NOTICE of STATUS CHANGE ANNOUNCEMENT FOR CITRIX ADC (formerly NetScaler ADC) Traffic Domain BASED FEATURES & FUNCTIONALITIES

Citrix Systems, Inc. announces a Notice of Status Change (NSC) for Citrix ADC Traffic Domain features and functionalities. Table 1 below explains Citrix ADC life cycle management milestones as well as important information about dates and options during this period. The dates and milestones provided are in accordance with stated End of Life/End of Support policies for Citrix Systems, Inc.

Table 1. Milestones and Dates for Citrix ADC Traffic Domain features & functionalities

Milestone Definition Date/Release
Notice of Status Change The NSC date is the date on which Citrix announces the intent to initiate the lifecycle management process for Traffic Domain. Sep 1st, 2021
Feature Deprecation The dates on which these features and capabilities will be deprecated. Users will be warned to switch to the replacement features when using given build. Q3 2021 (next Citrix ADC GA release – 13.1)
Feature Removal The timeline from which these features will not be available. Q3 2023

Citrix ADC Features & Functionalities Affected

The features & functionalities affected by this announcement and their replacements are listed in Table 2 (below). The features & functionalities listed in the Feature Replacement column represent the migration path for these deprecated features/functionalities.

Table 2. Features & functionalities affected by this announcement

Feature Description Feature Replacement
Traffic Domain Admin Partition

Recommendations for Customers

Citrix recommends that all Citrix ADC customers take steps to switch from the deprecated features & functionalities to the corresponding replacements suggested in Table 2 above.

Tools to aid in migration from Traffic Domains to Admin Partitions are available at https://github.com/citrix/ADC-scripts/tree/master/td-to-ap

For More Information

Related:

  • No Related Posts

XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0-82.41+ or 12.1-62.23+

Please refer to the following Citrix ADC doc to enable SSO configuration for XenMobile Gateway Virtual server.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html

GUI Configuration Guide:

  • Part 1: Configure a traffic policy that enabled http SSO:

5. Navigate to Security > AAA – Application Traffic > Policies > Traffic, Select Traffic Profiles tab, and click Add.

  • Part 2: After configured traffic policy, please bind it to XenMobile Gateway Virtual Server.

Navigate to Citrix Gateway> Virtual Servers, select XenMobile Gateway and Edit.

image.png

Then Scroll DOWN to the bottom to find Policies section to add binding a traffic policy:

image.png
image.png
Select the traffic policy we just created, for example named as vpn_tf_pol, then bind it with a high Priority value like 63000

image.png

CLI Configuration Guide:

Demo configuration commands follows:

//Creating traffic policy with SSO enabled

add vpn trafficaction vpn_tf_act http -SSO ON

add vpn trafficpolicy vpn_tf_pol true vpn_tf_act

//Binding traffic policy to XenMobile Gateway Virtual server

bind vpn vserver _XM_XenMobileGateway -policy vpn_tf_pol -priority 63000

Related:

  • No Related Posts

XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0-82.41+ or 121.1-62.23+

Please refer to the following Citrix ADC doc to enable SSO configuration for XenMobile Gateway Virtual server.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html

GUI Configuration Guide:

  • Part 1: Configure a traffic policy that enabled http SSO:

5. Navigate to Security > AAA – Application Traffic > Policies > Traffic, Select Traffic Profiles tab, and click Add.

  • Part 2: After configured traffic policy, please bind it to XenMobile Gateway Virtual Server.

Navigate to Citrix Gateway> Virtual Servers, select XenMobile Gateway and Edit.

image.png

Then Scroll DOWN to the bottom to find Policies section to add binding a traffic policy:

image.png
image.png
Select the traffic policy we just created, for example named as vpn_tf_pol, then bind it with a high Priority value like 63000

image.png

CLI Configuration Guide:

Demo configuration commands follows:

//Creating traffic policy with SSO enabled

add vpn trafficaction vpn_tf_act http -SSO ON

add vpn trafficpolicy vpn_tf_pol true vpn_tf_act

//Binding traffic policy to XenMobile Gateway Virtual server

bind vpn vserver _XM_XenMobileGateway -policy vpn_tf_pol -priority 63000

Related:

  • No Related Posts

XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0-82.41+

Please refer to the following Citrix ADC doc to enable SSO configuration for XenMobile Gateway Virtual server.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html

GUI Configuration Guide:

  • Part 1: Configure a traffic policy that enabled http SSO:

5. Navigate to Security > AAA – Application Traffic > Policies > Traffic, Select Traffic Profiles tab, and click Add.

  • Part 2: After configured traffic policy, please bind it to XenMobile Gateway Virtual Server.

Navigate to Citrix Gateway> Virtual Servers, select XenMobile Gateway and Edit.

image.png

Then Scroll DOWN to the bottom to find Policies section to add binding a traffic policy:

image.png
image.png
Select the traffic policy we just created, for example named as vpn_tf_pol, then bind it with a high Priority value like 63000

image.png

CLI Configuration Guide:

Demo configuration commands follows:

//Creating traffic policy with SSO enabled

add vpn trafficaction vpn_tf_act http -SSO ON

add vpn trafficpolicy vpn_tf_pol true vpn_tf_act

//Binding traffic policy to XenMobile Gateway Virtual server

bind vpn vserver _XM_XenMobileGateway -policy vpn_tf_pol -priority 63000

Related:

  • No Related Posts

XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0

Please refer to the following Citrix ADC doc to enable SSO configuration for XenMobile Gateway Virtual server.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html

GUI Configuration Guide:

  • Part 1: Configure a traffic policy that enabled http SSO:

5. Navigate to Security > AAA – Application Traffic > Policies > Traffic, Select Traffic Profiles tab, and click Add.

  • Part 2: After configured traffic policy, please bind it to XenMobile Gateway Virtual Server.

Navigate to Citrix Gateway> Virtual Servers, select XenMobile Gateway and Edit.

image.png

Then Scroll DOWN to the bottom to find Policies section to add binding a traffic policy:

image.png
image.png
Select the traffic policy we just created, for example named as vpn_tf_pol, then bind it with a high Priority value like 63000

image.png

CLI Configuration Guide:

Demo configuration commands follows:

//Creating traffic policy with SSO enabled

add vpn trafficaction vpn_tf_act http -SSO ON

add vpn trafficpolicy vpn_tf_pol true vpn_tf_act

//Binding traffic policy to XenMobile Gateway Virtual server

bind vpn vserver _XM_XenMobileGateway -policy vpn_tf_pol -priority 63000

Related:

  • No Related Posts

Users unable to relaunch the published applications, error “Citrix workspace will try to reconnect…”

Keep Alive policy settings:

https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/policies/reference/ica-policy-settings/keep-alive-policy-settings.html

Session reliability policy settings:

https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/policies/reference/ica-policy-settings/session-reliability-policy-settings.html

Session reliability on Citrix ADC high availability pair:

https://docs.citrix.com/en-us/citrix-adc/current-release/ns-ag-appflow-intro-wrapper-con/session-reliablility-on-citrix-adc-ha-pair.html

Related:

  • No Related Posts

Citrix SSL Forward proxy’s Default authorization is to ALLOW ANY instead of DENY ANY

As per current design the DEFAULT Authorization of Citrix SSL Forward proxy is ALLOW ANY instead of DENY ANY. Hence, filed an Enhancement request with Citrix Development team.

While Citrix Development team is working on an enhancement request to make the DEFAULT Authorization as DENY ANY, We have a workaround as shown in the below configuration snippet to achieve the same requirement (i.e Default DENY ANY)

Sample Configuration Snippet:

———————————————-

The below configuration will take care of all requests that come in with a port value in the URL or HOST Header and Deny the access if the destination ports are not with :443 or :80

NOTE: Like port :443 or :80 mentioned in the below patset, You can also add the “ : <port number>“ in patset which is required to be allowed via Citrix ADC Proxy.

> add patset allowed_ports

> bind policy patset allowed_ports “:443”

> bind policy patset allowed_ports “:80”

>add responder policy web only ‘(HTTP.REQ.HOSTNAME.PORT.LENGTH.GT(1) && HTTP.REQ.HOSTNAME.PORT.EQUALS_ANY(“allowed_ports”).NOT) || (HTTP.REQ.URL.HOSTNAME.PORT.LENGTH.GT(1) && HTTP.REQ.URL.HOSTNAME.PORT.EQUALS_ANY(“allowed_ports”).NOT)’ RESET

> bind cs vs SSL-FORWARDPROXY Vserver -policyname web_only -priority 10

Related:

  • No Related Posts

Update version release to replace Citrix ADC VPX 12.1-55.18 – Citrix Service Provider program

This article describes the release of solution build 12.1-55.237.

Solution

In accordance with license server certificate renewal, new build version of Citrix ADC* VPX (CSP) is released.

This build 12.1-55.237 is based on existing 12.1-55.18. Only license communication part is updated and other features are unchanged.

*) Former Netscaler

Applicable Products

Citrix ADC VPX 10 – Standard Edition for Service Providers

Citrix ADC VPX 50 – Standard Edition for Service Providers

Citrix ADC VPX 200 – Standard Edition for Service Providers

Citrix ADC VPX 1000 – Standard Edition for Service Providers

Citrix ADC VPX 3000 – Standard Edition for Service Providers

Related:

  • No Related Posts

Workspace App for IOS – Error ‘EAP is activated and not supported on IOS’ when connecting through Netscaler Gateway

This article is intended for Citrix administrators and technical teams only.

Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.

Users are unable to connect using Workspace App for iOS through Netscaler Gateway. The connection with Windows, Mac OS works with the Workspace app. Receiver for iOS also works correctly. If the manual configuration with the URL https://baseurl/citrix/store/discovery is used, the error message: “EAP is activated and not supported on IOS”. EAP isn’t used on this Gateway. If we use the automatic configuration with the baseURL the following error message is displayed: “Cannot add account” “All stores in the discovery document have been loaded”. In both scenarios it failes to add the account.

Related:

  • No Related Posts