Netscaler Gateway Plugin 3 0 For Mac



downloadWhy can't I download this file?

The version of Citrix ADC or Citrix NetScaler Gateway SSL VPN running on the remote web server is affected by an authorization bypass vulnerability. An unauthenticated remote attacker with access to the NSIP/management interface can exploit this to bypass authorization. Please refer to advisory CTX276688 for more information.

Maintenance build package name: build-10.5-54.9_nc.tgz
For: NetScaler Gateway 10.5, Build 54.9

Netscaler Gateway Plugin 3 0 For Mac Free


Replaces: None
Date: December, 2014
Language supported: English (US)
Readme version: 1.4

Important Note

Caution! Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

Where to Find Documentation

This document describes the issue(s) solved, new features, and known issues in this build and includes installation instructions.

The latest version of the product documentation is available from Citrix eDocs at http://edocs.citrix.com.

Installing This Maintenance Build

The latest version of the NetScaler Gateway software can be downloaded from the Citrix web site.

Netscaler Gateway Plugin 3 0 For Mac

To download the NetScaler Gateway software from the Citrix web site

  1. Go to the Citrix Web site, click My Account, and then log on.

  2. At the top of the web page, click Downloads.

  3. Under Find Downloads, select NetScaler Gateway.

  4. In Select Download Type, select Product Software and then click Find.

  5. On the NetScaler Gateway page, click NetScaler Gateway 10.5.

  6. Select the software and then click Download.

When the software is downloaded to your computer, you can install the software by using the Upgrade Wizard in the Configuration Utility or the command-line interface.


PluginNetscaler Gateway Plugin 3 0 For Mac

To install the maintenance build by using the Upgrade Wizard

  1. In the Configuration Utility, in the left pane, click System.

  2. In the right pane, click Upgrade Wizard.

  3. Click Next and then follow the directions in the wizard.


To install this maintenance build by using the command-line interface

  1. To upload the software to the NetScaler Gateway, use a secure FTP client to connect to the appliance.

  2. Copy the software from your computer to the /var/nsinstall directory on the appliance.

  3. Open a Secure Shell (SSH) client to open an SSH connection to the appliance.

  4. At a command prompt, type shell.

  5. At a command prompt, type cd /var/nsinstall to change to the nsinstall directory.
    To view the contents of the directory, type ls.

  6. To unpack the software, type tar –xvzf build_X_XX.tgz, where build_X_XX.tgz is the name of the build to which you want to upgrade.

  7. To start the installation, at a command prompt, type ./installns.

  8. When the installation is complete, restart NetScaler Gateway.

  9. When the NetScaler Gateway restarts, at a command prompt type what or show version to verify successful installation.

NetScaler Gateway 10.5 Compatibility with Citrix Products

Mac

The following table provides the Citrix product names and versions with which NetScaler Gateway 10.5 is compatible.

Citrix ProductRelease VersionNotes
Branch Repeater or CloudBridge5.5, 6.1, 6.2, 7.0, 7.1, and 7.2
NetScaler9.2, 9.3, 10.1, and 10.5
NetScaler PlatformsMPX 5550, MPX 7500, MPX8200, MPX 10500, Xen VPX
NetScaler VPX9.1, 9.2, 9.3, 10.1 and 10.5
Receiver Storefront1.2, 2.1, and 2.5
VDI-in-a-Box5.2, 5.3 and 5.4Note: Compatibility with VDI-in-a-Box, Version 5.0.3 supports the SOCKet Secure (SOCKS) protocol only.
Web Interface4.5, 5.0.1, 5.1, 5.2, 5.3, and 5.4
XenApp6.5 for Windows Server 2008 R2
XenDesktop7.0, 7.1, and 7.5
XenMobile9.0
XenMobile App EditionApp Controller 2.8 and 2.9

Supported Receivers and Plug-ins

Receiver or Plug-inRelease VersionNetScaler Gateway Version
NetScaler Gateway Plug-in for Mac OS X3.0.1Supports Mac OS X 10.9 (Mavericks)
NetScaler Gateway Plug-in for Windows10.5Supports Windows 8.1
Receiver for Android3.4 and 3.5
Receiver for iOS5.8 and 5.9
Receiver for Mac11.8.x
Receiver for Windows4.0, and 4.1
Worx Home for iOS8.5 and 8.6
Worx Home for Android8.5 and 8.6
WorxMail for iOS1.3.3-16
WorxWeb for iOS1.3.1-3
WorxMail for Android1.3.13-233936
WorxWeb for Android1.3.3-234245

New Features from Previously Released Maintenance Builds

  1. On Windows-based devices, there are two new registry entries for NetScaler Gateway that override Citrix Receiver for Windows behavior. The new registry entries specify the following:

    • Enable or disable client cleanup on the user device when Receiver is also running.

    • Show or hide the NetScaler Gateway Plug-in icon even if it is integrated with Receiver.

    To enable client cleanup
    Note: Enable client cleanup on NetScaler Gateway and then set the registry entry on the user device.
    HKEY_LOCAL_MACHINESOFTWARECitrixSecure Access Client
    Name: AllowCleanup
    Type: REG_DWORD
    Data: 1

    To show the NetScaler Gateway Plug-in icon
    HKEY_LOCAL_MACHINESOFTWARECitrixSecure Access Client
    Name: DisableIconHide
    Type: REG_DWORD
    Data: 1

    [From NG_10_5_52_11] [#406312]

  2. NetScaler Gateway supports network traffic through a forward proxy between the appliance and servers in the internal network when users log on by using clientless access and when Secure Browse is enabled on the Security tab in a session profile.

    [From NG_10_5_54_4][#451933]

Fixed Issues in This Release

  1. If you configure advanced endpoint analysis policies, endpoint analysis encryption, a proxy server, and client certification authentication, the NetScaler Gateway Plug-in does not connect and users receive the error message, '2017: Your computer does not have the necessary security software to connect to the NetScaler Gateway. Please contact your system administrator.'

    [From NG_10_5_54_2][#466641]

  2. When users log on with the NetScaler Gateway Plug-in, if the users TCP connection closes and the connection to the internal network through NetScaler Gateway is in progress, the appliance might fail.

    [From NG_10_1_130_9][#500207]

  3. In a double-hop DMZ deployment, if the Receiver connection closes and the connection to XenApp or XenDesktop is in progress, the appliance might fail.

    [From NG_10_1_130_9][#508831]

  4. When users are authenticated in the NetScaler Gateway against a LDAP (Lightweight Directory Access Protocol) server configured on FQDN (Fully Qualified Domain Name), authentication fails. As a workaround, LDAP servers can be configured with an IP address.

    [From NG_10 _5_54_2][#509970]

  5. When user connects to a multi-core NetScaler Gateway running out of memory during inter-core communication, NetScaler Gateway fails.

    [From NG_10 _5_54_2][#513385]

  6. When the HTTPS proxy is configured with NTLM authentication and the NetScaler Gateway is activated with single sign-on, if the proxy credentials are incorrect, login fails. The TCP connection setup with Proxy closes the connection with 407 error.

    [From NG_10 _5_54_4][#515043]

  7. When the Endpoint Analysis is configured, the users are redirected to index.html. Otherwise, a session is created for any arbitrary URL if the authentication is disabled on the NetScaler Gateway.

    [From NG_10 _5_54_4][#516257]

  8. NetScaler Gateway does not support single sign-on (SSO) to public servers unless single sign-on is enabled in a traffic profile or if split tunneling is enabled.

    [From NG_10 _5_54_4][#518414]

Known Issues in This Release

  1. When you use the Set Up NetScaler for XenApp/XenDesktop wizard in NetScaler, apply optimization settings, and bind the cache policy globally, when users log on with the NetScaler Gateway Plug-in and open Citrix Receiver, the applications and desktops do not appear. The following message appears: There are no apps or desktops assigned to you at this time. Citrix recommends disabling the optimization settings.

    [From NG_10_5_53_9][#411152]

  2. If you enable advanced endpoint analysis on a virtual server, if users connect from a Windows-based computer with Windows BitLocker Drive Encryption, the endpoint analysis scan fails with the error 'Your device does not meet the requirements to logging on to the secure network.' Endpoint analysis scans for BitLocker Drive encryption are not supported.

    [From NG_10_5_53_9][#442649]

  3. In a session profile, if you configure the Home Page on the Client Experience tab or the Web Interface Address on the Published Applications tab with a fully qualified domain name (FQDN) that resolves to a local server or a load balancing server, the high availability node might fail during synchronization or configuration changes. This can also occur if you unbind the session policy from the virtual server or if you clear the configuration on the appliance.

    [From NG_10_5_53_9][#451758]

  4. When users connect, the DNS Service Location (SRV) records configured on NetScaler Gateway are not served.

    [From NG_10_5_53_9] [#464518]

  5. If you configure two-factor authentication with client certificates and LDAP and if Deny SSL Renegotiation is set to All, user connections fail. You must set the parameter to No.

    To configure Deny SSL Renegotiation

    1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Traffic Management and then expand SSL.
    2. In the details pane, under Settings, click Change advanced SSL settings.
    3. In Change Advanced SSL Settings, in Deny SSL Renegotion, select No and then click OK.

    [From NG_10_5_53_9] [#480009]

  6. If you configure SSL renegotiation and users log on with a PKI-enabled client certificate, logon fails.

    [From NG_10_5_51_10] [#487825]

  7. If users log on to Outlook Web App by using clientless access in a Firefox web browser, sending email fails.

    [From NG_10_5_50_10][#418106]

  8. When users log on, they receive a prompt to install the Endpoint Analysis Plug-in, even though the latest version of the plug-in is installed on the user device.

    [From NG_10_5_50_10][#446735]

  9. If users log on by using the NetScaler Gateway Plug-in dialog box and the endpoint analysis scan fails, the choices pages appears in Internet Explorer. When this occurs, the correct cookies are not sent from Internet Explorer and users receive a 403 forbidden error message or the Endpoint Analysis Plug-in web page appears.

    [From NG_10_5_50_10][#447689]

  10. When users log on for the first time from a Mac OS X 10.9 computer, if the Endpoint Analysis Plug-in starts in Safari 7.x, the attempt fails because the plug-in is not installed. Users receive the error message 'There is no application set to open the URL com.citrix.agmacepa.' Users can click Cancel in the message and then click the Download link in Safari.

    [From NG_10_5_50_10][#454662]

  11. Earlier versions of the NetScaler Gateway Plug-in do not support OPSWAT endpoint analysis scans. When users connect to NetScaler Gateway, logon fails because the earlier version of the plug-in does not support OPSWAT endpoint analysis scans. Users can log on from a web browser and then select Network Access, which starts the upgrade to the latest version of the NetScaler Gateway Plug-in and the Endpoint Analysis Plug-in.

    [From NG_10_5_50_10][#454670]

  12. If you configure an endpoint analysis expression that includes hard disk encryption scan types ENC-TYPE and ENC-PATH, a -13 error message always appears. For example, you use the expression HD-ENC_76003_ENC-PATH__e_ENC-TYPE_noneof_0,1,2.

    [From NG_10_5_50_10][#457436]

  13. If you configure a preauthentication policy that checks for Avira Antivirus on a Mac OS X computer and the virus definitions update by using the SCAN-TIME/VIRDEF-FILE-TIME parameter, the OPSWAT libraries use the date and not the time. You must configure this setting by using the number of days between updates.

    [From NG_10_5_50_10][#467180]

  14. If you configure logon and logoff scripts that are part of a session profile, if the scripts contain Unicode characters, users cannot log on or log off of NetScaler Gateway.

    [From NG_10_5_50_10][#469799]

  15. If you enable a proxy server and disable ICA proxy in a session profile, users cannot start published applications.

    [From NG_10_5_50_10][#470220]

  16. If you enable digest authentication in Internet Information Services (IIS), if users log on with Unicode credentials, add the IIS website as a bookmark and then click the bookmark, single sign-on fails. Users receive a prompt to enter their user name and password.

    [From NG_10_5_50_10][#470495]

  17. During an endpoint analysis scan, NetScaler Gateway does not detect Trend Micro Titanium installed on a Mac OS X computer. As a result, the scan always fails.

    [From NG_10_5_50_10][#474615]

  18. If you enable the Green Bubble theme and then run the Clear Config -f Extended+ command , the Green Bubble theme remains instead of reverting back to the Default theme. To reset the value, you can run the set vn para uitheme command.

    [From NG_10_5_50_10][#478536]

  19. Citrix recommends that you do not bind Policy Infrastructure (PI) policies to the NetScaler Gateway virtual server. NetScaler Gateway does not support Policy Infrastructure (PI) policies.

    [From NG_10_5_50_10][#481722]

  20. If you configure the Web Interface home page with an IPv6 URL instead of IPv4 or the fully qualified domain name (FQDN), users receive a 400 Bad request error when they log on.

    [From NG_10_5_50_10][#482263]

  21. If you created a Netscaler Gateway virtual server by using the Quick Configuration wizard in NetScaler Gateway 10.1, the virtual server needs to be renamed with the prefix _XM_. For example, if the original virtual server name is XMGateway, you must manually rename it to _XM_Gateway. By changing the name with the correct prefix, you can see the virtual server in the wizard.

    [From NG_10_5_50_10][#484962]

  22. When both the Netscaler VPX and the Storefront server are mounted on the same Microsoft Hyper-V, if you upgrade NetScaler VPX from Version 10.1, Build 121.10 to Version 10.5 Build 51.10, user log on to Storefront fails.

    [From NG_10_ 5_ 53_9][#503614]

  23. The pop-up messages for NetScaler Gateway Plug-in for Windows appear behind the active applications (such as browsers) on Windows 8.

    [From NG_10_5_54_51_10][#511757]

  24. When users log on, the IP address assigned from the address pool is overwritten. When this occurs, the destination MAC address changes and the response does not reach the user which results in a time-out in the web browser on the user device.

    [From NG_10_ 5_ 53_9][#518008]

Citrix Netscaler Plugin

Issues Fixed from Previously Released Maintenance Builds

Endpoint Analysis

  1. If users do not have administrative rights, the Endpoint Analysis Plug-in installation fails.

    [From NG_10_5_53_9][#506686]

Netscaler gateway plugin mac

Licensing

  1. If the maximum number of users is set to a number greater than 5 on a NetScaler Gateway virtual server, if you remove the Universal license, the virtual server configuration is also removed.

    [From NG_10_5_51_10] [#447452]

Logon and Authentication

Netscaler Gateway Plug In

  1. If ICA proxy is set to On and you configure authorization policies, when users attempt to connect, NetScaler Gateway modifies the host header to the FQDN of the Web Interface or StoreFront server. When this occurs, user log on fails with the message 'Error: Not a priviledged user.'

    [From NG_10_5_53_9][#501369]

  2. When users connect from a web browser and enter their SAML credentials, NetScaler Gateway fails. This occurs when you configure pre-authentication policies and two-factor authentication policies with SAML and LDAP with SAML as the primary authentication type and having a higher priority.

    [From NG_10_5_53_9] [#506689]

  3. If you configure endpoint analysis policies, if the session times out and users do not close the web browser, they cannot log on again.

    [From NG_10_5_52_11] [#459149]

  4. If you configure SAML authentication with signed SAML assertions, if the user connection disconnects before the SAML response is normalized, NetScaler Gateway fails.

    [From NG_10_5_52_11] [#489609]

  5. If you configure nested group extraction and leave the Group Name Identifier blank, NetScaler Gateway fails.

    [From NG_10_5_52_11] [#500765]

  6. The NetScaler Gateway wizard creates a VPN virtual server with the default authorization set to Deny. When users connect to the VPN virtual server, they cannot access internal network resources. To allow users to connect, set authorization to Allow.

    [From NG_10_5_51_10] [#479548]

  7. If Kerberos uses x.509 certificates (PKINIT) for single sign-on, NetScaler Gateway fails to obtain tickets if the Key Distribution Center (KDC) returns a realm referral. This can cause the NetScaler Gateway appliance to fail.

    [From NG_10_5_51_10] [#484245]

  8. When there are a very large number of simultaneous user authentication requests and the authentication server is slow to respond, Netscaler Gateway can fail.

    [From NG_10_5_51_10] [#484431, #488182, #493939]

  9. If the authentication server is extremely slow to respond, such as 15-30 seconds or more, this can cause delays with users logging on successfully, even if the amount of simultaneous connections is low.

    [From NG_10_5_51_10] [#489343]

Miscellaneous

  1. If you configure load balancing virtual servers and the Secure Ticket Authority (STA) with the same fully qualified domain name (FQDN), attempts to bind the STA to the NetScaler Gateway virtual server fail.

    [From NG_10_5_53_9][#374296]

  2. Responder or URL transform policies that are bound to the Content Switching virtual server are not applied to connection requests that come through NetScaler Gateway.

    [From NG_10_5_53_9][#495867]

  3. If user names contain a period (.) that have a common prefix before the period, NetScaler Gateway creates cache files based on the prefix. When this occurs, tickets for one user are sent to a different user.

    [From NG_10_5_52_11] [#494463]

  4. When users connect with clientless access, the appliance fails if the last octet of the IP address of the server in the internal network is equal to or greater than 240.

    [From NG_10_5_52_11] [#494605]

  5. If you configure a traffic management policy to enable single sign-on to Outlook Web App 2010, enable local authentication on the load balancing virtual server and then change to two-factor authentication with client certificate authentication and LDAP authentication, NetScaler Gateway fails when trying to access the load balancing server.

    [From NG_10_5_51_10] [#485834]

  6. If you are running NetScaler Gateway 10.5, Build 50.9, the priority value of policies bound to the NetScaler Gateway virtual server are lost. You can upgrade to Build 50.10 or 51.10 to fix the issue.

    [From NG_10_5_51_10] [#486857]

Session and Connection

  1. If users connect with the NetScaler Gateway Plug-in for Windows and then attempt to receive a call through a softphone, the call fails.

    [From NG_10_5_53_9][#498679]

  2. When users log on with the NetScaler Gateway Plug-in for Windows, attempts to access internal network resources fail from Windows Metro applications, such as Internet Explorer Metro Mode. This occurs when you configure address pools (intranet IP addresses).

    [From NG_10_5_53_9][#505029]

  3. Showing active user sessions in the configuration utility or by using the command line might result in high CPU utilization on NetScaler Gateway.

    [From NG_10_5_52_11] [#502043]

  4. Attempts to end the session for an external user fails when you enter the command kill aaa session -username <username>.

    [From NG_10_5_51_10] [#446334]

  5. In a high availability deployment, when users log on with SAML authentication, the secondary appliance fails over.

    [From NG_10_5_51_10] [#490075]





Comments are closed.