It’s very important when setting up GSLB on NetScalers that the NAT between the public and private IP on the NetScaler SNIP is a full 1:1 and not a PAT. If the firewall is configured as a PAT only incoming traffic is NATed correctly. Outgoing traffic instead flows out the global NAT.
Also you must ensure that the GSLB/ADNS SNIP is utilized for default internet gateway routes. Otherwise outgoing traffic could go out the NSIP instead of your wanted SNIP during testing. So my preferred routing will use PBRs for Management NSIP and SNIP, Static Routes for internal subnets accessible on alternate internal SNIPs, and the default gateway to be the network with the GSLB/ADNS SNIP.
Once all that is configured you last need to verify that external communication is coming from the proper site. On GUI machines I usually just go to https://whatismyip.com. But can’t do that from the NetScaler shell. So instead I run this command.
host myip.opendns.com resolver1.opendns.com
That should respond back with your external NATed IP. If that differs from what you have configured, verify your NetScaler routing, and firewall config.