -policyName _personalizedRes -priority 800 -gotoPriorityExpression END
bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type REQ_DEFAULT -invoke policylabel _reqBuiltinDefaults
bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type RES_DEFAULT -invoke policylabel _resBuiltinDefaults
set ns encryptionParams -method AES256 -keyValue 8700c92e2700bfe02bc47310d59a10208b9ae292eacf33750fd246b86f4e3a471b7c92316ee95d257efbb62ef849a0e7194914c4e2a215ab71a1846ba24275185dd533c423b7d57c82a10ef6cf6b633d -encrypted -encryptmethod ENCMTHD_3
bind lb vserver LB-VS-PHOTONCTLR-API-SSL SVC-PHOTON-PHOTONCTRL1-API-SSL
bind lb vserver LB-VS-PHOTONCTLR-API-SSL SVC-PHOTON-PHOTONCTRL2-API-SSL
bind lb vserver LB-VS-PHOTONCTLR-API-SSL SVC-PHOTON-PHOTONCTRL3-API-SSL
bind lb vserver LB-VS-LIGHTWAVE-SSL SVC-LIGHTWAVE-LIGHTWAVE1-SSL
bind lb vserver LB-VS-LIGHTWAVE-SSL SVC-LIGHTWAVE-LIGHTWAVE2-SSL
bind lb vserver LB-VS-PHOTONCTLR-MGMT-UI-SSL SVC-PHOTON-PHOTONCTRL1-MGMTUI-SSL
bind lb vserver LB-VS-PHOTONCTLR-MGMT-UI-SSL SVC-PHOTON-PHOTONCTRL2-MGMTUI-SSL
bind lb vserver LB-VS-PHOTONCTLR-MGMT-UI-SSL SVC-PHOTON-PHOTONCTRL3-MGMTUI-SSL
bind cs vserver CS-PHOTONCTLR-API-SSL -policyName RWP-INSERT-X-FORWARDED-PROTO -priority 100 -gotoPriorityExpression NEXT -type REQUEST
bind cs vserver CS-PHOTONCTLR-API-SSL -policyName RWP-PHOTONPLATFORM-REWRITE-API-LW -priority 100 -gotoPriorityExpression NEXT -type RESPONSE
bind cs vserver CS-PHOTONCTLR-API-SSL -policyName RWP-ENFORCE-STS-HEADER -priority 110 -gotoPriorityExpression END -type RESPONSE
bind cs vserver CS-PHOTONCTLR-API-SSL -policyName RSP-REDIRECT-API-TO-MGMTUI -priority 100 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS-PHOTONCTLR-API-SSL -lbvserver LB-VS-PHOTONCTLR-API-SSL
bind cs vserver CS-LIGHTWAVE-SSL -policyName RWP-ENFORCE-STS-HEADER -priority 100 -gotoPriorityExpression NEXT -type RESPONSE
bind cs vserver CS-LIGHTWAVE-SSL -lbvserver LB-VS-LIGHTWAVE-SSL
bind cs vserver CS-PHOTONCTLR-MGMT-UI-SSL -policyName RWP-INSERT-X-FORWARDED-PROTO -priority 100 -gotoPriorityExpression NEXT -type REQUEST
bind cs vserver CS-PHOTONCTLR-MGMT-UI-SSL -policyName RWP-PHOTONPLATFORM-REWRITE-EXTERNAL-LW -priority 100 -gotoPriorityExpression NEXT -type RESPONSE
bind cs vserver CS-PHOTONCTLR-MGMT-UI-SSL -policyName RWP-PHOTONPLATFORM-REWRITE-REDIRECTURI -priority 110 -gotoPriorityExpression NEXT -type RESPONSE
bind cs vserver CS-PHOTONCTLR-MGMT-UI-SSL -policyName RWP-ENFORCE-STS-HEADER -priority 120 -gotoPriorityExpression NEXT -type RESPONSE
bind cs vserver CS-PHOTONCTLR-MGMT-UI-SSL -lbvserver LB-VS-PHOTONCTLR-MGMT-UI-SSL
add dns nameServer 192.168.88.10
set ns diameter -identity netscaler.com -realm com
set subscriber gxInterface -pcrfRealm pcrf.com -holdOnSubscriberAbsence YES -revalidationTimeout 900 -servicePathAVP 262099 -servicePathVendorid 3845
set ns tcpbufParam -memLimit 400
set dns parameter -dns64Timeout 1000
add dns nsRec . a.root-servers.net -TTL 3600000
add dns nsRec . b.root-servers.net -TTL 3600000
add dns nsRec . c.root-servers.net -TTL 3600000
add dns nsRec . d.root-servers.net -TTL 3600000
add dns nsRec . e.root-servers.net -TTL 3600000
add dns nsRec . f.root-servers.net -TTL 3600000
add dns nsRec . g.root-servers.net -TTL 3600000
add dns nsRec . h.root-servers.net -TTL 3600000
add dns nsRec . i.root-servers.net -TTL 3600000
add dns nsRec . j.root-servers.net -TTL 3600000
add dns nsRec . k.root-servers.net -TTL 3600000
add dns nsRec . l.root-servers.net -TTL 3600000
add dns nsRec . m.root-servers.net -TTL 3600000
add dns addRec k.root-servers.net 193.0.14.129 -TTL 3600000
add dns addRec l.root-servers.net 199.7.83.42 -TTL 3600000
add dns addRec a.root-servers.net 198.41.0.4 -TTL 3600000
add dns addRec b.root-servers.net 192.228.79.201 -TTL 3600000
add dns addRec c.root-servers.net 192.33.4.12 -TTL 3600000
add dns addRec d.root-servers.net 199.7.91.13 -TTL 3600000
add dns addRec m.root-servers.net 202.12.27.33 -TTL 3600000
add dns addRec i.root-servers.net 192.36.148.17 -TTL 3600000
add dns addRec j.root-servers.net 192.58.128.30 -TTL 3600000
add dns addRec g.root-servers.net 192.112.36.4 -TTL 3600000
add dns addRec h.root-servers.net 198.97.190.53 -TTL 3600000
add dns addRec e.root-servers.net 192.203.230.10 -TTL 3600000
add dns addRec f.root-servers.net 192.5.5.241 -TTL 3600000
set lb monitor ldns-dns LDNS-DNS -query . -queryType Address
set lb monitor stasecure CITRIX-STA-SERVICE -interval 2 MIN
set lb monitor sta CITRIX-STA-SERVICE -interval 2 MIN
add lb monitor MON-PHOTONCRTL-API HTTP-ECV -send "GET /v1/available" -recv "{}" -LRTM DISABLED -interval 15 -resptimeout 10 -destPort 9000 -secure YES
add lb monitor MON-LIGHTWAVE-HTTPS HTTP-ECV -send "HEAD /" -LRTM DISABLED -interval 30 -resptimeout 10 -secure YES
bind service SVC-PHOTON-PHOTONCTRL3-MGMTUI-SSL -monitorName MON-PHOTONCRTL-API
bind service SVC-PHOTON-PHOTONCTRL3-API-SSL -monitorName MON-PHOTONCRTL-API
bind service SVC-PHOTON-PHOTONCTRL2-API-SSL -monitorName MON-PHOTONCRTL-API
bind service SVC-PHOTON-PHOTONCTRL2-MGMTUI-SSL -monitorName MON-PHOTONCRTL-API
bind service SVC-LIGHTWAVE-LIGHTWAVE2-SSL -monitorName MON-LIGHTWAVE-HTTPS
bind service SVC-PHOTON-PHOTONCTRL1-API-SSL -monitorName MON-PHOTONCRTL-API
bind service SVC-PHOTON-PHOTONCTRL1-MGMTUI-SSL -monitorName MON-PHOTONCRTL-API
bind service SVC-LIGHTWAVE-LIGHTWAVE1-SSL -monitorName MON-LIGHTWAVE-HTTPS
add route 0.0.0.0 0.0.0.0 192.168.88.1
set ssl parameter -defaultProfile ENABLED
set ssl service SVC-PHOTON-PHOTONCTRL3-MGMTUI-SSL -sslProfile ns_default_ssl_profile_backend
set ssl service SVC-PHOTON-PHOTONCTRL3-API-SSL -sslProfile ns_default_ssl_profile_backend
set ssl service SVC-PHOTON-PHOTONCTRL2-API-SSL -sslProfile ns_default_ssl_profile_backend
set ssl service SVC-PHOTON-PHOTONCTRL2-MGMTUI-SSL -sslProfile ns_default_ssl_profile_backend
set ssl service SVC-LIGHTWAVE-LIGHTWAVE2-SSL -sslProfile ns_default_ssl_profile_backend
set ssl service SVC-PHOTON-PHOTONCTRL1-API-SSL -sslProfile ns_default_ssl_profile_backend
set ssl service SVC-PHOTON-PHOTONCTRL1-MGMTUI-SSL -sslProfile ns_default_ssl_profile_backend
set ssl service SVC-LIGHTWAVE-LIGHTWAVE1-SSL -sslProfile ns_default_ssl_profile_backend
set ssl service nsrnatsip-127.0.0.1-5061 -sslProfile ns_default_ssl_profile_frontend
set ssl service nskrpcs-127.0.0.1-3009 -sslProfile ns_default_ssl_profile_frontend
set ssl service nshttps-::1l-443 -sslProfile ns_default_ssl_profile_frontend
set ssl service nsrpcs-::1l-3008 -sslProfile ns_default_ssl_profile_frontend
set ssl service nshttps-127.0.0.1-443 -sslProfile ns_default_ssl_profile_frontend
set ssl service nsrpcs-127.0.0.1-3008 -sslProfile ns_default_ssl_profile_frontend
set ssl vserver LB-VS-PHOTONCTLR-API-SSL -sslProfile FrontEnd-Secure
set ssl vserver LB-VS-LIGHTWAVE-SSL -sslProfile FrontEnd-Secure
set ssl vserver LB-VS-PHOTONCTLR-MGMT-UI-SSL -sslProfile FrontEnd-Secure
set ssl vserver CS-PHOTONCTLR-API-SSL -sslProfile FrontEnd-Secure
set ssl vserver CS-LIGHTWAVE-SSL -sslProfile FrontEnd-Secure
set ssl vserver CS-PHOTONCTLR-MGMT-UI-SSL -sslProfile FrontEnd-Secure
set vpn parameter -forceCleanup none -clientConfiguration all
bind tm global -policyName SETTMSESSPARAMS_ADV_POL -priority 65534 -gotoPriorityExpression NEXT
add ssl cipher custom-Secure-Cipher
bind ssl cipher custom-Secure-Cipher -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
bind ssl cipher custom-Secure-Cipher -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
bind ssl cipher custom-Secure-Cipher -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384
bind ssl cipher custom-Secure-Cipher -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256
bind ssl cipher custom-Secure-Cipher -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher custom-Secure-Cipher -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher custom-Secure-Cipher -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384
bind ssl cipher custom-Secure-Cipher -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256
bind ssl cipher custom-Secure-Cipher -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher custom-Secure-Cipher -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher custom-Secure-Cipher -cipherName TLS1-AES-256-CBC-SHA
bind ssl cipher custom-Secure-Cipher -cipherName TLS1-AES-128-CBC-SHA
bind ssl profile ns_default_ssl_profile_frontend -eccCurveName P_256
bind ssl profile ns_default_ssl_profile_frontend -eccCurveName P_384
bind ssl profile ns_default_ssl_profile_frontend -eccCurveName P_224
bind ssl profile ns_default_ssl_profile_frontend -eccCurveName P_521
bind ssl profile FrontEnd-Secure -eccCurveName P_256
bind ssl profile FrontEnd-Secure -eccCurveName P_384
bind ssl profile FrontEnd-Secure -eccCurveName P_224
bind ssl profile FrontEnd-Secure -eccCurveName P_521
bind ssl profile FrontEnd-Secure -cipherName custom-Secure-Cipher -cipherPriority 1
bind ssl service nsrnatsip-127.0.0.1-5061 -certkeyName ns-server-certificate
bind ssl service nskrpcs-127.0.0.1-3009 -certkeyName ns-server-certificate
bind ssl service nshttps-::1l-443 -certkeyName ns-server-certificate
bind ssl service nsrpcs-::1l-3008 -certkeyName ns-server-certificate
bind ssl service nshttps-127.0.0.1-443 -certkeyName ns-server-certificate
bind ssl service nsrpcs-127.0.0.1-3008 -certkeyName ns-server-certificate
bind ssl vserver LB-VS-PHOTONCTLR-API-SSL -certkeyName PhotonPlatform
bind ssl vserver LB-VS-LIGHTWAVE-SSL -certkeyName Lightwave
bind ssl vserver LB-VS-PHOTONCTLR-MGMT-UI-SSL -certkeyName PhotonPlatform
bind ssl vserver CS-PHOTONCTLR-API-SSL -certkeyName PhotonPlatform
bind ssl vserver CS-LIGHTWAVE-SSL -certkeyName Lightwave
bind ssl vserver CS-PHOTONCTLR-MGMT-UI-SSL -certkeyName PhotonPlatform
set L3Param -icmpErrGenerate DISABLED
add appfw JSONContentType "^application/json$" -isRegex REGEX
add appfw XMLContentType ".*/xml" -isRegex REGEX
add appfw XMLContentType ".*/.*\\+xml" -isRegex REGEX
add appfw XMLContentType ".*/xml-.*" -isRegex REGEX
set ip6TunnelParam -srcIP ::
set ptp -state ENABLE
set ns param -timezone "GMT+10:00-EST-Australia/Brisbane"