Tag: Network management
New post from (Zabbix 5.x SQL Injection / Cross Site Scripting) has been publis… – Bug Bounty Tips
Related:
Citrix SSL Forward proxy’s Default authorization is to ALLOW ANY instead of DENY ANY
While Citrix Development team is working on an enhancement request to make the DEFAULT Authorization as DENY ANY, We have a workaround as shown in the below configuration snippet to achieve the same requirement (i.e Default DENY ANY)
Sample Configuration Snippet:
———————————————-
The below configuration will take care of all requests that come in with a port value in the URL or HOST Header and Deny the access if the destination ports are not with :443 or :80
NOTE: Like port :443 or :80 mentioned in the below patset, You can also add the “ : <port number>“ in patset which is required to be allowed via Citrix ADC Proxy.
> add patset allowed_ports
> bind policy patset allowed_ports “:443”
> bind policy patset allowed_ports “:80”
>add responder policy web only ‘(HTTP.REQ.HOSTNAME.PORT.LENGTH.GT(1) && HTTP.REQ.HOSTNAME.PORT.EQUALS_ANY(“allowed_ports”).NOT) || (HTTP.REQ.URL.HOSTNAME.PORT.LENGTH.GT(1) && HTTP.REQ.URL.HOSTNAME.PORT.EQUALS_ANY(“allowed_ports”).NOT)’ RESET
> bind cs vs SSL-FORWARDPROXY Vserver -policyname web_only -priority 10
Related:
Nagios Xi Sql Password
Related:
FIPS Appliance Error “Enabling of TLSv1.1/1.2 is not supported on this entity/platform”
Citrix Secure Web Gateway, formerly NetScaler Secure Web Gateway
1- From GUI or CLI, when trying to enable TLSv1.1 and TLSv1.2 getting error “Enabling of TLSv1.1/1.2 is not supported on this entity/platform”
Related:
Workspace App for IOS – Error ‘EAP is activated and not supported on IOS’ when connecting through Netscaler Gateway
Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.
Users are unable to connect using Workspace App for iOS through Netscaler Gateway. The connection with Windows, Mac OS works with the Workspace app. Receiver for iOS also works correctly. If the manual configuration with the URL https://baseurl/citrix/store/discovery is used, the error message: “EAP is activated and not supported on IOS”. EAP isn’t used on this Gateway. If we use the automatic configuration with the baseURL the following error message is displayed: “Cannot add account” “All stores in the discovery document have been loaded”. In both scenarios it failes to add the account.
Related:
After NetScaler Software Upgrade users get error message “Citrix gateway plug-in for java is not supported” on all Web browsers but IE.
After upgrading NetScaler software to 13.0 7+
This is the error message users will see on web browsers:
Citrix Gateway
Citrix gateway plug-in for java is not supported. For further help or information, contact your help desk or system administrator.
Related:
Error: “Your apps are not available at this time. Please try again in a few minutes or contact your help desk with this information: Cannot contact Store”
Command line installation (CLI) is not support for NetScaler URL. But, there are 3 options available that may be helpful.
1. Export store provisioning files for users https://docs.citrix.com/en-us/storefront/2-6/dws-manage/dws-manage-store/dws-export-file.html
2. Configuring NetScaler Gateway Store via GPO https://docs.citrix.com/en-us/receiver/windows/4-5/configure/receiver-windows-configure-app-delivery-wrapper.html#par_anchortitle_80df
3. Connecting to StoreFront by Using Email-Based Discovery http://docs.citrix.com/en-us/netscaler-gateway/10-1/ng-xa-xd-integration-edocs-landing/ng-clg-integration-wrapper-con/ng-clg-session-policies-overview-con/ng-clg-storefront-policies-con/ng-clg-storefront-email-discovery-tsk.html From the end-users perspective email discovery may be easiest. But requires support configuration of DNS entry and other configuration as noted in documentation. The export store provisioning file is easy to generate file in StoreFront, but requires user to open .CR file (it’s an XML file that is FTA with Receiver) and accept configuration (click “yes* button) and certificate accept dialog may display. So, it requires some user interaction and depends on end-user training even if the training is minimal. The GPO push of NetScaler URL (Configuring NetScaler Gateway Store via GPO) requires users to be connected to the domain to receive policy and configuration.
docs.citrix.com/en-us/netscaler-gateway/10-1/ng-xa-xd-integration-edocs-landing/ng-clg-integration-wrapper-con/ng-clg-session-policies-overview-con/ng-clg-storefront-policies-con/ng-clg-storefront-email-discovery-tsk.html
Related:
Workspace App for IOS – Error 'EAP is activated and not supported on IOS' when connecting through Netscaler Gateway
Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.
Users are unable to connect using Workspace App for iOS through Netscaler Gateway. The connection with Windows, Mac OS works with the Workspace app. Receiver for iOS also works correctly. If the manual configuration with the URL https://baseurl/citrix/store/discovery is used, the error message: “EAP is activated and not supported on IOS”. EAP isn’t used on this Gateway. If we use the automatic configuration with the baseURL the following error message is displayed: “Cannot add account” “All stores in the discovery document have been loaded”. In both scenarios it failes to add the account.
Related:
Error while downloding the Citrix Gateway Plugin from Downloads Tab of ADC : Forbidden you don't have permission to access
Follow the below steps:
With 13.0 build 41.20:
===================
1) Copy 13.0 build 41.20 package to /var/nsinstall via CLI.
2) Extracted the package directly under /var/nsinstall ( NOTE: No need to create any directory under /var/nsinstall to save Citrix ADC firmware package)
3) Ran ./installns
RESULT: Access the NetScaler through GUI > Download Tab > Clicked on “ Download Citrix Gateway Plug-in for Mac OS X” or “Download Citrix Gateway Plug-in for Windows” > Should be able to download the files
MAC or Vista Folder found under : / var/netscaler/gui/vpns/scripts/
Work-Around for build blow 13.0
==========================
Upgrade or Downgrade through CLI by creating a folder under /var/nsinstall or upgrade or downgrade Citrix ADC firmware prior to 13.0 via GUI.