Release Notes for NetScaler Console 14.1-17.38 Build
This release notes document describes the enhancements and changes, fixed and known issues that exist for the NetScaler Console release Build 14.1-17.38.
Notes
- This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
What’s New
The enhancements and changes that are available in Build 14.1-17.38.
Infrastructure
NetScaler ADM rebranding
NetScaler Application Delivery Management (ADM) is now rebranded to NetScaler Console. Other terminologies that have been rebranded are as follows:
-
ADM on-prem agent is now rebranded to NetScaler agent
-
ADM On-Prem Cloud Connector is now NetScaler Console Cloud Connect
Note:
Our NetScaler Console product UI and documentation are currently undergoing updates to reflect these changes. During this time, you may come across the earlier and rebranded names being referenced interchangeably. We thank you for your understanding during this transition.
[ NSADM-105125 ]
NetScaler Console Cloud Connect - Segregation of mandatory and optional data collection
In the 14.1-12.x build, after you configured ADM On-Prem Cloud Connector (now NetScaler Console Cloud Connect), Citrix Cloud collected license, configuration, usage data for license compliance, and to manage, measure and improve the service. Starting from 14.1-17.x build, these data are now categorized as:
-
License telemetry data (mandatory) - By default, these parameters are automatically collected after you configure Cloud Connect.
-
Feature usage data (optional) - By default, an option to share these optional parameters is selected when you configure Cloud Connect. You might also choose to disable this option.
For more information, see Data categories and Cloud Connect.
[ NSADM-105308 ]
Download files for batch configuration jobs
The configuration jobs now allow you to download files from a directory on a NetScaler instance to a directory on your local machine using the NetScaler Console GUI.
To use this feature, navigate to Infrastructure > Configuration > Configuration Jobs, select a job and click Download Result Files.
The Download Result Files button is available only if the following conditions are met:
-
The configuration job that is created is a batch configuration job. To create a batch configuration job, go to Create Job > Select Configuration and in the Configuration Editor, select Configuration Source > Batch Configuration
-
A scp get command is used in the Configuration Editor
For multiple NetScaler instances, the downloaded result files are available in separate folders, each corresponding to an individual instance.
[ NSADM-105442 ]
Use tags to authorize instances for user groups
As an administrator, you can now authorize users to specific instances based on associated tags. When creating user groups, navigate to Settings > Users & Roles > Add > Authorization Settings > Select Tags and then authorize users to instances by tags.
For more information, see Configuring role-based access control.
[ NSADM-104798 ]
Configure High Availability pair from NetScaler Console GUI
You can now configure an HA pair directly from the NetScaler Console GUI of the primary node. With this enhancement, after registering both primary and secondary nodes, you need not login to the SSH sessions to deploy any nodes.
In the primary node GUI (Settings > Administration > High Availability Settings > Configure NetScaler Console High Availability (HA)), enter the secondary node details and click Configure. Both the nodes are rebooted to form an HA pair.
For more details, see Deploy HA pair.
[ NSADM-101486 ]
Pause and resume a scheduled upgrade job
NetScaler Console now offers the option to pause your scheduled upgrade job. To use this feature, navigate to Infrastructure > Upgrade Jobs, select an existing scheduled upgrade job, and click Stop to pause the job. To resume the scheduled upgrade job, click Resume.
Note:
If the scheduled time for the upgrade job has passed after you decided to resume it, you need to create the upgrade job again.
For more information, see Pause or resume a scheduled upgrade job
[ NSADM-100807, NSADM-97280 ]
Analytics
Configure an action policy to receive application event notifications
You can now configure an action policy to get application event notifications through Slack, Email, PagerDuty, or ServiceNow. The application events include performance issues, bot and WAF violations, and service graph violations. As an administrator, using the action policy, you can:
- Predefine certain conditions for the application events.
-
Get notified for the following events through Slack, Email, PagerDuty, and ServiceNow:
-
All Security Violations
-
All Bot Violations (For more information on the list of bot violations, see violation categories).
-
All WAF Violations
- WAF SQL Violations
- WAF XSS Violations
- WAF Infer XML Violations
-
- All Security Violations per Client
- Bot Violations per Client
- WAF Violations per Client
Note:
To receive the WAF violation notification, the minimum violation transactions must be 20%. For example, out of 100 transactions, minimum 20 must be violation transactions.
- App score violation
- Client network latency
- Server network latency
- Server processing time
- Response time
- Requests
- Bandwidth
- Service graph violation
For more information, see Configure action policies.
[ NSADM-91868 ]
-
Configure Action policy from Web Insight
You can now configure an action policy from graph trend in Web Insight for these metrics. As an administrator, when you notice any unusual traffic pattern or a sudden spike in these metrics for any application, this enhancement enables you to create a relative action policy by clicking Create Action Policy after placing it on a specific point in the graph.
[ NSADM-101273 ]
Configure Gateway session timeout
In Settings > Analytics Settings > Configure ICA/Gateway Session Timeout, you can now configure idle timeout for Gateway Insight sessions. By default, the value is 30 minutes. With this configuration, if NetScaler Console does not receive a session update record for a gateway session within the configured duration, then the session is recorded as terminated.
[ NSADM-101271 ]
View gateway insights data in Splunk and New Relic
When you create a new subscription in Settings > Ecosystem Integration for the integration of NetScaler Console with Splunk and New Relic, you can now select the Gateway Insights option. After you configure the subscription with the Gateway Insights option, you can view the gateway insights data in Splunk and New Relic.
For more information, see For more information, see Integration with Splunk and Integration with New Relic.
[ NSADM-101036 ]
Export SSL data to Splunk and New Relic immediately
The SSL data is now exported to Splunk and New Relic immediately after an admin creates a subscription by selecting SSL Certificate Insight in Splunk and New Relic. Earlier, the admins had to click Poll Now (Infrastructure > SSL Dashboard) to export the data for the first time.
[ NSADM-101035 ]
Create custom dashboards to view instance key metric details
Similar to the unified dashboard (Overview > Dashboard), you can now view instance metric details based on your choice by creating custom dashboards. For example, if you want to monitor the key metrics for applications and application security, you can create a custom dashboard by selecting only those two categories. You can create up to 20 dashboards by using a unique name for each dashboard. As an administrator, this enhancement enables you to create multiple dashboards and monitor only the required instance insights.
To get started, navigate to Overview > Custom Dashboard.
For more information, see Custom Dashboard.
[ NSADM-91875 ]
Support to share custom dashboard to other users
As an administrator, you can share the custom dashboard with other users. In Overview > Custom Dashboard, select a dashboard and click Share. Type the username and click Invite to share the dashboard. The assigned users can view the dashboard in read-only mode.
[ NSADM-100879 ]
App dashboard - Support to view the monitor status that are bound to the services
In Application Dashboard, when you drill down an application to view service details under All Services or All Services Groups, you can now use the Bound Monitors option to view the monitor status that are bound to the services.
For more information, see How load balancing works.
[ NSADM-97510 ]
Infrastructure
StyleBooks
Support for Visualizer in the StyleBoooks Configuration Builder
The Visualizer feature in the migration workflow now allows you to visualize the application configurations and their associated entities. With this feature, you can view how different components are connected, which can enhance your understanding and decision-making during the migration process.
To view the Visualizer, navigate to Applications > Configurations > Config Packs > Migrate Netscaler Configuration > Application Configuration and select Visualizer.
For more information, see Create a StyleBook to migrate the NetScaler application configuration.
[ NSADM-101529 ]
Fixed Issues
The issues that are addressed in Build 14.1-17.38.
Analytics
-
The XML SQL attack is not reported in both security dashboard (Security > Security Dashboard) and security violations dashboard (Security > Security Violations).
[ NSHELP-37159 ]
-
In Security > Security Violations, when you select custom duration and drill down to view violation details such as Logs and See more, the data does not display full details for the selected custom duration.
[ NSHELP-36909 ]
-
In Security > Security Violations > Applications Overview, when you click View Details to see Application Firewall and NetScaler System Security configuration details, an error message is displayed.
[ NSHELP-36880 ]
-
In Applications > Dashboard, the export of transaction log data to the tabular or CSV format does not display any data. This issue is noticed when NetScaler Console is configured with non UTC time zones.
[ NSHELP-36817 ]
-
In Security > Security Violations > Violation Details, the search filter does not recognise the “Client-IP !=” query.
[ NSHELP-36675 ]
-
Scheduled snapshot reports exported from Security > Security Violations > Export Reports > Schedule Export with the file format selected as JPEG display the following error:
“Please provide query parameters in the report context or csv_export_arr.”
[ NSHELP-36657 ]
-
In Applications > Dashboard, when you click an application hosted on the NetScaler HA pair, the Performance tab on the application details page does not display any data under All Services.
[ NSADM-105613 ]
Infrastructure
-
The difference report is not generated for an upgrade job in Infrastructure > Upgrade Jobs > Diff Reports.
[ NSADM-106777 ]
-
When you, as a root administrator, log on to NetScaler Console GUI or API with default credentials for the first time, you are prompted to change the default password.
[ NSADM-95328 ]
Licensing
-
After the Flexed or Pooled license is applied, the Analytics Configuration page (Settings > Analytics Configuration) is not updated with the correct details.
[ NSADM-106665 ]
-
The Flexed license dashboard in NetScaler Licensing > Flexed Licensing > Dashboard appears blank.
[ NSADM-106561 ]
-
Flexed license dashboard displays NetScaler details only after at least one NetScaler is checked out from the Premium bandwidth license pool.
[ NSADM-106497 ]
Management and Monitoring
-
When creating a GSLB site group, if an instance is added and designated as an active site (Infrastructure > Instances > GSLB Site Group > Make Active Site), the GSLB virtual servers associated with that instance are visible in Infrastructure > Network Functions > GSLB. However, an issue arises when instances with multiple dashes (‘-‘) in the partition name are added. Even if these instances are not marked as active, the GSLB virtual servers linked to them are still displayed in Infrastructure > Network Functions > GSLB.
[ NSHELP-37131 ]
-
When we use NetScaler Console as a flexed/pooled licensing server and then upgrade, Console appears to be in read mode. This issue occurs because there is a delay in all the processes starting.
[ NSHELP-37083 ]
-
When attempting to download a configuration job report in Infrastructure > Configuration > Jobs > Download, the download operation fails and the following error message is displayed:
“Error: Could not create output pdf”
This issue is observed when a command with the
<link>tag is used to create the configuration job.[ NSHELP-37004 ]
-
In Infrastructure > Network Functions > Load Balancing, the Servers tab indicates the number of servers but does not display any table entries for non-default users.
[ NSHELP-36964 ]
-
In the NetScaler Console high availability deployment, the Source column in Settings > NetScaler Console System Events displays the floating IP address instead of the primary IP address from where the event originated.
[ NSHELP-36638 ]
-
When performing a NetScaler Console backup and restore operation on a new VM, only the instance database entries are restored, and not the instance backup files.
[ NSHELP-36625 ]
-
NetScaler Console VIPs license information does not appear in the Console GUI. This issue occurs because there is a delay in reading the license files.
[ NSHELP-36519 ]
-
When a configuration audit template is created with special characters in its name under Infrastructure > Configuration > Configuration Audit > Audit Templates > Add, the template is successfully generated. However, a differential report fails to generate for the template in the Configuration Audit dashboard during polling.
This issue is observed when special characters other than - (dash) and ‘_’ (underscore) are used.
[ NSHELP-36438 ]
-
In NetScaler Licensing > License Management, the configuration for the threshold breach through email notification is not working as expected.
[ NSHELP-36895 ]
-
When you create a subscription for the integration of NetScaler Console with Splunk or New Relic in Settings > Ecosytem Integration, the subscription fails if:
-
You select Secure Access Only option in Settings > Administration > System, Time Zone, Allowed URLs and Agent Settings.
-
You log into NetScaler Console using HTTPS and a self-signed certificate.
[ NSHELP-37250 ]
-
Security
-
After configuring protections in the Unified security dashboard (Security > Security Dashboard > Manage Application), the protections are not getting deployed in the content switching virtual server.
[ NSADM-105544 ]
Known Issues
The issues that exist in release 14.1-17.38.
Infrastructure
-
When you configure certain ciphers in Settings > HA Deployment > Ciphers, the database synchronization fails, and an SSL error is displayed. This issue is seen due to the presence of unsupported ciphers in the NetScaler Console.
[ NSADM-108195 ]
-
The following error message is displayed when you attempt to delete the installed database certificates in Settings > HA Deployment > Database Certificates > Delete:
“Error in fetching certificate details”
[ NSADM-108194 ]
-
The SSL Dashboard displays an incorrect number of used and unused SSL certificates under Infrastructure > SSL Dashboard > Usage.
[ NSADM-106867 ]
-
When licenses are deleted from NetScaler Console for VMware ESXi, the license count in Settings > Licensing & Analytics Configuration might not immediately reflect the updated number.
[ NSADM-105851 ]
-
After a new NetScaler Console is configured, the following error message might appear: “Error in operation - Metrics not found.”
This issue occurs because the automatic data purge job has not been executed yet, resulting in the absence of data. The job is scheduled to run for 3 hours, and after it runs, the necessary data is generated, and the error message no longer appears.
[ NSADM-103157 ]
-
When you try to install a certificate on a NetScaler BLX instance, the installation fails and the Infrastructure > SSL Dashboard > SSL Audit Logs page displays the following error message:
“SCP: Authentication by password fails on
_<ip-address>_.”[ NSADM-102202 ]
-
The NetScaler agent does not get registered to NetScaler Console if either of their passwords has a %23 symbol.
[ NSADM-100613 ]
-
When the Secure access only option is selected in Settings > Administration > System Configurations > Basic Settings and you try to perform any Device API Proxy operation, the operation fails.
[ NSHELP-37368 ]
-
While creating or updating an upgrade job, when you try to select an instance in Infrastructure > Upgrade Jobs > Create Job > Select Instance > Add Instances, the Add Instances page displays the Partitions tab which is not applicable to the workflow. If you select a partition, the page becomes unresponsive and you cannot proceed further.
Workaround: You can ignore the Partitions tab and not select any partitions.
[ NSADM-110118 ]
Licensing
-
When the flexed license has expired or is deleted from NetScaler Console, the license server state incorrectly displays “Freely Managed.”
[ NSADM-108370 ]
Management and Monitoring
-
In an ADM HA pair, the database status observed to be in Down status and not synchronizing even after trying with Sync Database option in the GUI for several times.
[ NSHELP-29626 ]