NetScaler Times newsletter for week 48

Build updates and other points to review.

13.1 Build Updates

Last week we saw a new build released, build 13.1.33.52. This is significant as it addresses the CVE’s highlighted in the following support document:

Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516

So, a big week!

What is new in the build?

New BOT-related expressions

New expressions are added and can be used when the BOT profile is configured in logging mode:

Citrix Gateway

When SmartControl is configured, session reliability is supported even if the corresponding authentication, authorization, and auditing session does not exist.

New default Web App Firewall profile

A new default profile, called core, is now available with core WAF protections. The following checks are enabled in the core profile.

Grammar-based SQL injection, Grammar-based CMD injection, XSS, BOF and block expressions

Custom keyword support for JSON payload

You can add keywords of your choice and check if these configured keywords are present in the JSON payload. If the configured keywords are detected in the incoming requests, you can configure the Citrix ADC appliance to block the requests, update the logs, or increment the log counters.

The advantage is that you can add keywords that are not covered in the SQL injection and command injection checks and therefore reduce the false positives.

Platform

• Handle dynamic NIC removal in Azure accelerated networking

  A Citrix ADC VPX instance can now seamlessly handle dynamic NIC removals and reattachment of the removed NICs in Azure accelerated networking.

• Support for Python 3.7

  The Citrix ADC appliance now supports Python 3.7 because Python 2.7 is deprecated.

SSL

• Support for recurrent notifications until certificate expiry

• Support for Thales Luna HSM on Intel Coleto and Intel Lewisburg-based platforms

  Thales Luna HSM is now supported on Citrix ADC Intel Coleto and Intel Lewisburg SSL chip-based platforms.

New articles over on the Developer forum

Steven Wright created a great read on how to ‘Rapidly migrate your NetScalers in under an hour using ADM’

Have you bought a new NetScaler with more throughput or is it time to refresh? Are you migrating from old NetScalers to new ones? Sounds difficult? Then you've stumbled across the right article. Installing new NetScalers into production and migrating services may seem like a complicated process, but once you know how to do it, it's much easier than you might think. This blog post will walk you through the steps needed.

read more here: Link

New Blogs: How NetScaler CPX License Aggregator simplifies CPX licensing in Kubernetes

Dhiraj has a great write-up on a new way to help admins license CPX instances:

NetScaler is a feature-rich application delivery controller that comes in various forms, including hardware (MPX), virtual (VPX), and containerized (CPX). The features NetScaler supports as well as its throughput capacity are usually unlocked by a license. The NetScaler Application Delivery Management (ADM) license server manages these NetScaler licenses and can be located in a separate network from the NetScalers.

read more here: Link

Have a great week!