What’s new

February 19, 2025

StyleBooks

Support for accessing privately-hosted GitLab/GitHub repositories and Infoblox IPAM

NetScaler Console service StyleBooks now allows you to import and synchronize StyleBooks and Configpacks from GitLab/GitHub repositories that are privately hosted and are accessible only within an enterprise’s intranet.

NetScaler Console service IPAM now allows you to register a privately hosted Infoblox DDI server as an external IPAM provider.

Previously, only publicly accessible GitLab/GitHub repositories and Infoblox DDI servers were supported.

For more information, see Import and synchronize StyleBooks from an external repository and Configure IP address management (IPAM).

Fixed issues

Analytics

To comply with unlimited VIPs, the Subscription details are removed in Settings > Analytics Configuration.

[ NSHELP-39415 ]

February 06, 2025

Analytics

Enable Web transaction analytics at the virtual server level

You can now enable Web transaction analytics at the virtual server level. To do so, when you enable analytics for a virtual server, you must select the new Detailed Web Transactions option to enable the Web transaction analytics.

Earlier, when you enabled analytics for a virtual server, Web transaction analytics was automatically enabled.

For more information, see Web transaction analytics.

[ NSADM-117800 ]

Infrastructure

Disable notifications for managed devices during maintenance and troubleshooting windows

Administrators can temporarily disable notifications for specific managed devices during maintenance and troubleshooting windows. This enhancement avoids receiving unnecessary alerts and notifications concerning device-specific issues and status updates during these intervals.

To disable notifications, navigate to Settings > Administration > Instance Settings > Notification Disable Windows and add the required details. For more information, see Instance Settings.

[ NSADM-108789 ]

Fixed issues

Infrastructure

In Job Template, the following error is displayed while importing the configuration job template using the Import button:

Invalid resource

[ NSHELP-39259 ]

January 15, 2025

Telemetry

Changes to Console on-prem telemetry upload

You must now create a profile for each NetScaler Console on-prem instance for uploading the telemetry file to the NetScaler Console service. You might have multiple NetScaler Console on-prem instances deployed globally. By creating a profile for each on-prem instance, you can upload the telemetry file for those on-prem instances and monitor the upload deadline separately.

To create a profile, navigate to Settings > Console on-prem telemetry upload and click Create Profile.

Note:

If you are an existing Console on-prem user and have previously uploaded the telemetry file to the Console service, you must create a new profile and then upload the telemetry file. After creating the new profile, you might observe a discrepancy between the Console on-prem deadline and the Console service deadline. Ensure that you upload the telemetry file to NetScaler Console service on or before the due date that is shown in your Console on-prem. This discrepancy is aligned after you complete one upload using the new profile.

For more information, see Console on-prem upload.

[ NSADM-112194 ]

Analytics

Support to enable custom header in analytics settings to fetch the client IP address

When you enable analytics for an application you can now define a custom header, such as X-Real-IP, X-Client-IP, or any other custom header, to fetch the actual client IP address instead of the proxy IP address. The custom header option allows:

• Compatibility with diverse network proxies that use various headers.
• Accuracy to get the actual client IP address in a complex network environment with multiple layers of proxies.

• Additional security measures than those provided by the standard headers.

  [ NSADM-114167 ]

Sort and search support in custom dashboard

In Custom Dashboard (Overview > Custom Dashboard), you can now use the:

• Sort option to display the custom dashboards alphabetically.

• Search option (both plain text and regular expression) to narrow down the search results.

[ NSADM-107153 ]

Infrastructure

Hostname in system event email notifications

NetScaler Console now includes the hostname of associated NetScaler instances in system event email notifications.

[ NSADM-113715 ]

StyleBooks

Import and synchronize StyleBooks from GitLab external repository

StyleBooks now support the import and synchronization of StyleBooks and configuration packs from GitLab repositories. Previously, this feature was only available for GitHub repositories.

For more information, see: Synchronize external repository

[ NSADM-114530 ]

Selecting multiple items from a StyleBook data source

You can now create StyleBooks that allow users to select multiple items from a data source parameter. StyleBooks now support a datum array as a parameter type, enabling users to select a list of data sources or collection items as input.

For more information, see: Manage StyleBook data sources.

[ NSADM-112540 ]

Support a filter for data source collections

StyleBooks now allow you to specify a collection filter for a data source parameter. While providing input for such a parameter in a config pack operations, users will only see and be able to select items from the filtered collection, rather than from all items.

For more information, see: Built-in data source, Custom data source

[ NSADM-111339 ]

Fixed issues

Analytics

• In Settings > Observability Integrations, editing or deleting a subscription might fail if a NetScaler command failure occurs.

  [ NSHELP-39094 ]

• In HDX Insight and Web Insight, the Geolocation report does not resolve the client IP location for the defined IP block.

  [ NSHELP-39036 ]

Infrastructure

• When a user with all default roles in the NetScaler Console attempts to generate the activation code for registering an agent, the action fails with the error Not Authorized to perform this operation.

  [ NSHELP-39046 ]

• When a non-nsroot user tries to view the statistics for a specific virtual server in Network Functions (Infrastructure > Network Functions), an error message is displayed.

  [ NSHELP-39077 ]

StyleBooks

• When you deploy a config pack on a NetScaler HA pair and a failover occurs, attempting to update the config pack with the instance ID of the new primary fails.

  [ NSHELP-39196 ]

• When you delete a config pack that includes a policy dataset referenced by the Access Control List of NetScaler, and resource reuse is enabled for the associated StyleBook, the policy dataset remains stale in NetScaler.

  [ NSHELP-39035 ]

• When you edit config packs in Applications > Configurations > Config Packs, the order of added items is not retained.

  [ NSHELP-38893 ]

December 03, 2024

Sharing configuration entities between migrated configurations

You can now reuse configuration entities when migrating configurations using the Config Migration utility. Subsequent migrations successfully reuse existing configuration entities on the target ADC that were created by earlier migrations. Previously, the migration of configurations failed with an error Resource already exists when migrating two configurations that shared some configuration entities.

For more information, see: Simplified migration using StyleBook

[ NSADM-115574 ]

Migrate analytics from policy-based to profile-based configuration

When you enable analytics on virtual servers, the analytics are now applied through profile-based configuration. Earlier, analytics was configured through an AppFlow policy. The profile-based configuration has the following benefits:

• Improved performance and flexibility

• Easier configuration and management

Enhancements related to analytics configurations are supported only in profile-based configuration. We recommend that you migrate all your existing virtual servers that are enabled for analytics to profile-based configuration.

Navigate to Settings > Analytics Configuration and then select Migrate Analytics

For more information, see Migrate analytics.

[ NSADM-117532 ]

Fixed Issues

Analytics

• In Web Insight, the data is not visible if the custom date range is more than one day.

  [ NSHELP-38356 ]

Infrastructure

• NetScaler Console fails to generate a Certificate Signing Request (CSR) from the SSL dashboard.

  [ NSHELP-39085 ]

• When you update the permissions in Identity and Access Management (IAM) for an Azure group, the changes are not reflected in NetScaler Console.

  [ NSHELP-39020 ]

• DeviceAPIProxy calls fail to get the results for the “systemfiles” NITRO call from NetScaler.

  [ NSHELP-38971 ]

• The PINNED menu list is visible only when the first level of the menu is expanded in the enhanced GUI of NetScaler Console.

  [ NSADM-117694 ]

StyleBooks

• Attempting to configure a Link Aggregation Control Protocol (LACP) channel using a StyleBook config pack fails.

  [ NSHELP-38914 ]

• Force deleting a configpack fails if it is missing mandatory parameters.

  [ NSHELP-38906 ]

• When you update a StyleBook definition, draft and scheduled configpacks are inadvertently deployed .

  [ NSHELP-38905 ]

• When creating an RBAC policy for StyleBook configuration pack operations, APIProxy permissions must be selected manually . If they are not selected, the configuration pack fails.

  [ NSHELP-38894 ]

November 20, 2024

Enhanced user experience in NetScaler Console GUI

The NetScaler Console service now offers an improved Graphical User Interface (GUI) for a better user experience. Key improvements include:

• Hover-to-Display menu: The primary menu tree structure is replaced with a hover-to-display feature for easier navigation. Secondary menu items appear when hovered over, displaying a submenu for quicker selection.

• Streamlined menu hierarchy: The menu hierarchy is now limited to a maximum of three levels, simplifying access to key options.

• Updated submenu labels: Submenu names are revised for options previously nested beyond the third level.

• Collapsible menu: The entire menu can now be collapsed or expanded by clicking an icon in the pane, providing more screen space.

• Sidebar toggle: A new toggle button on the breadcrumb allows you to hide or show the sidebar, optimizing the workspace.

• Set home page: You can now set a displayed page as your homepage by clicking the icon next to the submenu name.

• Pin favorite items: Easily pin your favorite menu items for faster access.

For more information, see Enhanced Graphical User Interface.

[ NSADM-114172 ]

Option to delete SSL certificate from NetScaler

You can now delete an SSL certificate from NetScaler. Earlier, when you deleted the file from Infrastructure > SSL Dashboard, the certificate was removed only from the running configuration. The associated certificate file was not deleted from NetScaler.

For more information, see SSL Dashboard.

[ NSADM-104780 ]

Fixed issues

Infrastructure

• When you update certificates using the certificate store (Infrastructure > SSL Dashboard > Certificate Store), NetScaler Console fails to update the intermediate certificates on NetScaler instances.

  [ NSHELP-38869 ]

• If you have more than 1000 applications, NetScaler Console fails to respond and results in a high CPU usage when you:

  • Create a user group (Settings > Users & Roles > Groups > Add).

  • Assign specific applications by clicking Add in the Authorization Settings tab.

    [ NSHELP-38849 ]

• When a read-only user logs in to NetScaler Console, the following error message appears:

  No or invalid session found.

  [ NSHELP-38833 ]

StyleBooks

A config pack update fails when the order of the policy bindings that are initially configured by using the StyleBook config pack is reordered according to priority.

[ NSHELP-38656 ]

November 12, 2024

Management and Monitoring

Support for identification and remediation of CVE-2024-8534 and CVE-2024-8535

NetScaler Console service Security Advisory now supports the identification and remediation of CVE-2024-8534 and CVE-2024-8535.

• Identification for CVE-2024-8534 requires a combination of version scan and configuration scan. Remediation requires an upgrade of the vulnerable NetScaler instances to a recommended build that has the fix.

• Identification for CVE-2024-8535 requires a version scan, and remediation requires a two-step process:

  1. Upgrade the vulnerable NetScaler instance to a release and build that has the fix.

  2. Apply configuration jobs.

     For more information, see Remediate CVE-2024-8535.

  Note:

  Security Advisory does not support NetScaler builds that have reached End of Life (EOL). We recommend you upgrade to the NetScaler supported builds or versions.

• For more information about using NetScaler Console to upgrade NetScaler instances, see Use jobs to upgrade NetScaler instances.

• For more information about the CVE, see Security Bulletin.

Note:

It might take a couple of hours for the security advisory system scan to conclude and reflect the impact of CVE-2024-8534 and CVE-2024-8535 in the security advisory module. To see the impact sooner, you can start an on-demand scan by clicking Scan Now.

[ NSADM-116109 ]

October 15, 2024

Telemetry

NetScaler telemetry page in the NetScaler Console GUI

You can now view the NetScaler telemetry page in the GUI that has information, such as data collection, mode of telemetry, and prerequisites. You must only ensure that the prerequisites are met and no action is required for the telemetry data upload.

The NetScaler telemetry program for the mandatory telemetry data collection was introduced in NetScaler Console 14.1-28.x build.

[ NSADM-114637 ]

Analytics

Improvements to SSL usage analytics in Web Insight

In Web Insight, the SSL usage analytics is now improved with better visibility on the key metrics, such as cipher, key strength, and protocols during the higher traffic scenarios. Earlier, the visibility of these key metrics during the higher traffic scenarios displayed only limited details.

[ NSADM-113728 ]

SSL widget in custom dashboard

In the custom dashboard (Overview > Custom dashboard), you can now create dashboards to view metrics related to SSL configuration. For more information on creating a custom dashboard, see Create custom dashboards to view instance key metric details.

[ NSADM-109893 ]

Fixed issues

Infrastructure

• In the Infrastructure > SSL Dashboard, the root and intermediate certificates in the SSL certificate chain are not displayed.

  [ NSHELP-38428, NSADM-116525 ]

• In the Infrastructure > SSL Dashboard, the issuer of the publicly available certificates is incorrectly displayed as Not Recommended.

  [ NSHELP-38408 ]

• In NetScaler Console, event messages containing between “<” and “>” are not displayed in the email body.

  [ NSHELP-38257 ]

• In the security dashboard (Security > Security Dashboard), when you configure protections for the unsecured applications or modify protections, and click Deploy, the following error message appears:

  HTTP Error 502 while accessing the data endpoint: "Unified_appsec_profile"

  [ NSHELP-38763 ]

October 03, 2024

Licensing

Troubleshoot Flexed/Pooled licensing related issues

In the Flexed or Pooled licensing dashboard, under Licensed NetScalers, you can now use the Troubleshoot option to view and analyze few licensing related issues. Some possible licensing issues are communication from Console to the instances and availability of the License Server Agents (LSA). The Troubleshoot option provides the list of issue categories such as License server, LSA, Processes, Communication, and their status. As an administrator, if you find any licensing issues, you can analyze these categories and troubleshoot.

For more information, see Troubleshoot licensing issues.

[ NSADM-111746 ]

StyleBooks

Enhanced Integration and Sharing of configuration in Migration Utility config packs

You can now integrate and reuse configurations across various migration config packs. Previously, configurations created outside the Migration Utility could not be reused across multiple config packs.

[ NSADM-115574 ]

Points to note

Stricter HTTP header validation is implemented for the NetScaler Console service. API users are now required to use the correct Content-Type header.

Fixed issues

The issues that are addressed in Build Oct 03, 2024.

Analytics

• In Security > Security Violations, under Application Overview, the details for WAF security violations reported in NetScaler 14.1–21.38 appear blank after you:

  1. Select an application from the Top Applications reported under WAF to view more details.
  2. Click See more under Violation details.
  3. Under Timeline Details, click + and select all columns.

  [ NSHELP-38591 ]

Infrastructure

• SNMP traps are not received after the MASTools HA device failover.

  [ NSHELP-38058 ]

StyleBooks

• The configuration of ADC resources with mixed case naming, such as ‘Interface’, is not applied even if the StyleBook configpack operation succeeds.

  [ NSHELP-38535 ]

September 19, 2024

Infrastructure

Changes in Network Functions polling intervals

Along with the existing default polling interval for all NetScaler instances, NetScaler Console can now also poll selected NetScaler instances that have configuration changes earlier than the default poll cycle. With this enhancement, the default polling interval is now changed to 720 minutes. In Infrastructure > Network Functions, when you click Settings, you can now view a new option Perform Network Functions Polling on receiving “netScalerConfigChange” event under Network Functions based on Configuration Change. This option is enabled by default with a 15-minute interval in the Delay time for Network Functions.

Now, if a configuration change event occurs in NetScaler instances, NetScaler Console only polls these instances after the 15-minute interval.

Notes:

• You can change the default polling interval (to poll all NetScaler instances) to a value between 30 minutes and 1440 minutes.

• You can change the default interval value of 15 minutes (to poll only selected instances) to a value between 5 minutes and 60 minutes.

• You can disable Perform Network Functions Polling on receiving “netScalerConfigChange” event. When disabled, NetScaler Console polls all the NetScaler instances according to the default polling cycle.

For more information, see Polling overview.

[ NSADM-115408 ]

Fixed issues

The issues that are addressed in Build Sep 19, 2024.

Infrastructure

The contents in the export report notification email are not compliant with RFC 5322.

[ NSHELP-38490 ]

StyleBooks

• Creating a configpack from a StyleBook definition that has snmptrap_snmpuser_binding fails with an error message list index out of range.

  [ NSHELP-38538 ]

• When configuring a StyleBook, the GUID of the selected datasource is shown instead of its readable name in the input summary view.

  [ NSADM-115644 ]

September 03, 2024

Observability

View NetScaler Console audit logs data in observability tools (Splunk, New Relic, and Microsoft Sentinel)

When you create a new subscription in Settings > Observability Integration for the integration of NetScaler Console service with Splunk, New Relic, or Microsoft Sentinel, you can now select the NetScaler Console Audit Logs option. After you configure a subscription, you can view NetScaler Console audit logs in these observability tools.

For more information, see:

• Integration with Splunk

• Integration with New Relic

• Integration with Microsoft Sentinel

[ NSADM-114776 ]

Fixed issues

The issues that are addressed in Build Sep 03, 2024.

Analytics

• In Web Insight, when you schedule export (tabular format) for a daily report, the report displays the same data everyday.

  [ NSHELP-38370 ]

• In Web Insight, the data is not visible if the custom date range is more than one day.

  [ NSHELP-38356 ]

August 27, 2024

Analytics

Configure global analytics

You can now configure global analytics using custom and global policies.

• Custom policy - Using the custom policy, you can control instances or virtual servers that only require specific insights.

• Global policy - Using the global policy, you can configure and enable analytics on the existing managed virtual servers and any new virtual servers.

You can create up to 10 policies; nine custom policies and one global policy, or 10 custom policies. Navigate to Settings > Analytics Configuration and under Global Analytics Summary, click Global Analytics Configuration to configure a custom or global policy.

For more information, see Configure global analytics.

[ NSADM-97377 ]

Applications

If you upgrade an application to A+ SSL rating, you can now revert to its original rating only within 7 days after the upgrade.

[ NSADM-111546 ]

App Dashboard - Create and apply tags to applications (virtual servers)

In App Dashboard, you can now create and apply tags to applications. These tags improve the search functionality. After you create tags and you click the search bar, you can use the tags and refine the search.

For more information, see Create and apply tags to applications.

[ NSADM-91862 ]

StyleBooks

Reuse configurations created outside of StyleBooks and share configurations between ConfigPacks

You can now integrate and manage configurations that were previously created outside of StyleBooks in NetScaler as part of Stylebook config packs. Additionally, you can now share configurations across multiple config packs, enabling more flexible and centralized management.

For more information, see Create and edit a config pack.

[ NSADM-112547 ]

Fixed Issues

The issues that are addressed in Build Aug 27, 2024.

Analytics

In Web Insight, the data is not visible for the virtual servers that have the same name across all the managed instances.

[ NSHELP-38292 ]

Infrastructure

• NetScaler Console memory utilization increases if the managed instances are configured with more than 10000 health monitors bound to the service groups. As a result, NetScaler Console might not be accessible.

  [ NSHELP-38443, NSHELP-38448 ]

• When provisioning the NetScaler agent or NetScaler VPX on Microsoft Azure, the NetScaler Console Provisioning service API fails to retrieve Azure subnet details.

[ NSHELP-38349 ]

July 25, 2024

Fixed issues

Infrastructure

In Infrastructure > Upgrade Jobs, when you upgrade a NetScaler instance that has classic policies, the pre-upgrade validation lists the instance as Instances blocked from upgrade, and the upgrade does not happen.

Workaround: Before upgrading an instance, we recommend that you convert the classic policies to advanced policies for the features that are supported by the NSPEPI tool. For more information, see Upgrade considerations for configurations with classic policies.

[ NSADM-113851 ]

Telemetry

As part of the NetScaler telemetry program, NetScaler Console no longer checks for the following configuration every 24 hours or pushes it to NetScaler instances. Earlier, the configuration was checked every 24 hours and pushed to NetScaler instances, if it was missing:

enable ns feature AppFlow
add analytics profile telemetry_metrics_profile -type timeseries -outputMode prometheus -metrics ENABLED -serveMode Pull -schemaFile "./telemetry_collect_ns_metrics_schema.json" -metricsExportFrequency 300
 

[ NSADM-114375 ]

July 15, 2024

Infrastructure

Support for 3072 bits encryption key in the NetScaler Console SSL dashboard

You can now configure an enterprise policy with the key strength of 3072 bits for your certificate. In Infrastructure > SSL Dashboard > Settings > Enterprise Policy > Recommended key strengths, select a 3072-bit encryption key. Previously, only key strengths of 512, 1024, 2048, and 4096 bits were available.

For more information, see:
For NetScaler Console service: Configure an enterprise policy
For NetScaler Console on-prem: Configure an enterprise policy

[ NSADM-109528 ]

View and export NetScaler-owned IP addresses in the NetScaler Console GUI

You can now view and export NetScaler-owned IP addresses (Infrastructure > Instances > NetScaler Owned IPs) in the NetScaler Console GUI.

For more information, see View NetScaler-owned IP addresses.

[ NSADM-88798, NSADM-91769 ]

Licensing

View details for VPX instances provisioned on an SDX instance in the Flexed licensing dashboard

In the Flexed licensing dashboard (NetScaler Licensing > Flexed Licensing > Dashboard), under Licensed NetScalers, you can view the number of VPX instances that are checked out for NetScaler SDX. You can now click the count to view the provisioned VPX instance details for that SDX, such as instance Name, IP address, Throughput (MBPS), and Edition.

Earlier, you were able to view only the total number of VPX instances checked out for that SDX.

[ NSADM-105358 ]

View MPX/SDX host ID and serial number details in Zero-capacity licenses

In NetScaler Licensing > Zero-capacity licenses, you can now view Host ID and Serial Number details for the MPX and SDX instances.

[ NSADM-100327 ]

Fixed issues

The issues that are addressed in Build Jul 15, 2024.

Infrastructure

• When you modify an instance in NetScaler Console (Infrastructure > Instances > NetScaler), such as changing the site or admin profile, the key-value pairs of the tags associated with the instance are reversed.

  [ NSHELP-38083 ]

• In Config Job, when you run the ShowConfiguration template simultaneously on both the primary and secondary NetScalers in an HA pair, clicking Download Result Files downloads the file only for the secondary instance.

  [ NSHELP-37831 ]

• When a dashboard is not present in Network Reporting (Infrastructure > Network Reporting), you get the following error message:

  “You don’t have access to this page”

  This error message can be ignored and it does not prevent you from creating dashboards.

  [ NSADM-113332 ]

• The SNMP traps are not received in NetScaler Console service when it is configured by using the built-in agent.

  [ NSHELP-38191 ]

StyleBooks

In the NetScaler Console GUI, when you edit a config pack to use a different StyleBook, the upgrade does not work as expected.

[ NSADM-110351 ]

July 09, 2024

Support for identification and remediation of CVE-2024-5491 and CVE-2024-5492

NetScaler Console service Security Advisory now supports the identification and remediation of CVE-2024-5491 and CVE-2024-5492.

• Identification for CVE-2024-5491 requires a combination of version and configuration scan.

• Identification for CVE-2024-5492 requires a version scan.

Remediation requires an upgrade of the vulnerable NetScaler instances to a recommended build that has the fix.

Note:

Security Advisory does not support NetScaler builds that have reached End of Life (EOL). We recommend you upgrade to the NetScaler supported builds or versions.

For more information on how to use NetScaler Console to upgrade NetScaler instances, see Use jobs to upgrade NetScaler instances.

For more information, see Security Bulletin.

Note:

It might take a couple of hours for the security advisory system scan to conclude and reflect on the impact of CVE-2024-5491 and CVE-2024-5492 in the security advisory module. To see the impact sooner, you can start an on-demand scan by clicking Scan Now.

June 18, 2024

Telemetry

NetScaler telemetry program

As an existing NetScaler Console customer, you are required to be compliant with the NetScaler Telemetry program that requires license and feature usage telemetry data collection. The telemetry data uploads happen every 24 hours automatically and no action is required from your end.

• For more information, see NetScaler Telemetry program.

• For more information about the telemetry parameters, see Data Governance.

[ NSADM-113300 ]

June 11, 2024

Analytics

Metrics Collector and lean period usage analytics enabled at the virtual server level

Metrics collector and lean usage analytics are now enabled at the virtual server level instead of the instance level. With this enhancement, metrics collector and lean usage analytics remain enabled only on your active virtual servers with high traffic.

You can review your virtual servers and enable Metrics Collector and lean usage on other virtual servers by navigating to Settings > Analytics Configuration and clicking Configure Metrics under Virtual Server Metrics Summary.

For more information, see Configure Intelligent App Analytics.

[ NSADM-111609 ]

Assign a net profile in NetScaler instances for metrics collection

When you enable metrics collector for the virtual servers in NetScaler Console, the metrics data from the NetScaler is exported to NetScaler Console through the NetScaler subnet IP address (SNIP). In some scenarios, the SNIP might be blocked because of the firewall in the network. In such scenarios, you might have to use a different IP address. For more information about net profile, see Use a specified source IP for back-end communication.

You can now assign a net profile to NetScaler instance for metrics collection. Metrics Collector pushes the NetScaler counter data to NetScaler Console, which is used to detect application issues. Navigate to Infrastructure > Instances > NetScaler, select the instance, and from the Select Action list, click Configure Net Profiles for Metrics Collector.

For more information on assigning a Net Profile, see Assign a net profile for the managed NetScaler instance.

[ NSADM-111138 ]

Observability Integration - View details for failed NetScaler subscription

In Observability Integration, when you configure a subscription for NetScaler to Splunk or Prometheus, you can now view detailed logs for the failed subscriptions. As an administrator, using these logs, you can analyze the reason for the subscription failure.

For more information, see View logs for failed configurations

[ NSADM-109022 ]

Removal of periodic export option for WAF and Bot insight in Observability Integration

The periodic export option for WAF and Bot insight is now removed when you configure the export of insights from NetScaler Console to observability tools (such as Splunk, New Relic, and Microsoft Sentinel). Since WAF and Bot violations are crucial, it is recommended to use the real-time export option to export insights in real time whenever they occur.

Any existing subscription with periodic export configuration for WAF and Bot is automatically changed to real-time export.

[ NSADM-109019 ]

Infrastructure

Support for “App-based” provisioning

NetScaler Console service introduces “App-based” provisioning for AWS and Azure. This feature streamlines and simplifies NetScaler deployments in cloud data centers, enabling efficient application delivery from these environments.

For more information, see App-based provisioning in AWS and App-based provisioning in Azure.

[ NSADM-108491 ]

Fixed Issues

The issues that are addressed in Build Jun 11, 2024.

Analytics

• A process in NetScaler Console/Agent might crash due to memory corruption.

  [ NSHELP-38032 ]

• In Web Insight, the details for the load balancing virtual server configured behind content switching virtual server are not visible for daily, weekly, and monthly reports.

  [ NSHELP-37713 ]

Infrastructure

• When non-admin users try to view statistics for the virtual servers in NetScaler Console (Infrastructure > Network Functions), the following error message appears:

  “Not authorized to access "

  [ NSHELP-37977 ]

• In an HA setup, when you use the built-in agent “mastools” along with the partitions, the status of the secondary NetScaler instance is “unknown” in the SSL Dashboard (Infrastructure > SSL Dashboard) and in Load Balancing (Infrastructure > Network Functions > Load Balancing).

  [ NSHELP-37902 ]

StyleBooks

• When you edit the config packs, any changes you make to ACLs or Policy-Based Routing (PBR) rules such as add, update, or delete are not applied.

  [ NSHELP-37656 ]

June 5, 2024

Analytics

Integrate NetScaler Console with Microsoft Sentinel

In Observability Integration, you can now configure the integration of NetScaler Console with Microsoft Sentinel to export and view insights in Microsoft Sentinel. For a successful integration, ensure that the following prerequisites are met:

• Azure subscription - An Azure subscription to deploy and use Microsoft Sentinel.
• Log Analytics Workspace - A workspace is required to store and analyze the collected data.
• IAM roles - Permission levels such as reader, contributor must be set for the workspace.
• Custom tables - To store and send the NetScaler Console data to the workspace.

For more information, see Integration with Microsoft Sentinel

[ NSADM-108930 ]

Platform

Support for OpenSSH version 9.x

The OpenSSH version on NetScaler is now upgraded from 8.x to 9.x.

[ NSPLAT-29640 ]

StyleBooks

Save as draft option in config packs

You can now save the config pack as a draft. To save the configuration as a draft, follow these steps:

1. Navigate to Applications > Configuration > Config Packs.
2. On the Configurations page, click Add.
3. Select a stylebook and click Select.
4. On the Create Configuration page, click Save as Draft.

The saved drafts appear in the Draft Configurations tab under Pending Configurations.

For more information, see Save a config packs as a draft.

[ NSADM-110734 ]

Schedule option in config packs

You can now schedule the deployment of newly created config packs. To create a schedule for a new config pack, follow these steps:

1. Navigate to Applications > Configuration > Config Packs.
2. On the Configurations page, click Add.
3. Select the stylebook and click Select.
4. On the Create Configuration page, under Execution, choose Later from the Execution Mode list.
5. Select the desired time and date for scheduling.

For deployed config packs, you can schedule when to publish the updates and when to delete the config pack. The scheduling options are available when you edit a deployed config pack.

For more information, see Create a schedule for a config pack.

[ NSADM-110728 ]

Fixed Issues

The issues that are addressed in Build Jun 5, 2024.

Analytics

• The Application Heath details in the Overview dashboard do not display the same details available at Application Score in App Dashboard.

  [ NSHELP-37720 ]

• If more than 25000 virtual servers are managed through NetScaler Console, App Dashboard might take more time to load details.

  [ NSADM-111705 ]

Infrastructure

• The event rules fail to generate the expected actions when the service group state changes.

  [ NSHELP-37616 ]

StyleBooks

• When you add collection data with empty values for fields of type IP address, integer, or boolean to the custom data source in StyleBooks, the operation might fail.

  [ NSHELP-37826 ]

• When you create a config pack from NetScaler Console GUI, the system might return an empty list for the parameters referring to the built-in managed-adc data source.

  [ NSHELP-37824 ]

• When you try to create a config pack or perform a dry run, the operations might fail if both of the following conditions are met:

  • The StyleBook definition references another StyleBook within the component section.
  • When you assign parameters of type “datum” to properties between the current StyleBook and the referenced StyleBook.

  [ NSHELP-37793 ]

May 22, 2024

Analytics

Bulk upgrade SSL virtual servers using the SSL A+ rating upgrade task

In Tasks, you can now view the SSL A+ rating upgrade task. The existing upgrade to A+ SSL rating process in App Dashboard enables you to upgrade only one application at a time. Using the SSL A+ rating upgrade task, you can do a bulk upgrade.

NetScaler Console reviews the application virtual server SSL configuration with the NetScaler secure front-end profile and identifies the non-A+ rated applications. The SSL A+ rating upgrade task displays the non-A+ rated applications. As an administrator, you can select applications and do a bulk upgrade to achieve SSL compliance.

For more information, see Actionable tasks and recommendations.

[ NSADM-108164 ]

Licensing

Actual usage details in Flexed license reporting

In Flexed License Reporting dashboard (NetScaler Licensing > Flexed Licensing > Reporting), you can now view the actual Bandwidth/Throughput usage that enables you to view the consumption details (peak usage and average usage). Earlier, the dashboard displayed only the allocation and entitlement details.

In addition, the following enhancements are also available in the Flexed license reporting dashboard:

• Filter to view details for selected NetScaler instances.
• Option to export details in PDF, PNG, and JPEG format.
• Bandwidth is renamed to throughput capacity.

For more information, see Flexed license reporting

[ NSADM-97093 ]

StyleBooks

Create NetScaler policy expressions in StyleBooks

The StyleBooks GUI now allows you to build NetScaler policy expressions by selecting items from lists, helping you to create expressions faster and more accurately. To make the policy expression editor available for a parameter, specify the is_policy_expression GUI attribute in the parameter definition of StyleBooks.

For more information, see Policy expressions in StyleBooks.

[ NSADM-12651 ]

Fixed issues

The issues that are addressed in Build May 22, 2024.

Infrastructure

In Config Job, when you run the ShowConfiguration template simultaneously on both the primary and secondary NetScalers in an HA pair, clicking Download Result Files downloads the file only for the secondary instance.

[ NSHELP-37831 ]

StyleBooks

When you delete a NetScaler instance that uses a subnet IP address (SNIP) for management access from NetScaler Console and then re-add the instance, the operations on config packs created before deleting the instance might fail.

[ NSHELP-37786 ]

April 23, 2024

Analytics

Support to export periodic data for custom NetScaler instances

When you create a subscription for the data export of NetScaler Console to Splunk or New Relic, you can now select Periodic Export (daily or hourly) and apply it to the custom instances. Earlier, periodic insights data export to the custom instances was not supported.

[ NSADM-109020 ]

Infrastructure

Additional event alert for disk utilization

NetScaler Console now allows you to set an additional threshold value for disk utilization alarms. With this threshold value, you can set a lower-level limit to receive alerts before an upper threshold is breached. To configure the lower-level threshold, navigate to Settings > SNMP > Edit and enable Configure a lower-level threshold.

For more information, see Configure and view system alarms.

[ NSADM-97285 ]

Fixed Issues

The issues that are addressed in Build April 23, 2024.

Infrastructure

• When you try to export the NetScaler Console report as a snapshot in Infrastructure > Instances > NetScaler, the page becomes unresponsive.

  [ NSHELP-37689 ]

• If more than 10 NetScaler instances are managed through an agent in NetScaler Console, the agent inventory subsystem fails. As a result, NetScaler Console does not fetch the latest NetScaler configuration data.

  [ NSHELP-37749 ]

Licensing

• The number of instances shown on the Flexed License dashboard is incorrect.

  [ NSHELP-37733 ]

Security

• When you export violation records in tabular form through the Export Now or Schedule Export options in Security > Security Violations > All Violations > Violation Details, only the records visible in the current page view are included in the report, regardless of the number of records selected in Number of Records to Export.

  [ NSHELP-37562 ]

April 10, 2024

Analytics

Observability Integration - Support to configure the export of NetScaler metrics and Audit logs to Splunk

In Settings > Observability Integration, you can now configure the export of NetScaler Metrics and Audit logs to Splunk.

For more information, see Configure the export of NetScaler metrics and audit logs to Splunk.

[ NSADM-108858 ]

Infrastructure

Access NetScaler GUI through host name

When you connect to NetScaler through Infrastructure > Instances > NetScaler, clicking on the host name now establishes the connection to the NetScaler GUI through the host name. Previously, clicking on either the host name or the IP address initiated the connection to the NetScaler GUI through the NSIP.

[ NSADM-108790 ]

View discrepancies between high-availability nodes during upgrade

You can now view configuration discrepancies between the primary node and the secondary node while upgrading the NetScaler high-availability deployment. You can review the discrepancies and decide to continue or halt the upgrade. To use this feature, navigate to Infrastructure > Upgrade Jobs, and view the discrepancies in the Pre-upgrade validation tab.

For more information, see Upgrade jobs .

[ NSADM-103826 ]

Fixed Issues

The issues that are addressed in Build April 10, 2024.

Infrastructure

• The Infrastructure > Events > Syslog Messages page appears blank when the syslog messages contain special characters such as superscripts.

  [ NSHELP-37551 ]

• The count of used and unused certificates displayed in Infrastructure > SSL Dashboard > Usage is incorrect when the SSL certificates have certificate chains.

  [ NSHELP-37469, NSADM-106867 ]

Licensing

• The ports 27000 and 7279 required on agent for Pooled or Flexed licenses might become unavailable after the restart of agent processes. In such scenarios, the NetScaler instances using Pooled or Flexed licenses might go into grace period.

  [ NSADM-110461 ]

Security

• When you navigate to Security > WAF Recommendation, you might see the following error message:

  “HTTP Error 500 ([object Object]) while accessing the data endpoint: “apps””

  [ NSHELP-37598 ]

March 26, 2024

Fixed Issues

The issues that are addressed in Build March 26, 2024.

Infrastructure

• While creating or updating an upgrade job, when you try to select an instance in Infrastructure > Upgrade Jobs > Create Job > Select Instance > Add Instances, the Add Instances page displays the Partitions tab which is not applicable to the workflow. If you select a partition, the page becomes unresponsive and you cannot proceed further.

  [ NSADM-110118 ]

• When you create Slack notifications in Settings > Notifications > Slack > Create Slack Notifications and select Notifications with attachment, the notifications do not get displayed and the following error message is seen:

  Invalid token

  [ NSHELP-37313 ]

StyleBooks

• When the Secure access only option is selected in Settings > Administration > System Configurations > Basic Settings and you try to perform any Device API Proxy operation, the operation fails.

  [ NSHELP-37368 ]

March 12, 2024

Licensing

Support to manually select a NetScaler agent as LSA in NetScaler Console service

You can now manually select a NetScaler agent as a license server agent (LSA) for NetScaler Pooled licensing or NetScaler Flexed licensing.

When an LSA is down, the NetScaler Console service waits for 24 hours before auto-electing the next LSA. The admin can manually elect the new LSA in the interim by using this feature. However, the admin must ensure that the status of the new LSA being elected is UP and its diagnostic status is OK.

For more information, see NetScaler agent behavior for Flexed or Pooled licensing.

[ NSADM-105168 ]

Fixed Issues

The issues that are addressed in Build March 12, 2024.

Analytics

• When you enable Gateway Insight for the Gateway virtual servers, the Analytics Status column in Settings > Analytics Configuration > All Virtual Servers shows Disabled.

  [ NSHELP-37400 ]

• In Gateway > Gateway Insight, the Authentication tab does not display user details for the failed authentications.

  [ NSHELP-37465 ]

Infrastructure

• When a user-defined policy is created and a user is added to that policy, GET API requests for specific resources encounter permission issues and the following error is displayed:

  “Not authorized as required permissions were not given”

  [ NSHELP-37331 ]

February 28, 2024

Infrastructure

Updates to VIP licensing and NetScaler Console Service storage

• Unlimited VIPs on NetScaler Console service: Starting from NetScaler Console service release 14.1-21.x, the concept of licensed VIPs is removed. An unlimited number of VIPs are now available in NetScaler Console service. You no longer have to purchase NetScaler Console virtual server licenses because VIP license SKU will be End of Sale (EOS) & End of Renewal (EOR) shortly.

• NetScaler Console service storage:

  • NetScaler Console service storage SKU will be End of Sale (EOS) & End of Renewal (EOR) shortly.

  • The default NetScaler Console service storage entitlement is now 5GB.

  • Any NetScaler Console service storage licenses purchased in the past are honoured until the term ends.

  • Any NetScaler Console VIP licenses purchased in the past that entitled you to a proportionate entitlement of NetScaler Console Service storage are honoured until the term ends.

  • If you purchase any other licensing package that entitles you to a higher NetScaler Console storage entitlement, the default 5GB is changed to match the entitlement.

[ NSADM-108300 ]

Updates to analytics and metrics collector

• With unlimited VIPs support from 14.1 21.x build, all existing and new virtual servers are now automatically licensed. You can enable analytics on the virtual servers without explicitly licensing them.

• Metrics collector is now disabled by default for all NetScaler license types in the new NetScaler instances added in NetScaler Console from 14.1 21.x build. The metrics collector configuration for the existing managed instances remain unchanged.

[ NSADM-108803 ]

Analytics

Action policies - Configure notifications for application usage

In Action Policies (Settings > Actions > Action Policies), you can now configure an action policy for Application Usage and select Requests per second, Throughput, and Data Volume options. These options enable you to configure and receive notifications for request per second average, request per second anomalies, throughput average, throughput anomalies, total data volume, and data volume anomalies. For more information, see Configure an action policy to receive application event notifications.

[ NSADM-104833 ]

Observability Integration

The configuration workflow for integration with Splunk and New Relic is now enhanced for better user experience and is available under Settings > Observability Integration. Earlier, the configuration workflow for integration with Splunk and New Relic was available under Settings > Ecosystem Integration.

For more information, see Observability Integration

[ NSADM-104702 ]

Observability Integration - Support to configure the export of NetScaler metrics to Prometheus

In Settings > Observability Integrations, you can now configure the export of NetScaler metrics to Prometheus by selecting the default schema.

For more information, see Prometheus Integration and Observability Integration.

[ NSADM-101426 ]

Gateway Insight - Improvements to export reports

In Gateway > Gateway Insight, you can now export report only with the selected options using the settings icon in all tables under each metric (EPA, Authentication, Authorization Failure, SSO, and Application Launch). Earlier, the exported report displayed all information regardless of the selected options.

[ NSADM-96821 ]

StyleBooks

Updates to Default StyleBooks

Default StyleBooks based on the NetScaler version 10.5 will be deprecated in upcoming releases. A new set of Default StyleBooks is now available in Applications > Configuration > StyleBooks > Default StyleBooks, based on NetScaler version 13.0.

[ NSADM-105513 ]

Option to clone a StyleBook

NetScaler Console now allows admins to create a duplicate of a StyleBook, along with their dependencies. Admins can then use this bundle for additional customization such as updating parameters and components.

To use this feature, navigate to Applications > Configuration > Stylebooks, select a default or custom StyleBook and click Clone.

For more information, see Clone a StyleBook.

[ NSADM-92376 ]

Fixed Issues

The issues that are addressed in Build Feb 28, 2024.

Infrastructure

• Migration from NetScaler Console to NetScaler Console service fails and certain Azure Active Directory groups are not available in the NetScaler Console service. This issue occurs because of the presence of spaces in the Azure Active Directory group names created in NetScaler Console.

  [ NSHELP-37006 ]

• Users are unable to access NetScaler Console if they belong to multiple Azure Active Directory groups.

  [ NSHELP-37005 ]

• In Web Insight and Security Violations, the Schedule Export workflow in the GUI is enhanced for better user experience.

  [ NSADM-106624 ]

• In Infrastructure > Network Reporting, the tabular export report does not include details such as service, service group, virtual server, and interface name.

  [ NSHELP-37224 ]

• Flexed license dashboard displays NetScaler details only after at least one NetScaler is checked out from the Premium bandwidth license pool.

  [ NSADM-106497 ]

February 06, 2024

Analytics

App dashboard - Support to view application metrics details from NetScaler admin partition

In App Dashboard, you can now view metric details for applications that are created from the NetScaler admin partitions. Earlier, you were able to only view applications from the admin partitions without any metrics.

[ NSADM-105343 ]

Infrastructure

NetScaler ADM rebranding in Citrix Cloud

Starting from 14.1 16.x build, NetScaler ADM service was rebranded to NetScaler Console service. In continuation, Application Delivery Management is now rebranded to NetScaler Console in the following places:

• The tile under My Services in Citrix Cloud home page.

• The service name in Citrix Cloud menu > My Services.

• The product name in the Add administrator workflow in Set access > Custom Access from Citrix Cloud menu > Identity and Access Management > Administrators > Add administrator/group.

Run default validation scripts in upgrade jobs

NetScaler Console now includes an option for default validation scripts in the upgrade job workflow. These default scripts are run both before and after an upgrade job, generating a diff report. You still have the option to run custom default scripts.

For more information, see Upgrade NetScaler instances.

[ NSADM-100803 ]

Automate radar object deployment for NetScaler Console Sites

NetScaler supports automating radar object deployment for NetScaler Console sites, eliminating the need for manual deployment on the NetScaler instances.

This enhancement is available only when you edit a NetScaler instance and it is applicable only for site type Data Center (with type Private) or Branch.

When you select Deploy to NetScaler from the Real User Measurements list, the NetScaler Instance list is automatically populated, allowing you to choose the specific instance to deploy the radar object (r20.gif).

For more information, see Automate radar object deployment.

[ NSADM-104691 ]

Fixed Issues

The issues that are addressed in Build Feb 06, 2024.

Analytics

• The XML SQL attack is not reported in both security dashboard (Security > Security Dashboard) and security violations dashboard (Security > Security Violations).

  [ NSHELP-37159 ]

Licensing

• Flexed license dashboard displays NetScaler details only after at least one NetScaler is checked out from the Premium bandwidth license pool.

  [ NSADM-106497 ]

Management and Monitoring

• When a configuration job is created, the status in Infrastructure > Configuration > Jobs shows Completed but Details > Execution Summary displays 0% complete.

  [ NSHELP-37176 ]

• A two-stage upgrade job status for a NetScaler HA displays ‘Scheduled’ even though the NetScaler HA upgrade is completed. The primary node displays completed (Status Stage 1: Completed) but the secondary node displays scheduled (Stage 2: Scheduled).

  [ NSHELP-36943 ]

• When a configuration audit template is created with special characters in its name under Infrastructure > Configuration > Audit Templates > Add, the template is successfully generated. However, a differential report fails to generate for the template in the Configuration Audit dashboard during polling.

  This issue is observed when special characters other than - (dash) and ‘_’ (underscore) are used.

  [ NSHELP-36438 ]

January 24, 2024

Analytics

View Upgrade Advisory details in Tasks

In Tasks, you can now view the Upgrade Advisory actionable task. Based on your current utilization, if your NetScaler instances have already reached or about to reach End-of-Life (EOL) or End-of-Maintenance (EOM) within 90 days, the Upgrade Advisory task displays the details of those instances. You can click Take Action and upgrade those instances to a recommended build.

[ NSADM-104715 ]

Infrastructure

Enhanced permissions for read-only users

Users with read-only permissions for the following features can now poll NetScaler instances:

• SSL certificates (Infrastructure > SSL Dashboard > Poll Now)
• Network functions (Infrastructure > Network Functions > Poll Now)
• Configuration audits (Infrastructure > Configuration > Configuration Audit > Poll Now)

[ NSADM-104710 ]

Fixed Issues

The issues that are addressed in Build Jan 24, 2024.

• The built-in agent registration in NetScaler SDX displays a success message but the SDX instance does not appear in Infrastructure > Instances Dashboard.

  [ NSHELP-37137, NSHELP-37128 ]

• In Infrastructure > Network Functions > Load Balancing, the Servers tab indicates the number of servers but does not display any table entries for non-default users.

  [ NSHELP-36964 ]

January 16, 2024

Support for identification and remediation of CVE-2023-6548 and CVE-2023-6549

NetScaler Console service Security Advisory now supports the identification and remediation of CVE-2023-6548 and CVE-2023-6549.

• Identification for CVE-2023-6548 requires a version scan.

• Identification for CVE-2023-6549 requires a combination of version and configuration scan.

Remediation requires an upgrade of the vulnerable NetScaler instances to a recommended build that has the fix.

Note:

Security Advisory does not support NetScaler builds that have reached End of Life (EOL). We recommend you upgrade to the NetScaler supported builds or versions.

For more information on how to use NetScaler ADM to upgrade NetScaler instances, see Use jobs to upgrade NetScaler instances.

For more information, see Security Bulletin.

Note:

It might take a couple of hours for the security advisory system scan to conclude and reflect on the impact of CVE-2023-6548 and CVE-2023-6549 in the security advisory module. To see the impact sooner, you may start an on-demand scan by clicking Scan Now.

[ NSADM-104763 ]

January 09, 2024

Analytics

Support to share custom dashboard to other users

As an administrator, you can now share the custom dashboard with other users. In Overview > Custom Dashboard, select a dashboard and click Share. Type the username and click Invite to share the dashboard. The assigned users can view the dashboard in read-only mode.

[ NSADM-100879 ]

Infrastructure

Configure ITM Radar in NetScaler Console Sites

The ITM Radar enhances network monitoring capabilities. The sites deployed in data centers, virtual machines, or cloud providers can now host the radar object (r20.gif), providing insights into performance metrics. The ITM Radar object actively collects valuable end-user application statistics, providing the sites with robust ITM radar telemetry for more effective network monitoring and informed traffic management decisions.

For more information, see Configure ITM Radar.

[ NSADM-91686 ]

View gateway insights data in Splunk and New Relic

When you create a new subscription in Settings > Ecosystem Integration for the integration of NetScaler Console service with Splunk and New Relic, you can now select the Gateway Insights option. After you configure the subscription with the Gateway Insights option, you can view the gateway insights data in Splunk and New Relic.

For more information, see For more information, see Integration with Splunk and Integration with New Relic.

[ NSADM-101036 ]

Export SSL data to Splunk and New Relic immediately

The SSL data is now exported to Splunk and New Relic immediately after an admin creates a subscription by selecting SSL Certificate Insight in Splunk and New Relic. Earlier, the admins had to click Poll Now (Infrastructure > SSL Dashboard) to export the data for the first time.

[ NSADM-101035 ]

View Upgrade Advisory details in Tasks

In Tasks, you can now view the Upgrade Advisory actionable task. Based on your current utilization, if your NetScaler instances have already reached or about to reach End-of-Life (EOL) or End-of-Maintenance (EOM) within 90 days, the Upgrade Advisory task displays the details of those instances. You can click Take Action and upgrade those instances to a recommended build.

[ NSADM-104715 ]

Action policy - Configure notifications for Requests, Bandwidth, and Response Time

In Action Policies (Settings > Actions > Action Policies), when you configure an action policy in Application Performance, you can now select Requests, Bandwidth, and Response Time options. These options enable you to configure and receive notifications for total requests, total bandwidth, average response time, and response time anomalies. For more information, see Configure an action policy to receive application event notifications.

In addition, you can also now configure an action policy from graph trend in Web Insight for these metrics. As an administrator, when you notice any unusual traffic pattern or a sudden spike in these metrics for any application, this enhancement enables you to create a relative action policy by clicking Create Action Policy after placing it on a specific point in the graph.

[ NSADM-101273 ]

Fixed Issues

The issues that are addressed in Build Jan 09, 2024.

Licensing

• After the Flexed or Pooled license is applied, the Analytics Configuration page (Settings > Analytics Configuration) is not updated with the correct details.

  [ NSADM-106665 ]

• The Flexed license dashboard in NetScaler Licensing > Flexed Licensing > Dashboard appears blank.

  [ NSADM-106561 ]

• In NetScaler Licensing > License Management, the configuration for the threshold breach through email notification is not working as expected.

  [ NSHELP-36895 ]