When you create an SSL_BRIDGE Virtual Server (VIP) in NetScaler, there is no way to specify a Redirect URL (the field is grayed out). So if your back-end servers are down, there’s no way to specify an outage page. If you try to create a Responder policy as a workaround, you will be unable to bind it to the SSL_BRIDGE Virtual Server if it that policy contains anything other than a DROP or RESET action (http://discussions.citrix.com/topic/336769-ssl-bridge-virtual-server-response-when-down/).
You can, however, use a Listen Policy to deliver your outage page. Create a new SSL Virtual Server alongside the existing SSL_BRIDGE Virtual Server using the same IP address and port. (You can’t normally do this, but you can when you specify a Listen Policy on the Advanced tab.)
Example steps for setting up the new SSL Virtual Server in version 9.3 of the GUI (no changes are made to the existing SSL_BRIDGE Virtual Server):
- Add your new SSL Virtual Server using the same IP and same port as the existing SSL_BRIDGE Virtual Server
- Do not bind any Services to the new SSL Virtual Server (it will always be DOWN)
- Set http://outage_page.your_domain.com (or whatever you please) as the Redirect URL on the new SSL Virtual Server
- Bind a Listen Policy to the new SSL Virtual Server by setting a Listen Priority of 1 and a Listen Policy Rule of SYS.VSERVER(“ssl_bridge_virtual_server_name”).STATE.NE(up)
- Add the same SSL certificate that is bound to the SSL_BRIDGE Virtual Server to the new SSL Virtual Server
Click for larger image:
References: http://support.citrix.com/article/CTX139276 and http://support.citrix.com/proddocs/topic/ns-system-10-map/cb-br-aws-acc-encryp-mapi-smb-ssl-br-win-dom-tsk.html