NetScaler SAML and Okta

These days, SAML authentication is mainstream and web services are expected to support it in some fashion or another; the SAML 2.0 standard is over 10 years old at this point! One of the key areas of focus for NetScaler is Authentication and Authorization and as such you would expect full support of SAML – and you’d be right. But if you’ve never worked with the SAML protocol, it can seem very daunting at first! … Read more…

Getting Started with NetScaler IP Reputation

Ever wish that you could just block all network traffic from known bad IP addresses? When you start to think about the logistics of this, it would be nice if you didn’t have to manage it either. If you have NetScaler Platinum, you’ve got both of your wishes – and as an added bonus, it’s free! That’s right, if you have a NetScaler Platinum appliance and you are running build 11.0 or later, you have an … Read more…

NetScaler Authentication Error – /cgi/selfauth

While I was rebuilding my lab, I ran into an issue when building out my demo Exchange OWA front-ended by NetScaler – the error was pretty generic, I would attempt to access the OWA page, was then prompted for authentication by the NetScaler AAA engine running as a part of Unified Gateway, then I was dumped to the following error page: Http/1.1 Service Unavailable – /cgi/selfauth/xxxxx This error page is being presented by the NetScaler, … Read more…

Citrix Secure Gateway is EOL…Now What?

Is Citrix Secure Gateway really End of Life? Not really…it’s tied to the lifecycle of the latest product that it was released with which would be XenApp 6.5 – which is incidentally the last product that it works with. Secure Gateway also does not work with any version of StoreFront, so you’re stuck with Web Interface. What does secure gateway do? It allows for an SSL connection to XenApp and XenDesktop resources to be proxied from … Read more…

Demo NetScaler Datastream with SQL AlwaysOn

Is your database application not performing as well as it should? Is your SQL Server running low on resources? Is your application not written to take advantage of SQL AlwaysOn Availability Groups or database sharding? If you answered yes to any of those questions, then NetScaler Datastream to the rescue! Or, maybe you are looking to demo NetScaler Datastream to get a better idea of what capabilities it has in your SQL environment. If that is … Read more…

Demo NetScaler App Firewall

Ever want to try out the feature of the NetScaler known as Application Firewall (AppFW)? Or maybe you need to demo NetScaler App Firewall for one of your customers, but are not sure of the best way to show it off? Well, that’s understandable because App Firewall is powerful and demoing it can be a bit tricky. In this post I’ll cover two of the biggest hurdles in showing off AppFW: Working knowledge of web exploits … Read more…

NetScaler Unified Gateway – Native Receiver

NetScaler unified gateway is one of the great new features in NS version 11. If you’ve worked with some of the more advanced features, then you may be familiar with one of the more common requests: Make a NetScaler Gateway (CAG) the target vServer of a content switching vServer. Fortunately, this is exactly what Unified Gateway does – essentially, Unified Gateway is a content switching vServer with one of the possible target vServers as a non-addressable … Read more…

NetScaler SSL vServer and CookieInsert

The Citrix NetScaler is a great load balancer with numerous options when it comes to the backend loadbalancing method and persistence settings. Here are the available persistence settings based on the type of vServer: Persistence Type HTTP HTTPS TCP UDP/IP SSL_Bridge Source IP YES YES YES YES YES CookieInsert YES YES NO NO NO SSL Session ID NO YES NO NO YES URL Passive YES YES NO NO NO Custom Server ID YES YES NO … Read more…

Microsoft TMG EOL – Replace with Citrix NetScaler

As you may already know, Microsoft has decided to mark its Forefront Threat Management Gateway (TMG – formerly ISA Server) product as end of life. Primary development on it stopped back in September of 2012 and mainstream support ended in April of 2015. The Microsoft TMG product has been around since 1997 under a few different names – Microsoft Proxy Server, Microsoft ISA Server, and currently Forefront Threat Management Gateway. It provides multiple protections using forward\reverse proxy, … Read more…

Customize NetScaler 10

Customize NetScaler 10 I have been meaning to create this post for some time – when NetScaler 10.1 was released, there was some confusion around the best method to customize the interface. The previous method involved using scripts to copy the customized files at boot time – see http://support.citrix.com/article/CTX122271 for details. I know many people are already on NetScaler 11, but for those that have not yet upgraded and are still on 10.5 this should be … Read more…