NetScaler Times newsletter for Week 47 - 2024

Hello Everyone

It’s Andrew again over at Cloud Software Group. This NetScaler Times update aims to provide you with valuable pointers to keep you up-to-date! ??

I would greatly appreciate your continued engagement and feedback, my contact details are at the bottom of this newsletter. I say this as I sometimes make assumptions about what people know and that can lead to gaps in the notes below. :-)

High level agenda

• The NetScaler Times newsletter provides updates on the latest firmware builds, security bulletins, and upcoming events.
• It includes information on new features, bug fixes, and support for the latest OAuth Network Access Control (NAC) service endpoint.
• The newsletter also highlights upcoming webinars on topics such as NetScaler integration with Cisco Duo Universal Prompt and scaling and protecting Red Hat OpenShift deployments.
• Additionally, the newsletter provides links to support documentation and hands-on labs for users.
• Users are encouraged to provide feedback and suggestions for future content.

1. The latest firmware builds.

The details for the various builds have been listed below, as this helps plan for new releases in your environment. This support document has a lot more details on the various release cycles.

The NetScaler has multiple form factors to support different environments. NetScaler is built on a single operating system with a software-based architecture, so the behaviour will be the same no matter which is used — hardware, virtual machine, bare metal, or container.

Latest Build Versions:

There is a fair bit of red on the above chart, obviously security updates, tend to drive that. The Security section has the details for the CVE, with a link to the support doc.

NetScaler 13.1-55.34 code updates.

Support for the latest OAuth Network Access Control (NAC) service endpoint

The VPN virtual server now supports the latest OAuth NAC service endpoint. This support enables the end-to-end MDM functionality. For details see:Latest OAuth Network Access Control (NAC) service...

Display of line number of the command that caused an error in the NSPEPI tool

NSPEPI tool adds the line number of the command for which it threw the error in the warning file. You can now easily identify the command for which the NSPEPI tool gave an error by using the line number.

Support for validating duplicate HTTP headers in NetScaler

You can now set a maximum limit of 15 duplicate headers in HTTP profiles. If the number of duplicate headers for known header fields exceeds this limit, the connection will be terminated.

The Release notes are here

13.1 NDcPP build

There is a 13.1 build is still going through the evaluation process and was updated too last week.

NetScaler Certifications

There is now have a dedicated page on the NetScaler website with information on our product certifications, including FIPS for our public sector customers: Click me

What features are included with Standard, Advanced or Premium bundles?

Check this out..

NetScaler Feature Data sheet

Read full story

Which release should I use?

The release families are designed such that 14.1 has more elements changing with each update, hence the feature phase designation. There will be less changing in 13.1, so unless you need a capability only available in the 14.1 release, the advice is to choose 13.1 for most production deployments.

End Of Sale Appliances

These appliances are End of Sale (unavailable to buy new now), they will live and run for 5 more years from 2023, so four more from this year. The 26k-50s and 15k-50G FIPS will be EOS soon..:-(

EOL Appliances

Here is a table showing the significant EOL appliance events for the next 12 months. A common question about EOL is ‘Can I offer you some $ to extend this?’ Unfortunately, EOL is an absolute, there are no extensions.

2. GSLB Sync of ADNS records, delta sync too for config?

Question: I was asked last week about the options for GSLB sync, specifically if the ADNS records on one box would sync on to another NetScaler in another site. Also, how does sync actually work, does it dump all the changes to every site? Which could represent a lot of traffic.

Answer: In terms of the sync, sure some elements are synchronised as part of GSLB, but are those DNS record included? I ran up a lab and took a look. It turns out they are not, as DNS sits outside the GSLB module. In most cases the number of records is/are quite small, and a config job on NetScaler Console could get the job done.

In terms of config sync, we have delta changes pushed out, so a small change on site x will get updated on each site. This allows for minor traffic loading with an update. Magnus and Steven both offered some advice on best practise, there will be a set of articles to offer some of their suggestions if anyone thinks that might be handy?

3. Recent security bulletin

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535

CTX Number: CTX691608

Article Type: Security Bulletin: Created Date: 12/Nov/2024

Last Modified Date: 14/Nov/2024: Severity: High

Pre-requisites for CVE-2024-8534

The appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR The appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver)?OR The appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled

Pre-requisites for CVE-2024-8535

The appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR?The appliance must be configured as an Auth Server (AAA Vserver)? with KCDAccount configuration for Kerberos SSO to access backend resources

WAF Signatures

4. Support Docs

WAF Functionalities

• CTX568725 - Web Application Firewall is blocking a valid image upload
• CTX235668 - WAF Rules blocks traffic even though relaxation Rules are added

WAF Signature

• CTX492163 - Unable to update WAF Signatures "File too large"
• CTX138858 - Signature Auto Update Feature of Web Application Firewall
• CTX570604 - How to manually update Web Application Firewall Signatures

5. Events

It looks like there are six webinars for November! A bumper month…

Community Live Demo : Integrate the NetScaler Next-Gen API with your existing CLI and/or Nitro API workflows

13 November 2024, 4:00 PM ???? 4:30 PM

With the NetScaler Next-Gen API, an application-centric method of interacting with NetScaler was introduced. Adopting a new approach to NetScaler management requires time, and there will inevitably be individuals who favor utilizing the traditional system for system configuration and management.In this session, we will explore how to seamlessly integrate the NetScaler Next-Gen API with your existing CLI and/or Nitro API workflows. We will delve deeper into the Next-Gen API features that have been introduced with the latest NetScaler version.

The NetScaler experts will cover the following key areas:

1. Next-Gen with the Classic System (CLI, Nitro): Understanding the option to switch between Classic and Next-Gen configuration views.
2. Application Management Enhancements:

We will provide a live demonstration showcasing real-world scenarios and use cases where the Next-Gen API offers significant advantages.

Event page

Community Live Demo: Citrix Secure Private Access and Enterprise Browser

19 November 2024, 4:00 PM? 4:30 PM

Agenda:

• Introductions
• Citrix Enterprise Browser (CEB) and Secure Private Access (SPA) Overview
• End User Experience Demo
• Admin Experience Demo
• Q&A

Speakers:

• Christian Watson
• Daniel Larkin

The event page is here

Community Live Demo: Technical deep dive of NetScaler integration for Cisco Duo Universal prompt using oauth

20 November 2024, 4:00 PM ???? 4:30 PM

As a valued customer of Duo and NetScaler, you can now benefit from NetScaler’s native support for the Duo Universal Prompt. This new integration enhances your security experience by seamlessly incorporating Duo’s authentication prompt into your NetScaler environment, eliminating the need for a separate FAS deployment.

Join the NetScaler Live Demo, where the NetScaler experts will provide comprehensive insights and practical guidance on:

• Configuration Steps for Cisco Duo Universal Prompt: Learn how to set up and configure the Duo Universal Prompt within your Cisco Duo environment to ensure a smooth integration with NetScaler.
• Related Configuration on NetScaler: Understand the necessary configurations on NetScaler to fully support and optimize the Duo Universal Prompt integration.
• Live Demonstration: Watch a live demo showcasing the integration in action, highlighting key features and providing a step-by-step walkthrough of the setup process.

Event page

Community Live | What's new with NetScaler-APJ/EMEA | Nov 21

Community Live | What's new with NetScaler-Americas | Nov 21

21 November 2024, 8:30 AM ???? 9:30 AM

21 November 2024, 4:00 PM ???? 5:00 PM

In this monthly webinar, the NetScaler experts will cover:

1. Support Assist: Ability to add an extra management CPU? for a VPX hosted on SDX
2. WAF signature and binary fingerprinting
3. HTTP/3: QUIC Performance and Security Enhancements for the Modern Web

EMEA/APJ page

Americas page

Scaling and Protecting Red Hat OpenShift Deployments with NetScaler.

21 November 2024, 5:00 PM ???? 6:00 PM

Unlock High Availability and Resilience for Your OpenShift Applications with NetScaler

Modern OpenShift? applications must be highly available and resilient to meet the demands of your business. NetScaler, a certified Red Hat? partner, seamlessly integrates with Red Hat OpenShift to provide advanced load balancing, security, and traffic management for optimal performance, high availability, and secure access.

Join our webinar to discover how to:

• Simplify Multi-Cluster Ingress:?Provide a single, consistent Virtual IP to apps across multiple OpenShift clusters using NetScaler Multicluster Ingress.
• Ensure Global Application Access:?Distribute traffic to apps across geographically separated OpenShift clusters with NetScaler GSLB and Ingress Controller.
• See It in Action:?Watch a live demo of NetScaler's powerful Multicluster Ingress solution.
• Maximize OpenShift Performance:?Learn how NetScaler BLX on RHEL enhances your OpenShift environment.

The Event page is here

Labs

Go here for the hands-on labs. Link

6. Feedback for this newsletter

Naturally, if something you feel should be added/removed or called out, drop me a note; [email protected]. All mistakes are mine.

I would happily get feedback on what you could do with seeing more of or what you find hard to set up. You can get all the previous newsletters plus other articles here:

NetScaler Substack portal

Have a great week!