NetScaler Times newsletter for Week 14 - 2024

13.0 Gateway Firmware EOL is July 2024 rather than May...

Hello Everyone

It’s Andrew again over at Cloud Software Group. One thing I've noticed in my role is the steady stream of questions about NetScaler. This update aims to provide you with valuable pointers to keep you up-to-date and ahead of the curve! 🚀

I would greatly appreciate your continued engagement and feedback, my contact details are at the bottom of this newletter.

Agenda for this week:

1. Build status and updates

2. Support and Security Bulletins.

3. NetScaler Community & Labs site

4. Feedback on this newsletter

1. Build status and updates

The details for the various builds have been summarized below, as this helps plan for new releases in your environment. Starting from 13.1 there will be the following:

1. Firmware will have a 3-year upgrade cycle, where new features are added, called the ‘Feature Phase’.

2. The ‘Maintenance Phase’ then starts, and it is then supported for another 3 years with bug fixes and security updates.

3. There will then be 1 year of extended support with security fixes only. The expectation is to use this time to move off before the EOL for the firmware.

Typically, the guidance for NetScaler & NetScaler Console(ADM) build releases is that the Management platform needs to be the same or newer than the NetScaler(s) that it manages. I typically, go with the latest for NetScaler Console.

The NetScaler has multiple form factors to support different environments. NetScaler is built on a single operating system with a software-based architecture, so the behaviour will be the same no matter which is used — hardware, virtual machine, bare metal, or container.

Current Build Versions:

No build changes for this week.

13.0 Gateway firmware EOL

There was a note on the end of life of Gateway running 13.0, as stated above, the main ‘Life Cycle Matrix website has a mistake on it (linked here) where it suggests May is the EOL date. I’m sure it will get updated soon.

2. Support and Security bulletins

These are the latest articles on the support portal knowledgebase, sorted by modified date. Here are the 7 most articles (IMO). The site is located here.

Security updates:

• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

  NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

  Modified: 19 Jan 2024 | NetScaler,NetScaler Gateway

  Anil Shetty added a Blog with some extra details: That follow-up is here

• Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491

  Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491

  Modified: 09 Feb 2024 | NetScaler,NetScaler Gateway

• Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492

  Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492

  Modified: 09 Feb 2024 | NetScaler,NetScaler Gateway

Support Docs:

• Unable to change ciphers or SSL parameters on SSL Bridge virtual server.

  Unable to change ciphers or SSL parameters on SSL Bridge virtual server.

  Modified: 03 Apr 2024 | NetScaler,NetScaler Gateway

• NITRO API commands not working, request times out.

  NITRO API commands not working, request times out.

  Modified: 02 Apr 2024 | NetScaler,NetScaler Gateway

• Delete first entry from URL path using responder

  In this example, the `HTTP.REQ.URL.PATH_AND_QUERY.AFTER_STR("/firstentry").HTTP_URL_SAFE` expression gets the part of the URL after "/firstentry",  and the `HTTP.REQ.URL.PATH_AND_QUERY.BEFORE_STR("/").EQ("/firstentry")` expression matches URLs that have "/firstentry" as the first entry in the path. Created a responder policy and bound to virtual server.

  Modified: 29 Mar 2024 | NetScaler,NetScaler Gateway

• How disk space /var is allocated for VPX provisioned on SDX

  This article gives information on how the /var partition space is allocated when we provision VPX on SDX

  Modified: 26 Mar 2024 | NetScaler,NetScaler Gateway

4. Events & Labs

Events

There are four events for April

10 April

In today's dynamic threat landscape, securing NetScaler Gateway and Authentication vservers is paramount to safeguarding sensitive data and maintaining regulatory compliance. NetScaler WAF (Web Application Firewall) and API Security Solution offer robust protection against a wide range of cyber threats, including OWASP Top 10 vulnerabilities, API attacks, and DDoS attacks.

Join us for an interactive webinar session showcasing a solution on below:

• Enabling native WAF protection & API Security for NetScaler Gateway/AAA

  • Deploying relaxation/by-pass lists

• Monitor malicious requests to NetScaler Gateway/AAA on NetScaler Console

• Future roadmap for Gateway protections

The event page is here

17 April

NetScaler Next-Gen API is a powerful modern RESTful API that allows you to programmatically configure NetScaler simply and intuitively. It is based on a declarative, desired state and application-centric interface, and aims to abstract away and simplify many of the low-level complexity of traditional NetScaler configurations, making it more suitable to application developers even those who are not networking or ADC experts.

In this demo, our NetScaler experts will cover: 

• Core Principles of Next-Gen API and The Next-Gen Config Model

• How Next-Gen API simplifies application configuration management using just a couple of APIs.

• How to configure a simple Load Balancing configuration using a single Next-Gen API

• How to configure an advanced Content-Switching configuration using a single Next-Gen API

The event page is here

25 April - NetScaler Connect Monthly Webinar-APJ/EMEA/Americas (it runs at two different times to cover the areas)

In this webinar, our NetScaler experts will cover:

1. Support to configure the export of NetScaler metrics to Prometheus from NetScaler Console

2. Core NetScaler ADC performance and security updates:

   1. SSL Profile Converter tool 

   2. BBR Congestion Control algorithm for TCP

3. NetScaler automation toolkit updates

4. Support Assist: NetScaler SNIP port allocation algorithm

The APJ/EMEA event page is here

The Americas event page is here

Labs

Go here for the hands-on labs. Link

5. Feedback for this newsletter

Naturally, if something you feel should be added/removed or called out, drop me a note; Andrew.Scott@cloud.com. Any mistakes are all mine.

I would be happy to get feedback on what you could do with seeing more of or what you find hard to set up. You can get all the previous newsletters plus other articles here:

Have a great week!