A Citrix Administrator blocks traffic from IP 10.102.29.5 with a simple ACL. After a week, the ACL is no longer present on the NetScaler. What could be the reason?

• A. The administrator did NOT run the apply ACL command.
• B. The NetScaler has been restarted without saving the configurations.
• C. The Simple ACLs remain active for only 600 seconds.
• D. The Simple ACLs remain active for only 60 seconds.

Answer: (B)

The important idea here is that configuration changes on Citrix ADC are made in memory as part of the running configuration and are not saved automatically. Simple ACLs, like other NetScaler configurations, stay active while the device is running, but they will be lost if the device restarts and the running config hasn’t been saved to the startup configuration.

So, if a block was in place for a week and then disappeared after a reboot, it points to the configurations not having been saved before the restart. When the NetScaler boots, it loads the startup configuration, which doesn’t include the unsaved ACL, resulting in the block no longer being present.

This isn’t due to the ACL never being applied (if it hadn’t been applied, it wouldn’t have blocked traffic in the first place), and Simple ACLs don’t have a built-in short-lived timeout like 600 or 60 seconds. To prevent this in the future, save the running configuration to startup after applying changes (for example, using the appropriate save command in the CLI or the GUI) and verify the ACL is present after a save.