What’s new
September 26, 2023
Fixed Issues
The issues that are addressed in Build Sep 26, 2023.
一个nalytics
The periodic pruning of the App Dashboard data did not function as expected. As a result, NetScaler ADM consumed more disk space.
[ NSHELP-36184 ]
September 13, 2023
Infrastructure
一个uthentication token to upload technical support bundle
You now need an authentication token to upload the technical support bundle generated on your NetScaler to the Citrix technical support server. Previously, you uploaded the technical support bundle using Citrix user name and password. For more information, see如何生成一个技术支持包NetScaler instance。
[ NSADM-93351 ]
Fixed Issues
The issues that are addressed in Build Sep 13, 2023.
一个nalytics
NetScaler ADM失去虚拟服务器时表示“允许”es, the analytics status for the virtual servers using those licenses is expected to be disabled. This scenario was not working as expected for the VPN virtual servers.
[ NSHELP-36183 ]
Infrastructure
InGateway > HDX InsightandGateway > Gateway Insight, the X-axis of the graph displays dates instead of time.
[ NSHELP-36043 ]
Management and Monitoring
Reports exported fromInfrastructure > Network Reporting > Exportappear truncated or incomplete.
[ NSHELP-36252 ]
一个zure Active Directory (AD) users who belong to many Azure groups cannot access NetScaler ADM even if the AD groups are mapped to ADM groups.
[ NSHELP-35456 ]
一个ugust 31, 2023
Infrastructure
视图the Certificate Store page under SSL Dashboard
You can now navigate toInfrastructure > SSL Dashboard > Certificate Storeto view theCertificate Storepage.
[ NSADM-97858 ]
Support for SNMP functionality for NetScaler ADM agents
InInfrastructure > Agents > Actions > Manage SNMP, you can now create SNMP managers, SNMP users and SNMP views for agents.
For more information on SNMP managers and users, seeCreate SNMP managers and users for NetScaler ADM agent。
[ NSADM-94923 ]
用户体验和功能改善the Data Storage Management dashboard
To improve the user experience and make the data storage management more efficient, the following improvements are now available for theData Storage Managementdashboard:
- New UI design for the dashboard:
- 一个ddedData Ingestion,Storage Consumption,Data Pruning, and一个ctionstiles
- 一个ctionstile provides options to add more storage, review data retention policy, perform data pruning, and review your system notifications
- Search functionality inStorage Consumption Trendssection:
In addition to viewing the storage trends, you can now search for specific features and trends. - Perform data pruning:
- You can now select one or more features and prune their data to free up your storage
- You are entitled to 10 data prunes each month
For more information on the Data Storage Management dashboard, seeData Storage Management。
[ NSADM-93202 ]
Security
一个PI Gateway renamed to API Security
一个PI Gatewayis now renamed to一个PI Security。You can view the changes in the following pages:
- Security > API Security
- Security > API Security > API Analytics > Get help > API Security docs
- Settings > Users & Roles > Groups > Authorization Settings > API Security
- Settings > Users & Roles > Access Policies > Permissions > Security > API Security
[ NSADM-102384 ]
Fixed Issues
The issues that are addressed in Build August 31, 2023.
Management and Monitoring
- InInfrastructure > Network Reporting,the Network Reporting dashboard does not display any historical data in the virtual server reports. This issue is seen when you select a NetScaler HA pair inSelect Entitieswhile creating the dashboard.
[ NSHELP-36228 ]
一个ugust 11, 2023
Management and Monitoring
Security Advisory - File integrity monitoring
The NetScaler ADM Security Advisory now enables you to scan the NetScaler build files and view results of any alterations or additions to the original NetScaler build files.
In Security Advisory (Infrastructure > Instance Advisory > Security Advisory), theScan Nowoption enables you to selectScan CVEs,Scan Files, orScan Both。一个fter you selectScan FilesorScan both, NetScaler ADM compares the binary hash for managed NetScaler build files with the original binary hash values and highlights if there are any file alterations or file additions under theFile Integrity Monitoringtab.
The scan results showcase the NetScaler instances that have any potential changes to the original files and/or any other file additions. For further investigations on the scan results, you can contact your organization’s digital forensics.
For more information, seeSecurity Advisory。
[NSADM-91856]
一个ugust 09, 2023
Infrastructure
视图virtualization platform details for NetScaler VPX
InInfrastructure > Instances > NetScaler > VPX, you can now view the platform on which NetScaler VPX is hosted by selectingSettings > Cloud Platform。
[NSADM-97319]
Retry failed upgrade jobs
InInfrastructure > Upgrade Jobs, you can now select the failed upgrade job and do either of the following actions:
ClickRetrynext to the failed upgrade job
Go toSelect Action > Retry Upgrade Job
For more information, seeRetry failed upgrade jobs。
[NSADM-93439]
Security
Update an existing API definition
InSecurity > API Gateway > API Discovery, you can now update an existing API definition with selected API resources.
For more information, seeUpdate an existing API definition with discovered API endpoints。
[NSADM-97433]
Fixed Issues
The issues that are addressed in Build August 09, 2023.
Provisioning
The NetScaler VPX provision on VMware vCenter (Infrastructure > Instance > Citrix ADC > VPX > Provision) fails because of the same name that was used in the previously deleted VPX instance.
[NSHELP-35983]
StyleBooks
When you try to migrate an ADC configuration from a source ADC instance to a target instance in一个pplications > Configuration > Config Packs > Migrate ADC > Get Started > Specify Configuration, and clickNext, the following error message is displayed intermittently:
No Job found。
[NSADM-97948]
If you create a configpack from a StyleBook definition that has an authentication virtual server and built-in cache policy bindings, and then you delete the configpack, the deletion is successful. However, if you try to create the configpack again with the same parameters, the following error message appears:
Resource already exists。
[NSHELP-35646]
July 26, 2023
一个nalytics
Support to configure the export of metrics from NetScaler to Prometheus through StyleBook
To export metrics from NetScaler to Prometheus, you must create an analytics profile in NetScaler and specify the schema file. For more information, seeMonitoring NetScaler ADM, applications, and application security using Prometheus。
In一个pplications > Configuration > Stylebooks > Default Stylebook, you can now use thePrometheus TimeSeries Analytics ConfigurationStyleBook and run the configuration to all managed instances.
For more information, seePrometheus analytics StyleBook。
[NSADM-97698]
一个ssign a Net Profile for the managed NetScaler instances from NetScaler ADM
When you enable analytics for the virtual servers in NetScaler ADM, the AppFlow data from the NetScaler is exported to NetScaler ADM through the NetScaler subnet IP address (SNIP). In some scenarios, the SNIP might be blocked because of the firewall in the network. In such scenarios, you might have to use a different IP address than the SNIP. For more information about net profile, seeUse a specified source IP for back-end communication。
You can now assign net profiles to a NetScaler instance through NetScaler ADM. Navigate toInfrastructure > Instances > Citrix ADC, select the instance, and from theSelect Actionlist, clickConfigure Net Profilesto assign a net profile for the instance.
Note:
Ensure that you have disabled analytics in all virtual servers before you assign a net profile for the instance.
With this enhancement, you can assign a net profile for exporting AppFlow data from NetScaler to NetScaler ADM.
[NSADM-91836]
Infrastructure
Improved user experience when using CLI to configure NetScaler ADM agent as a proxy
When you try to register a NetScaler ADM agent to the NetScaler ADM service, the CLI now prompts you with (y/n) questions regarding the proxy usage.
You also have an option to configure the proxy in the same script, if needed.
[nsadm - 96921]
CLI support to view endpoint URLs while registering a NetScaler ADM agent
一个fter you enter a service URL in CLI while registering a NetScaler ADM agent with the NetScaler ADM service, you can view the list of all the endpoint URLs that must be allowed access.
[NSADM-96920]
StyleBooks
支持附加的属性s in StyleBooks analytics
The StyleBooks analytics section is now enhanced to:
一个ccept parameters to configure Transport Mode (
transport-mode)Configure HDX Insight for different types of traffic(
enable-hdxinsight-for)Enable HTTP X-Forwarded-For option (
http-x-forwarded-for)Enable Client side Measurements (
client-side-measurements)
For more information, seeStyleBooks Analytics。
[NSADM-97839]
July 18, 2023
Management and Monitoring
Support for identification and remediation of CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467
NetScaler ADM Security Advisory now supports the identification and remediation of CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467.
Identification of:
CVE-2023-3519 requires a combination of version and config scan.
CVE-2023-3466 and CVE-2023-3467 requires a version scan.
The remediation for CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467 requires an upgrade of the vulnerable NetScaler instance to a release and build that has the fix.
Note:
Security Advisory does not support NetScaler builds that have reached End of Life (EOL). We recommend you upgrade to the NetScaler supported builds or versions.
For more information on how to use NetScaler ADM to upgrade NetScaler instances, seeUse jobs to upgrade NetScaler instances。
For more information on how to remediate CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467, seeSecurity Bulletin。
Note:
It might take a couple of hours for the security advisory system scan to conclude and reflect the impact of CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467 in the security advisory module. To see the impact sooner, you can start an on-demand scan by clickingScan Now。
[ NSADM-100103 ]
July 12, 2023
Fixed issues
The issues that are addressed in Build July 12, 2023.
When you back up or restore a NetScaler instance, the
/var/metrics_confdirectory is not backed up.[ NSHELP-35724 ]
The deployment of configuration packs might fail when the StyleBook definition includes the
operationssection.[ NSHELP-35588 ]
July 03, 2023
一个nalytics
Configuration Job - Support to create a job for configuring export of metrics from NetScaler to Prometheus
To export metrics from NetScaler to Prometheus, you must create an analytics profile in NetScaler and specify the schema file. For more information, seeMonitoring NetScaler, applications, and application security using Prometheus。
InConfiguration Job, you can now create a job using theNSConfigurePrometheusAnalyticsProfiletemplate from theInbuilt Template, specify the required parameters, and run the job to all managed instances.
For more information, seeSchedule a job for configuring export of metrics from NetScaler to Prometheus。
[NSADM-97251]
Infrastructure
NetScaler ADM agent caches NetScaler images
The time taken for the NetScaler upgrade is now considerably reduced as the NetScaler images are cached in the NetScaler ADM agent after they are downloaded. Hence, the images are not required to be downloaded for subsequent upgrade jobs.
Note:
This is applicable only for NetScalers that are added using the NetScaler ADM agent.
For more information, seeCreate an ADC upgrade job。
[NSADM-76343]
Fixed issues
在网络认识,当你深入任何指标view details and then further drill down any metric, the graph remains in the previous view, but all others details appear as expected.
一个s a result, this creates an assumption that the further drill down is not working as expected.
[NSADM-98995]
When you try to migrate an ADC configuration from a source ADC instance to a target instance in一个pplications > Configuration > Config Packs > Migrate ADC > Get Started > Specify Configuration, and clickNext, the following error message is displayed intermittently:
“No Job found”。
[NSADM-97948, NSADM-97727]
In the一个pp dashboard, when you select an application and navigate to theSSLtab to bind a certificate, an error message “Certificate not found in database” is displayed.
[NSHELP-35654]
June 14, 2023
Security
Support to create API definition without selecting endpoints
In theSecurity > API Gateway > API Discovery>Vserverpage, you can now create an API definition without selecting an endpoint. When you clickCreate API Definition, a pop-up window appears for you to confirm if an API definition must be created for all the discovered endpoints. ClickYesto create the API definition with all the endpoints, else clickNo。
For more information, seeDiscover API endpoints。
[ NSADM-94318 ]
StyleBooks
Support for additional argument types in replace() function
Thereplace()built-in function can also accept a list of the following built-in types:
stringipaddresstcp-portnumberboolean
For more information, seereplace()。
[ NSADM-96802 ]
Fixed Issues
The issues that are addressed in Build June 14, 2023.
In Upgrade Jobs (Infrastructure > Upgrade Jobs), when you select the pre-upgrade validation failed instance and clickRevalidate, an error message is displayed.
[ NSADM-98329 ]
MPX instances are missing from theInfrastructure > Citrix ADC Inventory > Citrix ADC (MPX/VPX/CPX/BLX)page.
[ NSHELP-35593 ]
When you export the SSL expiry reports for weekly, 30 days or 90 days fromInfrastructure > SSL Dashboard > SSL Certificates > Export Reportsand selectTabular, the resulting report displays an empty Domain column.
[ NSHELP-35592 ]
InInfrastructure > SSL Dashboard > SSL Certificates, the NetScaler high-availability pair does not display the superscript of ‘P’ and ‘S’ for the primary and the secondary devices.
[ NSHELP-35523 ]
In NetScaler release 13.1 and above, the ISSU commands do not get executed during the NetScaler upgrade.
[ NSHELP-35391 ]
For multiple Cluster IP addresses (CLIPs) in a cluster, when you add a CLIP in brackets inInfrastructure > Instances > Citrix ADC > Add, the configuration fails and the CLIP does not get added to NetScaler ADM.
[ NSHELP-35323 ]
May 31, 2023
一个nalytics
Pooled licensing recommendations in the Tasks feature
InTasks, you can now view recommendations and Guide Me workflows for pooled licensing entitlements. As an administrator, these pooled licensing recommendations ensure that you are making use of all capabilities of NetScaler ADM.
For more information, see视图recommendations and manage your ADCs and applications efficiently。
[ NSADM-93988 ]
Export SSL insights data to Splunk and New Relic
When you create a new subscription inSettings > Ecosystem Integrationfor the integration of Citrix ADM with Splunk and New Relic, you can now select theSSL Certificate Insightsoption. After you configure the subscription with theSSL Certificate Insightsoption, you can view the SSL data (SSL vserver and SSL certificate related data ) in the Splunk and New Relic dashboard.
For more information, seeIntegration with SplunkandIntegration with New Relic。
[ NSADM-92047 ]
Fixed Issues
The issues that are addressed in Build May 31, 2023.
In网关> HDX见解>实例, when you select an instance and export the data, the user name information for Desktop Users was not available. With this fix, the user name information is also available in the report.
[ NSADM-96024 ]
When you selectConfigure SNMPfor an SDX instance inInfrastructure > Instances> Citrix ADC > SDX, an error message is displayed. This issue occurs if the SDX profile is configured with SNMP v3 andNoAuthNoPrivas the security level.
[ NSHELP-35324 ]
InInfrastructure > Configuration > Configuration Jobs > Create Job > Select Configuration, when you enter a password variable ($password$) and retain the类型asText Fieldinstead ofPassword Field, and clickNext, the page does not load.
[ NSHELP-35266 ]
In Web Insight, when you export data using the snapshot option, the graphs in the report appear blank.
[ NSHELP-35147 ]
一个nalytics is not visible in HDX Insight. Even if Citrix ADM is rebooted, the analytics is visible only for a short duration and becomes invisible later.
[ NSHELP-35128 ]
For an SDX instance inInfrastructure > Instances > Citrix ADC > SDX > Dasboard, when the used and free values for a resource are zero, theSystem Resource Utilizationchart displays a blank space and blank value fields.
With this fix, the number zero is displayed next to the resource name if the used and free values are zero.
[ NSHELP-35069 ]
May 18, 2023
一个nalytics
Support to export from each widget in Web Insight
InWeb Insight, the export option is now introduced in all widgets and it enables you to export data in tabular format. Using this enhancement, you can:
Export the required data individually from any widget.
Drill down any metric and also export the required data from any widget.
Earlier, the export data provided only the consolidated report.
Note
You can also continue to use the existing Export option to generate the consolidated report.
[NSADM-94140]
Infrastructure
视图the complete certificate chain
You can now view the complete chain of links for a certificate including the intermediate certificates up to the root CA certificate.
To view the certificate chain, navigate toInfrastructure > SSL Dashboard, choose an SSL certificate and clickDetails。
[NSADM-52467]
Support to log events irrespective of event age
NetScaler ADM now allows you to record all events irrespective of the event age you set in the event rules.
To set this option, navigate toInfrastructure > Rules > Add > Configure Event Ageand select theLog events instantly irrespective of event age durationcheck box.
[NSHELP-19914]
Fixed Issues
The issues that are addressed in Build May 18, 2023.
InInfrastructure > Upgrade Jobs> Add > Schedule Task, if you selectPerform two stage upgrade for nodes in HAand select the same time in the twoStart Timefields, the following error message appears when you proceed:
“common.date_diff_error:There should be atleast 1 hour difference between upgrade time”
Even if you change the start time in the fields, theCreate Jobtab displays an empty page.
[NSHELP-35016]
InInfrastructure > Instance Advisory > Upgrade Advisory, the End of Maintenance (EOM) and End of Life (EOL) details for Release 13.0 is incorrect.
[NSHELP-34953]
The email alert for any event was showing the region incorrectly. With this fix, the region is not shown in the email alerts for events.
[NSHELP-34913]
May 09, 2023
Management and Monitoring
Support for identification and remediation of CVE-2023-24488 and CVE-2023-24487
NetScaler ADM Security Advisory now supports the identification and remediation of CVE-2023-24488 and CVE-2023-24487.
Identification of:
CVE-2023-24488 requires a combination of version and config scan.
CVE-2023-24487 requires a version scan.
The remediation for CVE-2023-24487 and CVE-2023-24488 requires an upgrade of the vulnerable ADC instance to a release and build that has the fix.
For more information on the fixed build version details for CVE-2023-24487 and CVE-2023-24488, seeSecurity Bulletin。
Note:
一个DC build 13.1–45.63 replaces build 13.1–45.61.
For more information on how to use NetScaler ADM to upgrade ADC instances, seeCreate an ADC upgrade job。
Note:
It might take a couple of hours for the security advisory system scan to conclude and reflect the impact of CVE-2023-24488 and CVE-2023-24487 in the security advisory module. To see the impact sooner, you can start an on-demand scan by clickingScan Now。
[NSADM-93570]
一个pril 25, 2023
The enhancements and changes that are available in Build April 25, 2023.
一个nalytics
Web Insight - Support to view nil values in graphs
InWeb Insight, when you drill down any metric under Applications, Clients, URLs, or Instances, the analytics view now provides the visibility of nil values (for example, 0 ms and 0 request) in the graph for the selected duration.
Earlier, if there is no traffic or transactions received for the selected duration, Web Insight displayed the graphs by skipping those nil values. As an administrator, you can now view the complete graph with these nil values.
[ NSADM-88686]
StyleBooks
Specify user group access to config packs
一个s an administrator, you can now restrict user groups from accessing configuration packs created by other user groups. To select this option, navigate toSettings > Users & Roles > Groups > Authorization Settings > Configpacks > All Configurations created by the user group。
[ NSADM-92374 ]
Fixed Issues
The issues that are addressed in Build April 25, 2023.
In一个pplications > Configuration > Config Packs, when you enter a search query using the search criteria ofProperties > Display Key, the search result is displayed but the search bar displays the index number of the result.
With this fix, the search bar displays the search query in text instead of a number.
[ NSADM-96859 ]
一个nalytics
The bandwidth data inHDX InsightandGateway Insightis displayed incorrectly in bytes per second instead of bits per second.
[ NSHELP-34836 ]
一个pril 13, 2023
The enhancements and changes that are available in Build April 13, 2023.
一个nalytics
Integrated Cache notification in Web Insight
一个fter you enable Integrated Cache in the NetScaler instance, the eligible requests are processed without requiring a round trip to an origin server. InWeb Insight, these Integrated Cache requests are currently visible underServerswith virtual server IP address instead of the actual server IP address.
For a better visibility of these Integrated Cache requests, you can now view an IC notification next to the ADC virtual server IP address underServers。
For the requests that are not processed with Integrated Cache, the actual origin server IP address is visible.
一个s an administrator, this notification enables you to quickly identify that the ADC instance has processed the Integrated Cache requests.
[NSADM-91864]
Integrated Cache hits and misses graph in Web Insight
InWeb Insight, when you drill down a server, theServer Metricsnow displayIntegrated Cache HitsandIntegrated Cache Missestabs.
一个s an administrator, the graph view in:
TheIntegrated Cache Hitstab enables you to view the total responses that the NetScaler appliance serves from the cache.
TheIntegrated Cache Missestab enables you to view the total responses that the NetScaler appliance serves from the origin server.
[NSADM-93952]
Web Insight - View both average and maximum values in graphs
Starting from 13.1 45.47 or later versions, theWeb Insightin NetScaler ADM is supported with the visibility of maximum latency values underServersandClients。
In addition to this support, when you drill down a server or a client, you can now view both average and maximum values in the summary panel, and also by hovering the mouse pointer on the time series analytics graph inServer Network Latency,Server Response Time, andClient Network Latency。
一个s an administrator, this enhancement enables you to visualize the maximum latency in graphs for the selected duration.
[NSADM-93816]
Infrastructure
视图的数据存储NetSca的趋势ler ADM GUI
InSettings > Data Storage Management, you can now view the data storage information across the different features in your current deployment. TheData Storage Managementdashboard helps you visualize how the data is stored and if the features are operating within their storage entitlement.
Note
The data storage policies are expected to change in the upcoming releases. With these changes, you will not be able to store historical data after it exceeds the storage limit.
For more information, seeManage data storage。
[NSADM-94623]
Fixed Issues
The issues that are addressed in Build April 12, 2023.
Infrastructure
In high-availability deployments, there is no option to upload build image files only to the secondary node.
一个s part of the fix, you can now upload build image files to the secondary node fromInfrastructure > Upgrade Jobs>Create Jobtab >Upload to secondary node only。
[NSADM-96079]
The reports exported fromInfrastructure > Instances > NetScalerdo not display the serial number of secondary nodes.
The reports now display the serial numbers of both primary and secondary nodes of the NetScaler instances. You can also view the reports fromInfrastructure > NetScaler Inventory。
[NSHELP-18816]
一个pril 05, 2023
The enhancements and changes that are available in Build April 05, 2023.
Security
Create API definitions from discovered API endpoints in NetScaler ADM GUI
You can now create API definitions from discovered API endpoints inSecurity > API Gateway > API Discovery。
[NSADM-85957]
Unified dashboard - View API analytics key metrics
In the unified dashboard (Overview > Dashboard), you now view key metrics for the API endpoints configured through NetScaler ADM.
For more information, see一个统一的仪表板视图实例关键指标details。
[NSADM-85954]
Fixed Issues
The issues that are addressed in Build April 05, 2023.
TheChoose Applianceoption forCertificate FileandKey Filefields appears for the following pages:
Infrastructure > SSL Dashboard > Manage Certificate Store > Add
Infrastructure > SSL Dashboard > SSL Certificates > Update
一个s a fix, theChoose Applianceoption is now removed.
[NSHELP-34566]
If NetScaler has an on-premises NetScaler ADM as a licensing server and an agent is modified inInfrastructure > Instances > Agents, the following issue occurs:
The IP address of the license server on NetScaler changes from the IP address of the on-premises NetScaler ADM to the IP address of one of the NetScaler ADM agents。[NSHELP-34483]
When you edit the password for an SDX admin profile configured with SNMPv3 fromInfrastructure > Instances> NetScaler > SDX tab > Profile, the following error message appears:
Please provide valid authentication protocol. The possible values are MD5, SHA。[NSHELP-34372]
March 14, 2023
Fixed issues
The following issue is addressed in Build March 14, 2023:
InInfrastructure > SSL Dashboard > Install Certificates, when you upload a certificate chain that has the same root certificate as an existing certificate chain, the certificate installation fails. The following text is displayed inInfrastructure > SSL Dashboard > SSL Audit Logs > Device Log > Command Log:
Resource Already Exists
[NSHELP-34233]
When you delete an email distribution list fromSettings > Notifications > Email, the following error is seen:
Error: Bad Gateway
This issue occurs because the name of the email distribution list has a white space.
一个s part of the fix, NetScaler ADM now allows you to delete email distribution lists with white spaces.
[NSHELP-34545]
March 02, 2023
一个nalytics
Improvements to Web Insight
In Web Insight, you can now view the following enhancements under一个pplication Metrics:
一个newSummarytab is introduced that enables you to visualize an overview of the application performance such as Response Time, Requests, and Bandwidth. As an administrator, this enables you to get an insight of the application performance for the selected duration. You can use the toggle option and customize the view.
In theRequeststab, apart from the existing total requests, you can also view requests from the top 5 clients based on the total requests. As an administrator, this enables you to get an insight on the clients accessing the application for the selected duration.
In theBandwidthtab, you can view the bandwidth consumption from the top 5 servers based on the total bandwidth consumption. As an administrator, this enables you to get an insight on the servers consuming more bandwidth for the selected duration.
In theResponse Timetab, you can also view Client Network Latency, Server Network Latency, and Server Processing Time on the same graph. As an administrator, this enables you to get an insight on the latency that occurs from client, server, and application for the selected duration. You can use the toggle option and customize the view.
[NSADM-87792]
Infrastructure
Deletion of inactive NetScaler ADM Express accounts
If your NetScaler ADM Express account remains inactive for 45 days, the account will be deleted. Citrix sends a reminder after 30 days of inactivity.
[NSADM-93203]
Management and Monitoring
Change in execution summary for NetScaler high availability upgrade
In NetScaler ADM GUI, the execution summary inInfrastructure > Upgrade Jobs > Execution Summaryno longer displays the high availability synchronization related commands.
This is because, during the NetScaler high availability upgrade, if the NetScaler primary and secondary nodes are in different versions, NetScaler performs the disabling of the high availability synchronization between the nodes. NetScaler ADM does not perform this operation.
[NSADM-93441]
Set threshold for individual entities in Network Reports
InInfrastructure > Network Reporting > Thresholds, you can now set the threshold value for specific entities while configuring the threshold.
For more information, seeNetwork Reporting。
[NSADM-91727]
Support for scheduling individual agent upgrade
InInfrastructure > Instances > Agents > Settings, you can now schedule the upgrade of each NetScaler ADM agent. You can choose to either automatically upgrade an agent to the next build or specify a time and time zone to schedule an upgrade.
For more information, see一个gent upgrade settings。
[NSADM-91719]
Improvements in NetScaler instance upgrade
The following changes are now available in thePre-upgrade validation标签:
Instances blocked from upgradesection - This new section lists the instances that are blocked from upgrade because of pre-upgrade validation errors.
Quick Cleanupbutton - This button is available in theDisk Space Detailspane and allows you to quickly free up the disk space from multiple folders.
For more information, seeHow to upgrade an ADC instance。
[NSADM-91505]
NetScaler BLX images now available in the image library
While upgrading NetScaler BLX fromInfrastructure > Upgrade jobs > Upgrade NetScaler BLX > Select Image, you can now select theNetScaler BLX imagesfrom the image library.
[NSADM-86864]
Security
视图the versions of NetScaler Web App Firewall and bot signatures for a NetScaler instance
You can now view the versions of NetScaler Web App Firewall and bot signatures for a NetScaler instance. The latest signature versions protect your instance from the CVEs. For more information, seeSignature Alert ArticlesandBot signature alert articles。
[NSADM-92378]
一个pplication Performance Analytics
Improvements to Web Insight
InWeb Insight, you can now view the maximum network latency values in bothServerandClient。一个s an administrator, this enhancement enables you to identify the exact server or client that is performing with maximum latency.
Earlier, Web Insight provided the maximum value only based on the average latency values across all servers and clients.
[NSADM-91834]
Miscellaneous
Create and apply filters in the unified dashboard
In the unified dashboard (Overview > Dashboard),您现在可以创建和应用过滤器:
一个pplications
一个DC Infrastructure
一个pplication Security
一个s an administrator, you can apply filters and view insights only for the selected instances or applications.
For more information, see一个统一的仪表板视图实例关键指标details。
[NSADM-91873]
Fixed Issues
The issues that are addressed in Build Mar 02, 2023.
- InInfrastructure > Upgrade Jobs, when you select a completed job that has the pre-upgrade or post-upgrade script file name with special characters and then download the output scripts from theSelect Actionlist, theFile not founderror message is displayed.
[nshelp - 33854]
February 07, 2023
一个nalytics
Security violations display OWASP tags
In the NetScaler ADM GUI, the security violations now display OWASP tags. It supports the OWASP 2017 and OWASP 2021 lists. These tags help you determine whether the violation belongs to the OWASP top 10 list.
Select a violation to view more details. The details now include the OWASP 2017 and OWASP 2021 columns. These columns display the OWASP codes and you can use them to learn more about the violation from theOWASP website。
[NSADM-92999]
Management and Monitoring
Support for changing agent password without current password
一个s a super administrator, you can now allow agent passwords to be changed without their current passwords.
Navigate toSettings>Global Settings>System Configurations>一个gent and Time Zone > Agentand select theRemove current password prerequisite for agent password changecheck box. TheChange Agent Passwordpage will no longer have theCurrent passwordfield.
To display theCurrent passwordfield again, clear theRemove current password prerequisite for agent password changecheck box.
[NSADM-91826]
Time series data visualization interval for NetScaler ADM Express accounts is revised
For virtual servers managed with the Express account, the time series data visualization in analytics graphs and Network Reporting graphs for theLast 1 Hourduration is now revised.
| Feature | Existing data visualization interval | New data visualization interval |
|---|---|---|
| 一个pplication dashboard | 1 minute | 5 minutes |
| Network Reporting | 5 minutes | 10 minutes |
| Web Insight, HDX Insight, Gateway Insight, Security Insights, BOT Insights, Detailed Transactions | 1 minute | 5 minutes |
[NSADM-93200]
Fixed issues
The following issues are addressed in Build February 07, 2023.
When you enable or disable syslog settings for the ADC instance, ADM does not save configuration in the ADC instance. As a result, configuration changes events are not saved in NetScaler ADM.
[NSHELP-33264]
InInfrastructure > Instances > Agent, after you install the SSL certificate with a password encrypted key, the connection to agent on Port 443 fails.
[NSHELP-33614]
January 24, 2023
Fixed issues
The following issues are addressed in Build January 24, 2023.
一个n error message appears when you enable SNMP v3 on a NetScaler SDX instance from the NetScaler ADM GUI by navigating toInfrastructure > Instances > NetScaler > SDX > Select Action > Configure SNMP。
[NSHELP-33852]
January 10, 2023
Management and Monitoring
视图recommendations and manage your ADCs and apps efficiently as actionable Tasks with Guide Me workflows
In the NetScaler ADM GUI, a newTaskoption is introduced, where you can now view recommendations based on your subscription and current utilization. As an administrator, you can:
视图To-Dotasks as actionable recommendations for licensing, analytics, events, SSL certificates, and many more
Complete the task using theGuide Meoption that provides guidance tool tips to successfully complete the task
一个cknowledge the tasks and move them to archive
Go to一个rchived tasksand use the guided tool tips for recurring needs
These recommendations ensure that you are utilizing all the capabilities of NetScaler ADM, enable product discovery and functionalities recommended by the product for efficient administration of the deployment.
For more information, see视图recommendations and manage your ADCs and applications efficiently。
[NSADM-68719]
StyleBooks
Enable or disable netmask length in StyleBook configuration GUI
When you create a configuration pack from StyleBooks with thetype: ipnetworkattribute, the StyleBook configuration GUI now displays theNetmask Lengthbutton next to theIP addressfield.
You can do one of the following actions:
Enable to input netmask length
Disable to input netmask IP address
[NSADM-80696]
December 13, 2022
Management and Monitoring
Support for identification and remediation of CVE-2022-27518
NetScaler ADM security advisory now supports the identification and remediation of CVE-2022-27518.
Identification of CVE-2022-27518 requires a combination of a version scan and config scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix.
For more information about how to remediate CVE-2022-27518, seeSecurity Advisory。
NOTE
It might take a couple of hours for the security advisory system scan to conclude and reflect the impact of CVE-2022-27518 in the security advisory module. To see the impact sooner, you can start an on-demand scan by clickingScan Now。
December 09, 2022
一个nalytics
Discontinuation of Advanced Security Analytics for the premium licensed ADC instances
NetScaler ADM no longer supports一个dvanced Security Analyticsfor the premium licensed ADC instances. With this upgrade, in the NetScaler ADM GUI:
The existing configurations in Advanced Security Analytics and the associated behavior-based violations are now not visible.
The visibility of the other Bot and WAF violations remain unchanged. For more information, see theViolation Categories。
The Splunk and New Relic export are supported only with WAF and Bot violations.
[NSADM-92342]
Configure an action policy from Web Insight
InWeb Insight, you can now configure an action policy from graph trend for the following metrics:
Client Network Latency
Server Network Latency
Server Processing Time
一个s an administrator, when you notice any unusual traffic pattern or a sudden spike in these metrics for any application, this enhancement enables you to create a relative action policy by clickingCreate Action Policyafter placing it on a specific point in the graph.
[NSADM-88682]
一个ction policy - Add multiple applications
When you configure an action policy forClient Network Latency,Server Network Latency, andServer Processing Time, you can now select multiple applications using theINoperator and apply them in a single policy.
For more information, see一个ction policies。
[NSADM-88680]
November 29, 2022
Infrastructure
Z License expiry information shown in NetScaler ADM
You can now view Z License expiry information of MPX and SDX instances in NetScaler ADM by navigating toInfrastructure > Pooled Licensing > Pooled Capacity > Z licenses。
[NSADM-80202]
Management and Monitoring
Discontinued SD-WAN and HAProxy features in NetScaler ADM
NetScaler ADM no longer supports SD-WAN and HAProxy features. As a result, the associated features applicable for SD-WAN and HAProxy are now not available in the NetScaler ADM GUI.
[NSADM-90549]
SDX Upgrade improvements - Support for selection of SDX image from the resource library
When you schedule a maintenance job to upgrade an SDX instance in NetScaler ADM, you now have the option to select from the image library required for an upgrade. Navigate toInfrastructure > Upgrade Jobs > Create Job, selectUpgrade NetScaler SDX, and clickProceedto upgrade an SDX instance.
[NSADM-88832]
Fixed issues
The issues that are addressed in Build November 29, 2022.
Users from Azure AD cannot log in to ADM if an administrator added them to DaaS or other NetScaler products before ADM.
[NSHELP-32556]
InInfrastructure > Network Functions > Load balancing > Services, the total configured services show only 5000 counts, even when the total configured services count on the ADC instances is greater than 5000.
[NSHELP-32299]
November 16, 2022
一个nalytics
Integration with New Relic
You can now integrate NetScaler ADM with New Relic to view analytics for WAF, Bot, and behavior-based violations in your New Relic dashboard. With this integration, you can:
- Combine all other external data sources in your New Relic dashboard
- Get visibility of analytics in a centralized place
NetScaler ADM collects Bot, WAF, and behavior-based events and sends them to New Relic either in real time or periodically, based on your choice. As an administrator, you can also view the Bot, WAF, and other behavior-based events in your New Relic dashboard.
For more information, seeIntegration with New Relic。
[NSADM-83119]
Infrastructure
一个utomated upgrade of Autoscale groups
The upgrade operation of Autoscale groups is now automated. Navigate toInfrastructure > Public Cloud > AutoScale Groupsand select the Autoscale group you want to upgrade. NetScaler ADM performs the required checks and upgrades the Autoscale group.
For more information, seeModify Autoscale Groups。
[ NSADM-84955 ]
Management and Monitoring
Crypto Utilization metrics available on the ADM Service Network Reporting dashboard
You can now add and view the Crypto Utilization metrics in the Network reporting dashboard. Navigate toInfrastructure > Network Reporting > Create Dashboard。SelectSSL Crypto Utilizationas the entity and create a dashboard for Network Reporting.
[NSADM-88416]
Fixed Issues
The issues that are addressed in Build November 16, 2022.
一个symmetric Crypto UnitsandSymmetric Crypto Unitsare now editable fields in the NetScaler ADM GUI. You can enter the number of ASUs and SCUs while provisioning a NetScaler VPX instance on the NetScaler SDX appliance with Intel Coleto (COL) chips.
Navigate toInfrastructure>Instances>NetScaler, and on theSDXtab, select an SDX instance where you want to provision a NetScaler VPX instance. InSelect Action, selectProvision VPXand in the page that displays, enter the crypto capacity underCrypto Allocation
[NSHELP-33297]
November 8, 2022
Management and Monitoring
Support for identification and remediation of CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516
NetScaler ADM security advisory now supports the identification and remediation of three new CVEs: CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516.
Identification of CVE-2022-27510 requires a combination of config scan and version scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix.
识别cve - 2022 - 27513需要combination of a config scan and version scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix.
Identification of CVE-2022-27516 requires a combination of a config scan and version scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix.
For more information about how to remediate CVE-2022-27510, CVE-2022-27513 and CVE-2022-27516, seeSecurity Advisory。
Note
It might take a couple of hours for the security advisory system scan to conclude and reflect the impact of CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516 in the security advisory module. To see the impact sooner, you can start an on-demand scan by clickingScan Now。
一个security article for HTTP request smuggling attacks is also released along with the bulletin. For information on HTTP request smuggling attacks, seeCTX472830。
Note
NetScaler ADM security advisory only supports the identification and remediation of the CVEs. It does not support the security concerns that are highlighted in the Security article. Hence, we do not support the identification and remediation of HTTP request smuggling attacks.
[NSADM-88525]
October 28, 2022
Infrastructure
Specify time zone for agent upgrade
InInfrastructure > Instances > Agents > Settings > Upgrade, the start time uses the time zone that you chose inGlobal Settings > System Configuration。
For more information about setting time zone, seeSet the NetScaler ADM time zone。
[NSADM-88417]
Fixed Issues
The issues that are addressed in Build October 28, 2022.
InSettings > Licensing & Analytics Config > Configure Analytics, the results on the一个ll Virtual Serverspage disappear when you apply the following filters:
- Name
- State
- 类型
[NSHELP-32807]
When you configure a second NIC to isolate management access to NetScaler ADM, the second NIC IP address is incorrectly assigned the same IP address of the primary NIC.
[NSHELP-32567]
October 12, 2022
一个nalytics
WAF security violations - View analytics for Command Injection Grammar
InSecurity > Security Violations, underWAF, you can now view logs and analytics forCommand Injection Grammarviolation. For more information, see:
[NSADM-85792]
Infrastructure
Validate your Cloud Access Profile with additional permissions
The existing Cloud Access Profile of the Autoscale group that connects to AWS needs additional IAM permissions. Currently, the NetScaler ADM service invalidated the Cloud Access Profiles due to missing permissions. To validate IAM permissions, do the following:
- Copy the latest IAM permissions mentioned inCreate IAM roles。
- Go to AWS console and validate the Cloud Access Profile’s role with the latest IAM permissions.
[NSADM-90096]
September 27, 2022
一个nalytics
WAF security violations - View analytics for Block Keyword
InSecurity > Security Violations, underWAF, you can now view logs and analytics forBlock KeywordandJSON Block Keywordviolations.
For more information, see:
[NSADM-86225]
Configure bot management on the platinum ADC instances
In NetScaler ADM, you can now:
Configure bot detection techniques and deploy them on the ADC instances build 13.0 36.27 or later with premium license.
视图bot analytics by enabling theBot Security Violationsoption for the existing virtual servers configured with bot detection techniques either through StyleBook or directly from the ADC instance.
一个long with the existing StyleBook configuration, this enhancement further simplifies the process to configure the bot detection techniques and deploy on the ADC instances.
For more information, seeConfigure bot detection techniques in NetScaler ADM。
[NSADM-80413]
Infrastructure
New option to create a configuration job for Autoscale applications
In一个utoscale Groups > Configurations, you can now navigate to configuration jobs by selecting an Autoscale application. In theCreate Jobpage, sample commands appear based on the configuration details of the selected application. You can edit values or commands. Also, add or remove commands.
Note
You can use configuration jobs only for the applications created using the ADC CLI Commands mode.
For more information, seeDeploy an Autoscale application using configuration jobs。
[NSADM-85939]
NetScaler ADM reschedules the jobs when unforeseen events occur
Sometimes, while running a configuration or an upgrade job, you might face the events like:
Upgrade of NetScaler ADM service is in progress.
一个n ADM agent goes down. It can happen if the agent upgrade is in progress.
In such events, NetScaler ADM reschedules the jobs to the following hour.
Earlier, NetScaler ADM was not able to identify the ADM service upgrade or the agent state. As a result, jobs were failing after the time-out.
[NSADM-85554]
视图usage and license information for unmanaged CICO ADC instances
You can now navigate toInfrastructure > Pooled Licensing > Bandwidth Licenses > CICO查看使用和虱子nse information for unmanaged CICO ADC instances on ADM Service.
[NSADM-85452]
Management and Monitoring
Generate a tech-support bundle for the secondary ADC instance
In an ADC high-availability pair, you can now generate a tech-support bundle for the secondary node as well, from the ADM GUI. Earlier, you were able to generate a tech-support bundle only for the primary node.
[NSADM-88905]
视图network reporting data points for each day of the month
InInfrastructure > Network Reporting, when you select one month duration in the dashboard, it shows the data points for each day. Earlier, it was showing the data points for each week.
[NSADM-88875]
StyleBooks
StyleBooks support NetScaler BLX instances
While creating a configuration pack, you can now choose NetScaler BLX instances as the target instances. Earlier, StyleBooks supported NetScaler MPX, SDX, VPX, and CPX instances.
[NSADM-86253]
September 13, 2022
StyleBooks
Improved default StyleBooks to configure a load-balancing virtual server
With the improved default StyleBooks, you can now configure all supported options in ADC for a load-balancing virtual server. For example, you can now set IP pattern, IP mask, IP range, and more. Earlier, you were able to configure only fewer options from StyleBooks. We added the following StyleBooks in NetScaler ADM with their improved versions:
| Name | Version |
|---|---|
| lb | 2.0 |
| lb-mon | 2.0 |
[nsadm - 80663]
Fixed Issues
The issues that are addressed in Build September 13, 2022.
While inviting an IAM group by selecting Azure AD as the identity provider, the ADM roles do not appear underCustom Accessif they have whitespaces.
[NSHELP-32557]
Users from Azure AD cannot log in to ADM if an administrator added them to DaaS or other NetScaler products before ADM.
[NSHELP-32556]
一个ugust 29, 2022
一个uto-enabling Gateway Insight and Account Takeover for NetScaler Gateway
一个ll the licensed NetScaler Gateway virtual servers are now automatically enabled with一个ccount Takeover for NetScaler GatewayandGateway Insight。NetScaler ADM,这使您能够查看insights for:
一个ccount takeover attacks for NetScaler Gateway inSecurity > Security Violations。NetScaler Gateway login page availability becomes an easy target for malicious bots to steal user credentials and perform cyberattacks such as credential stuffing and password spraying. As an administrator, you might want to analyze if malicious bots have attempted to take over the NetScaler Gateway account. For more information, see一个ccount Takeover for NetScaler Gateway。
Issues related to NetScaler Gateway virtual servers inGateway > Gateway Insight。一个s an administrator, you might want to monitor the gateway instances for insights such as user logon activity, logon failure reasons, active users, available users, bot attacks, and so on. For more information, seeGateway Insight。
Note
The auto-enablement for Gateway Insight and Account Takeover for NetScaler Gateway functionality will be released to customers in phases.
Your NetScaler ADM must have one or more external NetScaler ADM agents configured and have one or more Premium or Advanced Gateway devices.
一个fter this functionality is released in your NetScaler ADM, all the existing licensed NetScaler Gateway virtual servers and the subsequent licensed NetScaler Gateway virtual servers will be automatically enabled with Gateway Insight and Account Takeover for NetScaler Gateway.
For all NetScaler Gateway virtual servers that are manually disabled with Gateway Insight option, the Gateway Insight will not be auto-enabled to those virtual servers.
To disable theGateway Insightoption:
- Navigate toSettings > Licensing & Analytics Configuration。
- UnderVirtual Server Analytics Summary, clickConfigure Analytics。
- In the一个ll Virtual Serverspage, select the NetScaler Gateway virtual server and clickEdit Analytics。
- Deselect theGateway Insightoption and clickSave。
The一个ccount Takeover for NetScaler Gatewayis automatically disabled, after theGateway Insightoption is disabled.
[NSADM-82732]
Improvements to the unified dashboard
The Unified Dashboard inOverview > Dashboardis now added with smaller widgets for all key metrics under each category. When you clickEdit dashboard, you can:
Remove the whole widget (Applications, ADC Infrastructure, Gateway, or Application Security).
Remove the smaller widgets present under each widget.
Click一个dd widgetand select the required key metrics that you want to view under each widget.
This enhancement enables you to customize the dashboard view by adding or removing the required widgets under each category.
[NSADM-86337]
Choose a country from the selected region
When you’re logging in to the NetScaler ADM service for the first time, you can now choose a country that suits your business need. The countries appear based on your selected region. Earlier, you were able to select only regions.
For example, if you select theEMEAregion, the GUI lists the following countries:
- France
- United Kingdom
- Germany
Similarly, you can choose a suitable country from other regions.
[NSADM-83643]
Web Insight - View details for cipher related issues
In一个pplications > Web Insight, underSSL Errors, you can now drill down theCipher Mismatchto view details such as the SSL cipher name, the recommended actions, and the details of the affected applications and clients.
For more information, seeWeb Insight。
SNMP version 3 support for SDX configuration on ADM
You can now create an SNMP v3 profile for the NetScaler SDX instance from the ADM GUI. Navigate toInfrastructure > Instances > NetScaler > SDXtab and then clickProfiles。You can add all the profile parameters, selectv3as SNMP profile type, and then clickCreateto create a NetScaler SDX Profile.
[NSADM-84828]
一个ugust 16, 2022
一个nalytics
一个pp Dashboard - View detailed insights to troubleshoot the application issues
In一个pp Dashboard, when you drill down an application, you can now view theRecommended Actionsfor the following application issues that enable you to view detailed insights to troubleshoot the issues:
Response Time
一个ctive Services
Unstable Server
Service Flaps
For more information, seePerformance indicators (issues)。
[NSADM-84811]
Infrastructure
Dual NIC support for ADM agent
You can configure a second NIC on ADM agent to manage access to NetScaler ADM. Using the Dual NIC architecture, ADM agent will now be able to:
Establish communication between ADM agent and ADC instances
Establish communication between ADM agent and ADM service
For more information, seeDual NIC support on NetScaler ADM。
[NSADM-85781]
Recreate a cluster that is part of Google Cloud Autoscale group
To view and troubleshoot the ADC clusters that are part of a Google Cloud (GCP) Autoscale group, you can now navigate toInfrastructure > Public Cloud > Autoscale Group, and click视图Clusters。
You can select theGCP clusterand clickRecreateto delete the existing cluster and replace it with a new cluster. All the application configurations are transferred to the new ADC cluster.
For more information, see视图and troubleshoot ADC clusters。
[NSADM-75731]
Management and Monitoring
视图一个DM agent details in the unified dashboard
In the unified dashboard, you can now visualize an overview of ADM agent details. InOverview > Dashboard, next to the一个DM Agent Status, you can view the agents that are available/unavailable.
Click视图Detailsto visualize an overview of ADM agent details such as total in-built agents, total external agents, agent IP, status, system usage, diagnostic checks, and so on.
For more information, seeUnified dashboard overview。
[NSADM-83096]
Fixed Issues
一个fter you enable analytics or when you edit analytics for NetScaler Gateway virtual servers configured from the HA pair, theInstance level optionsunder一个dvanced Settings (optional)appear disabled, even after these options are enabled.
[NSHELP-32188]
InGateway > HDX Insight > Users, when you select a user, instead of showing details for the selected user, ADM shows details for all the users.
[NSHELP-32181]
In网关> HDX见解>实例, when you click a country to drill down for further details, the data underCurrent Sessionsare not displayed.
[NSHELP-32125]
July 13, 2022
Management and Monitoring
Support for identification and remediation of CVE-2022-27509
NetScaler ADM security advisory now supports the identification and remediation of CVE-2022-27509.
Identification of CVE-2022-27509 requires a combination of version scan and custom scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix. If your vulnerable ADC instances have the/etc/httpd.conffile copied to the/nsconfigdirectory, see [Upgrade considerations for customized ADC configurations before planning ADC upgrade.
You can also opt out of these Security Advisory custom scans. For more information on Custom Scan Settings and opting out of custom scans, see theConfigure Custom Scan settingssection on theSecurity Advisorypage.
For more information about how ADM identifies ADCs vulnerable to CVE-2022-27509 and steps to remediation, seeIdentify and remediate vulnerabilities for CVE-2022-27509。
Note
It might take a couple of hours for the security advisory system scan to conclude and reflect on the impact of CVE-2022-27509 in the security advisory module. To see the impact sooner, you may start an on-demand scan by clickingScan Now。
[NSADM-85549]
Configure an access policy for Upgrade Jobs
一个s a super administrator, you can now configure an access policy, set the permissions (View/Edit) for the Upgrade Jobs, and apply the policy to your NetScaler ADM users. InSettings > Users & Roles > Access Policies, click一个ddto configure an access policy by selectingInfrastructure > Upgrade JobsunderPermissions。
For more information, seeConfigure access policies on NetScaler ADM。
[NSADM-82494]
Support for configuration audit in NetScaler BLX instances in shared mode
You can now create Configuration Audit templates with certain configurations and monitor the configuration changes in NetScaler BLX instances in shared mode. For more information, seeCreate audit templates。
[NSADM-82323]
Support for CSV format and schedule export in Web transaction analytics
InWeb transaction analytics, you can now view the following enhancements when you click theExporticon:
InExport Now, you can export data in CSV format.
TheSchedule Exportoption is introduced that enables you to schedule and export the data in CSV format through email and Slack.
For more information, seeWeb transaction analytics。
Fixed Issue
In NetScaler ADM service, when you navigate toInfrastructure > Instances > Agents, and clickSettingsto change the agent upgrade settings, a confirmation messageModified Agent Upgrade Settingsis displayed once the settings are changed.
[NSHELP-32099]
June 29, 2022
一个pplications
Configure and associate an application to multiple custom applications
In一个pplication Dashboard, you can now configure an application and associate it to multiple custom applications. Using this feature, you can reuse the same application for multiple custom applications, rather than creating a separate application for each custom app.
For more information, seeConfigure and associate an application to multiple custom applications。
[NSADM-82040]
Management and Monitoring
Supported browsers to access NetScaler ADM GUI
NetScaler ADM GUI is now accessible only from the following compatible browser versions:
| Web browser | Version |
|---|---|
| Microsoft Edge | 79 and later |
| Google Chrome | 51 and later |
| Safari | 10 and later |
| Mozilla Firefox | 52 and later |
[NSADM-83943]
June 15, 2022
Infrastructure
Monitor the NetScaler ADM agent system parameters usage and remediate issues using the self-heal daemon
The NetScaler ADM agent now monitors its system resources (CPU, Memory, and disk) by automatically running the self-heal daemon in the background. The self-heal daemon checks for thresholds and applies actions automatically during the following scenarios:
如果disk usage exceeds 80% or more for a specific duration, clean-up space (logs, backup logs, core files, crash files, and so on) action is applied to reclaim the disk space.
如果memory and CPU usage exceeds 90% or more for a specific duration, ADM processes are restarted to reclaim the CPU and memory.
Note
The self-heal daemon does not monitor the thresholds configured inInfrastructure > Instances > Agents > Settings > Notification。
[NSADM-82558]
June 07, 2022
一个nalytics
视图Bot and WAF analytics for custom apps
InSecurity > Security Violations, underWAFandBot, you can now select a custom app and view the consolidated applications details that are applicable for a custom app. You can also select an application from the list and view details for a particular application of the custom app.
For more information, seeSecurity violations。
[NSADM-77375]
Management and Monitoring
进口and install the SSL certificate bundle (with certificate chain) through the Certificate Store
InInfrastructure > SSL Dashboard, when you selectManage Certificate Storefrom the list available next toSettings, you can:
Click进口一个DC Certificates > Start Pollingand the SSL certificate bundle along with the certificate chain that links the server certificate to its issuer (the intermediate CA) is imported from the ADC instance to the Certificate Store.
视图the certificates in the Certificate Store, select a certificate, and clickInstallto install the certificate along with the certificate chain on the selected ADC instances.
[NSADM-82727]
Upgrade support for NetScaler BLX instances
InInfrastructure > Upgrade Jobs, you can now create a job to upgrade NetScaler BLX instances. You must select the appropriate build image (applicable for Ubuntu or Red Hat) for a successful upgrade. For more information, seeMaintenance jobs。
[NSADM-82324]
Fixed Issue
InInfrastructure > Event Summary > Syslog Messages, the data was displayed only for the last 30 days. With this fix, the data is displayed for up to 180 days.
[NSHELP-30961]
May 10, 2022
一个nalytics
Export realtime data to Splunk
The integration of NetScaler ADM with Splunk now enables you to export realtime data to Splunk. In the ADM GUI, when you select theRealtime Exportoption and configure, the selected violations in NetScaler ADM are pushed to Splunk immediately.
For more information, seeIntegration with Splunk。
[NSADM-84529]
Improvements to WAF learning engine
In NetScaler ADM, you can now configure a learning profile and deploy or skip the relaxation rules for the following additional security checks:
JSON SQL
JSON Command Injection
JSON XSS
Note
To configure a learning profile using these security checks, the NetScaler instance must be 13.1–14.10 or later.
For more information, seeWAF learning engine。
[NSADM-80921]
一个pplications
Improvements to the unified dashboard
The unified dashboard inOverview > Dashboardnow enables you to customize it based on your choice. Using theEdit dashboardoption, you can:
Drag widgets
Remove widgets
一个dd widgets
Reset to default
一个fter making changes, clickSave。
Note
By default, all widgets are displayed. If you have customized the dashboard, saved the changes, and use the Reset to default option, the last saved customized dashboard is restored.
[NSADM-52144]
Infrastructure
Improvements to ADM GUI
You can now expand or collapse the ADM GUI navigation menu individually. This improvement enables you to view all options in each section.
[NSADM-85480]
Support for identification and remediation of CVE-2022-27507 and CVE-2022-22508
NetScaler ADM security advisory now supports the identification and remediation of two new CVEs:CVE-2022-27507andCVE-2022-22508。
Identification ofCVE-2022-27507requires a combination of a version scan and config scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix.
一个DM Security Advisory does not support mitigation. If you have applied mitigation (temporary workaround) to the ADC instance, ADM will still identify the ADC as vulnerable until you have completed remediation.
ForCVE-2022-27507, even if you have applied mitigation and temporarily disabled HDX Insight for EDT traffic, (seeSecurity Bulletin), ADM Security Advisory will still identify the ADC as vulnerable until you have completed remediation (upgrade to a release and the build that has the fix).
Identification ofCVE-2022-27508requires a combination of a version scan and config scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix.
For more information about how to remediate CVE-2022-27507 and CVE-2022-22508, seeSecurity Advisory。
Note
It might take a couple of hours for the security advisory system scan to conclude and reflect the impact ofCVE-2022-27507andCVE-2022-27508in the security advisory module. To see the impact sooner, you may start an on-demand scan by clickingScan Now。
[NSADM-85673]
Fixed Issue
InInfrastructure > Instances > NetScaler, when you change an admin profile password and include % in the password, an error message is displayed.
[NSHELP-31392]
一个pril 27, 2022
Management and Monitoring
一个DC downgrade through ADM GUI with the correctns.conffile
InInfrastructure > Upgrade Jobs, when you create an upgrade job to upgrade the ADC instance to a lower version, ADM now selects the compatiblens.conffile from which the configuration is applied to the ADC instance. The selectedns.conffile must be of the same version or lower than the version selected by the user. If there is no suitablens.conffile present in the ADC instance, downgrade is not allowed and the appropriate error message is displayed.
[NSADM-81421]
Fixed Issues
When you enable一个dvanced Security Analytics, apply profile with one or more behavior-based violations, and clickSave, the details in the table are not displayed inSettings > Licensing & Analytics Configuration > All Virtual Servers。
Note: The behavior-based violations are Excessive Client Connections, Unusually Large Upload Transactions, Unusually Large Download Transactions, and Unusually High Request Rate.
[NSADM-85020]
InInfrastructure > Event Summary > Syslog Messages, the data was displayed only for the last 30 days. With this fix, the data is displayed for up to 180 days.
[NSHELP-30961]
一个pril 12, 2022
一个nalytics
New violations added for rate limiting bot violations
The rate limiting rule detects multiple requests coming from the same client. InSecurity > Security Violations > Application Overview, underBot, you can now view the following violation details:
URL
Source IP
Geo Location
Session
ClickLogsto view details such as time, client IP, bot type, bot detection, and so on. For more information, see视图bot violation details。
[NSADM-80925]
Headless Browser violation support in bot violation
InSecurity > Security Violations > Application Overview, underBot, you can now viewHeadless Browser violationdetails. ClickLogsto view details such as time, client IP, bot type, bot detection, and so on.
For more information, see视图bot violation details。
[NSADM-89027]
Management and Monitoring
CVE-2022-21827 not in scope of NetScaler ADM Security Advisory
The CVE-2022-21827 impacts the NetScaler Gateway plug-in for Windows supported versions prior to 21.9.1.2.
The detection and remediation of vulnerabilities impacting the NetScaler Gateway plug-in for Windows is not supported by the NetScaler ADM. Also, NetScaler Gateway plug-in vulnerabilities cannot be assessed by performing any checks on ADC side, verifying the ADC version, or by checking the ADC configuration. The detection and remediation for this CVE can only be assessed based on the version of the NetScaler Gateway plug-in for Windows deployed on the client.
一个s a result, the detection and remediation of this vulnerability is out of NetScaler ADM Security Advisory scope.
For more information, seeUnsupported CVEs in Security Advisory。
Unsubscribe option available in product emails sent to customer
Customers (New customers and Inactive) now have the option to unsubscribe to all the email notifications within the product emails sent by NetScaler ADM. For more information to subscribe or unsubscribe, seeEmail subscriptions。
[NSADM-83272]
Retain filters in app dashboard
In一个pplications > Dashboard, when you apply filters through the search bar and key metrics, the filters are now retained. You can view the same filters even if:
You return to一个pplications > Dashboardfrom a different navigation within the ADM GUI.
You close the browser and open a new session from the same browser.
Note
The filters are not retained if you open a new session from a different browser or in an incognito mode.
[NSADM-82038]
StyleBooks
一个uto-update of configuration packs
When an SSL certificate is updated in the NetScaler ADM certificate store, the configuration packs associated with the SSL certificate are automatically updated.
[NSADM-80694]
March 31, 2022
一个nalytics
Improvements to Advanced Security Analytics in Security Violations
一个s an improvement to the Advanced Security Analytics feature, the process to first enable一个dvanced Security Analyticsand then create a profile by using theSettingsicon is now simplified. You can now enable一个dvanced Security Analytics, create a profile, and assign the profile to the virtual servers in a single workflow.
For more information, seeEnable Advanced security analytics。
[NSADM-81383]
Improvements to the unified dashboard
InOverview > Dashboard, you can now view the following improvements:
You can click the key metric counts under all categories to view details of the affected ADC instance/application/Gateway.
Under一个pplications, minor GUI changes made in SSL key metrics to visualize more information.
UnderGateway, theUsers Geo Distributiondisplays the top 3 countries based on the user counts.
[NSADM-82758]
Management and Monitoring
Support for ECDSA algorithm in SSL dashboard
When you configure an enterprise policy inSSL dashboard > Settings > Enterprise Policy, you can now selectECDSAin theRecommended Signature Algorithm。
For more information on ECDSA, seeECDSA cipher suites support。
For more information on enterprise policy configuration, seeConfigure an enterprise policy。
[NSADM-71321]
Onboarding
一个DM support for Kubernetes version 1.23
NetScaler ADM now supports adding and managing clusters with Kubernetes version 1.23.
[NSADM-83683]
March 16, 2022
Onboarding
Test Onboarding Readiness of ADC instances
When you want to onboard an ADC instance on to NetScaler ADM using the default built-agent option, you can perform a test run to ensure that the ADC instance is ready to onboard. For more information, seeTest onboarding readiness of ADC instances。
[NSADM-80502]
March 01, 2022
Management and Monitoring
Invite users or groups to ADM from the Azure AD
一个s a super administrator, you can now invite users or groups to NetScaler ADM from the connected Azure AD to NetScaler ADM. Before doing so, ensure that the Azure AD is connected to Citrix Cloud, seeConnect Azure Active Directory to Citrix Cloud。早些时候,你只能邀请用户Citrix Identity.
When you select Azure AD as the identity provider, you can specify only Custom Access for the selected user or group. The users can log in to NetScaler ADM using their Azure AD credentials. With this feature, you don’t require to create a Citrix Identity for the users who are part of the selected Azure AD. If a user is added to the invited group, you don’t require to send an invite for the newly added user. This user can access NetScaler ADM using the Azure AD credentials.
[NSADM-81039]
Certificates and Key files uploaded to ADC are saved by ADM and the information is stored in the ADM database
When you upload certificates and Key files to Cert Store using theSSL Dashboardin the ADM Service GUI, only the metadata and the encrypted contents of the certificate file are saved in ADM Database. The key and password used to decrypt the content are saved in Cloud Wallet.
[NSADM-72475]
New network reports in ADM
The following new network reports are added as the total counters:
一个uthentication Success vs Failures
HTTP Authentication Success vs Failures
Non-HTTP Authentication Success vs Failures
一个一个一个Sessions
Current AAA Sessions
Current ICAOnly Sessions
Current ICAOnly Connections
Current ICA(Smart Access) Connections
You can use these counters to add thresholds and receive notifications. For more information seeNetwork reporting。
[NSADM-62239]
行动政策——配置机器人和WAF通知s with transaction details
In一个ction Policies, when you configure an action policy, you can now selectBot Violation per ClientandWAF Violation per Clientoptions. These options enable you to configure and receive notifications with transaction details such as client IP, total attacks, violation type, and so on.
For more information, seeConfigure an action policy to receive application event notifications。
[NSADM-80630]
Opt out of Security Advisory Custom Scans
NetScaler Application Delivery Management Service UI now allows you to opt out of security advisory custom scans. When you opt out of these Security Advisory Custom scans, the impact of the CVEs that need a custom scan will not be evaluated for your ADC instances in the Security Advisory.
To opt out of Security Advisory Custom Scans, seeCustom Scan settings。
[NSADM-80288]
StyleBooks
Use HTML formatting tags in the StyleBook description and header
In theStyleBookdefinition, you can now include a header field and use HTML formatting tags for the text. You can also include images as part of the header and it will be rendered at the top of the configuration form. This feature allows you to add infographics for the StyleBook users that help in understanding the StyleBook configuration. If you use images in the header, ensure to use base64 encoded image format in theimagetag.
name:app-stylebook-with-HTML-tagsnamespace:com.examples.stylebooksversion:`1.0`display-name:`Example App StyleBook`header:'ThisStyleBookdefinesalltheappconfigurationforLoadBalanced一个pplication.Thefollowingimagedescribesthetargetdeploymentfortheappid=`b64img`src=`data:image/png;base64,`/>' [NSADM-80699]
提供自动定量应用cations that are outside of ADC instances’ virtual network or VPC
When application servers and ADC instances are situated on different Virtual networks, VPC Networks, and Subnets, provide the CIDR block of a subnet or VPC where you have application servers. Specify the CIDR block in theOrigin Serverfield while configuring the provision parameters. This way you can deliver apps from the application servers that are situated outside of the ADC instances’ virtual network or VPC network.
Earlier, this feature was available only for the Autoscale groups in AWS, now you can use this feature in Azure and Google Cloud also.
For more information, see:
[NSADM-78617]
February 10, 2022
Management and Monitoring
Support for the ShowConfiguration template
In the Configuration Editor, when you selectBatch Configuration, you can now use theShowConfigurationtemplate. Drag theShowConfigurationtemplate to the right pane and enter the show commands to run on NetScaler instances.
For example, you can enter commands such assh ns info,sh node,sh ns stats, andsh interface,shell ls /var/tmpand view the output.
You can download the output of the commands as a text file.
[NSADM-66132]
Configure an action policy to receive application event notifications
一个part from the existing analytics view of application events, you can configure an action policy to get application event notifications through Slack, Email, PagerDuty, or ServiceNow. The application events include performance issues, bot and WAF violations, and service graph violations. As an administrator, using the action policy, you can get event notifications in real time.
Using the action policy, you can:
Predefine certain conditions for the application events.
Get notified for the following events through Slack, Email, PagerDuty, and ServiceNow:
WAF SQL Violation
WAF XSS Violation
WAF Infer XML Violation
Note
To receive the WAF violation notification, the minimum violation transactions must be 20%. For example, out of 100 transactions, minimum 20 must be violation transactions.
Top 3 WAF violations
(Total violations contributed by SQL, XSS, XML together must be 30%. For example, out of 100 transactions, 30 or more transactions must be a combination of SQL, XSS, Infer XML violations.)
Bot violations
(For more information on the list of bot violation, seeviolation categories。)
一个pp score violation
Client network latency
Server network latency
Server processing time
Service graph violation
For more information, seeConfigure an action policy to receive application event notifications。
[NSADM-70968], [NSADM-76588], [NSADM-72799]
一个pplications
Improvements to service graph
In global service graph and microservices service graph, you can now view the legend that provides the description for symbols available in service graph.
[NSADM-82077]
Onboarding
Configure settings for low-touch onboarding workflow emails
一个s a part of ADM Service Connect based low-touch onboarding workflow, you receive product initiated emails from NetScaler ADM service. You can configure and manage the emails that you receive as part of this workflow in the following ways:
Enable emails for all admins
Enable / disable emails for selected admins
Disable emails for all admins
For more information to configure and manage emails, seeEmail Settings。
[NSADM-80289]
视图NetScaler ADM agent diagnostics and receive alerts for endpoint verification
NetScaler ADM now performs a periodic (every one hour) diagnostic check for NetScaler ADM agent and provides the following information:
Endpoint reachability
Health check probe
一个gent proxy
如果agent endpoint reachability status changes (fromOKtoNeeds Review), the super administrator receives an email notification comprising the issue details.
For more information, see视图agent diagnostics and receive alerts for endpoint verification。
[NSADM-69407]
StyleBooks
Updates of the StyleBook configuration pack are automatically reconciled
Sometimes, updating a StyleBook configuration pack that is deployed on an ADC instance can have differences from its deployed state. In such cases, the configuration pack update fails. The StyleBook engine now automatically reconciles these differences and updates the configuration pack. Earlier, a message appeared on the GUI that needed your confirmation to reconcile the changes before updating the configuration pack.
[NSADM-80660]
Manage data sources in ADM
Defining a data source in NetScaler ADM helps you to use data from external sources as an input while creating or updating StyleBook configurations. Otherwise, you have to explicitly supply each input required by the StyleBook. In NetScaler ADM, you can use any managed ADC instance as a data source for the input to a StyleBook configuration. In NetScaler ADM, you can use the managed ADC instances as data sources. You can also define custom data sources which can serve as input when creating or updating configurations. To view custom data sources, go to一个pplications > Configuration > Data Sources。
Use thedatumbuilt-in type in the StyleBook definition to define a data source.
Example:
parameters:-name:selected-lblabel:Select an existing ADCtype:datumrequired:truedata-source:type:managed-adcIn this example, thedatumparameter is used to define themanaged-adcdata source. This data source allows you to retrieve data from the ADC instances managed by NetScaler ADM.
[NSADM-80659]
Check the StyleBook compatibility for a configuration pack
When you are changing the StyleBook for a configuration pack in the ADM GUI, you can now determine the changes from the newly selected StyleBook definition. And, how these changes affect the configuration pack. With this information, you can make necessary updates to the StyleBook definition before changing it. Or, you can decide to continue with the existing StyleBook.
For example, if you change the StyleBook for a configuration pack, the existing StyleBook can have an allowed port HTTPS whereas the newly selected StyleBook can have SSL. In this case, you may need to edit the same HTTPS values for SSL port as well.
[NSADM-80664]
January 25, 2022
一个DC low touch onboarding to ADM – View automated diagnostics
以下信息仅适用于the ADC instances that are connected to ADM Service through ADM service connect feature.
Earlier there was a manual process to use the diagnostic tool to troubleshoot the low touch onboarding issues. Now, you can also view diagnostic information about the ADC instances that have issues in low touch onboarding on the ADM GUI.
When you are in the ADM Service Connect based low touch onboarding workflow, in the一个sset Inventorypage you can see the newly addedOnboarding Readinessoption that provides the ADC instance onboarding readiness status such asNeeds RevieworOK。
You can also see this view by navigating toInfrastructure > Instances > NetScalerand clicking the一个sset Inventoryoption.
You can then use this information to understand and resolve the issues.
For more information, seeTroubleshoot issues using the diagnostic tool or the ADM GUI。
[NSADM-77245]
Support for low touch onboarding of customers not yet on Citrix cloud
一个s a part of the Low-touch onboarding of NetScaler instances using ADM Service Connect workflow, customers who are not yet on Citrix Cloud will now be able to sign-up to Citrix cloud and onboard their ADC instances onto ADM Service easily. These customers will receive an email from NetScaler ADM service guiding them toOnboard to ADM Service。By clicking on this button, they can then sign up to Citrix Cloud and onboard their ADC instances on to ADM Service using the low touch onboarding workflow. For more information, seeLow-touch onboarding of NetScaler instances using service connect。
[NSADM-76466]
Infrastructure Analytics - Configure notifications for specific issues
InInfrastructure Analytics, you can now select the required issues, enable notifications for issues that breach the configured thresholds, and receive notifications only for the selected issues. Earlier, notifications were received for all issues. This enhancement enables you to receive notifications only for the selected issues that you want to monitor.
For more information, seeConfigure notifications。
[NSADM-76361]
January 17, 2022
一个DM support for BLX cluster
You can now add the BLX cluster in ADM. In the ADM GUI, the Cluster IP address (CLIP) is added and the count of the cluster nodes is now visible in the dashboard.
[NSADM-78588]
一个统一的仪表板视图实例关键指标details
一个s an administrator, you can now visualize a dashboard that provides an overview of key metric details based on:
一个pplications
一个DC Infrastructure
一个pplication Security
Gateway
This single-pane dashboard enables you to view details for a better monitoring experience of the instance usage and performance. For more information, see一个统一的仪表板视图实例关键指标details。
[NSADM-74075]
Security violation - JSON SQL Injection Grammar
InSecurity > Security Violations, underWAF, you can now view theJSON SQL Injection Grammarviolation for the selected application. For more information, see违反细节。
[NSADM-62909]
Use the StyleBook’s reserved keywords for parameters and expressions
You can now use the reserved keywords when you define parameters and expressions in a StyleBook definition. The reserved keywords are as follows:
"and", "false", "in", "not", "true", "or" For example, a parameter namednotis now a valid parameter ($parameters.not).
[NSADM-80657]
StyleBooks support nested parameter-conditions
In a StyleBook definition, you can now specify a parameter condition within a parameter condition. These conditions are called nested parameter conditions and use a repeat construct to define these conditions. The nested parameter conditions are useful when you want to apply an action to each item of a list parameter.
Example:
parameters-conditions:-repeat:$parameters.lbvserversrepeat-item:lbvserverparameters-conditions:-target:$lbvserver.portaction:set-allowed-valuescondition:$lbvserver.protocol == "HTTPS"value:$parameters.ssl-portsIn this example, when the user selects the HTTPS protocol for a load balancing virtual server, the port values are dynamically populated. And, it applies for each load balancing virtual servers in the list.
For more information, seeNested parameter conditions。
[NSADM-62747]
Fixed Issue
In a GSLB setup, when you have the same domain name for multiple ADC instances, the entity polling incorrectly updates the database.
[NSHELP-29885]
In this article
- September 26, 2023
- September 13, 2023
- 一个ugust 31, 2023
- 一个ugust 11, 2023
- 一个ugust 09, 2023
- July 26, 2023
- July 18, 2023
- July 12, 2023
- July 03, 2023
- June 14, 2023
- May 31, 2023
- May 18, 2023
- May 09, 2023
- 一个pril 25, 2023
- 一个pril 13, 2023
- 一个pril 05, 2023
- March 14, 2023
- March 02, 2023
- February 07, 2023
- January 24, 2023
- January 10, 2023
- December 13, 2022
- December 09, 2022
- November 29, 2022
- November 16, 2022
- November 8, 2022
- October 28, 2022
- October 12, 2022
- September 27, 2022
- September 13, 2022
- 一个ugust 29, 2022
- 一个ugust 16, 2022
- July 13, 2022
- June 29, 2022
- June 15, 2022
- June 07, 2022
- May 10, 2022
- 一个pril 27, 2022
- 一个pril 12, 2022
- March 31, 2022
- March 16, 2022
- March 01, 2022
- February 10, 2022
- January 25, 2022
- January 17, 2022