Previous releases
This topic is the list of previous releases for NetScaler Application Delivery Management (NetScaler Console).
November 29, 2021
Management and Monitoring
Manage ADC instances in a GSLB cluster
Sometimes, in a GSLB cluster, the configuration objects of the ADC instances try to overwrite each other. And, it leads to a race condition. To address such issues, you need to control the master node selection in the GSLB cluster. The configuration in the master node will be applied to the remaining ADC instances. In NetScaler Console, you can now create a GSLB cluster group and add ADC instances. You can also select a master node among the ADC instances and set the priority order for master node selection.
Under Network Functions > GSLB, a user can now view only the entities from master ADC node.
[NSADM-61374]
Analytics
Improvements to service graph
You can now view the following improvements in service graph:
-
In service graph for applications, when you click a discrete application, the Application View or Network Function View displays all services that are associated with the service group.
-
When you hover the mouse pointer on the ADC instance, the metrics display the total SSL errors received by the ADC instance. Click the issue count to drill down and view the SSL error details.
-
When you hover the mouse pointer on the client, the metrics no longer display the Client 4xx Errors and Client SSL Errors and they are replaced with Data Volume.
[NSADM-77427]
View analytics for Content Switching virtual server bound to Load Balancing virtual server
In Security > Security Violations, the Application Overview tab now displays analytics for content switching virtual server that is bound with load balancing virtual servers.
Click the content switching virtual server and under Bound Load Balancing Server, you can view the list of load balancing servers bound to the content switching virtual server.
[NSADM-77369]
Select metrics and customize weightage for instance score calculation
In Infrastructure Analytics, you can now select the instance metrics, configure thresholds, and assign weightage for the metrics to calculate the instance score. By default, all metrics are selected, and the default weightage is assigned to each metric. In Settings, select the metric based on the requirement and assign a suitable weightage to determine the instance score calculation.
For more information, see Infrastructure Analytics.
[NSADM-52152]
November 09, 2021
Security
Support for identification and remediation of CVE-2021-22955 and CVE-2021-22956
NetScaler Console security advisory now supports identification and remediation of two new CVEs: CVE-2021-22955 and CVE-2021-22956.
Identification of CVE-2021-22955 requires a version scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix. Identification of CVE-2021-22956 requires a custom scan, and remediation requires a two-step process:
-
Upgrade the vulnerable ADC instance to a release and build that has the fix.
-
Apply configuration jobs.
For more information about how to remediate CVE-2021-22955, see Security Advisory.
For more information about how to identify and remediate CVE-2021-22956, see Identify and remediate vulnerabilities for CVE-2021-22956.
Note
- It might take some time for security advisory system scan to conclude and reflect the impact of CVE-2021-22955 and CVE-2021-22956 in the security advisory module. To see the impact sooner, start an on-demand scan by clicking Scan-Now.
[NSADM-76470]
Analytics
IPv6 support in Bot insight
When you drill down an application under Bot in Security > Security Violations > Application Overview, the Logs now display the IPv6 address for the Client IP and Bot True Client IP.
[NSADM-77376]
StyleBooks
StyleBooks support new built-in functions
NetScaler Console StyleBooks now support the following built-in functions:
-
sha256()
- Use this function to compute the SHA-256 hash for any string. This function accepts a string input of any length and returns a hash string of fixed length (64 characters). For more information, see Built-in functions. -
relate()
- Use this function to form a dictionary object from a set of lists. It accepts two arguments. The first argument is a list of key names for the dictionary object. The second argument is a list of lists, where each list contains the values to the corresponding key name in the list of the first argument. For more information, see Built-in functions.
[NSADM-77225]
October 26, 2021
Analytics
A unified process to enable analytics on virtual servers
Apart from the existing process to enable analytics, you can now use a single-pane workflow to configure analytics on:
-
All the existing licensed virtual servers
-
The subsequent licensed virtual servers
After configuration, this feature eliminates the necessity to manually enable analytics on the existing and subsequent virtual servers.
For more information, see A unified process to enable analytics on virtual servers.
[NSADM-74747]
Improvements to application slowness in Web Insight
In Applications > Web Insight, when you drill down an application from the Applications with Response Time Anomalies metric, the Client Network Latency and Server Network Latency now enables you to view:
-
A search bar - Click the search bar to view the IP address of all clients (in Client Network Latency) and servers (in Server Network Latency). You can select the IP address to filter the results.
-
An export option - Click Download CSV to export the details in CSV format.
For more information, see Analyze the root cause for application slowness
[NSADM-71521]
StyleBooks
StyleBooks meta-properties support expressions
Meta-properties define the actions to be taken on ADC objects. You can now specify expressions for a meta-property. These expressions dynamically apply the valid meta-property actions for ADC objects. Earlier, the meta-property action was only able to take static values.
Example:
parameters:
-
name: meta-action-lbvserver
type: string
default: disable
components:
-
name: c1
type: ns::lbvserver
meta-properties: action: $parameters meta-action-lbvserver
properties: name: $parameters.lbvserver
ipv46: $parameters.ip
port: 80
servicetype: HTTP
<!--NeedCopy-->
In this example, a StyleBook user can specify a valid meta property action while creating a configuration pack.
StyleBook supports these meta property actions - enable
, disable
, link
, unlink
, import
, export
, create
, archive
, and apply
.
For more information, see Create a StyleBook to perform non-CRUD operations
[NSADM-77230]
October 14, 2021
Management and Monitoring
Buy ADM virtual server licenses from the ADM GUI
You can now use the ADM GUI to buy ADM virtual server licenses from Microsoft Azure cloud. Select Buy ADM License from the navigation menu. Alternatively, you can navigate to Settings > Licensing & Analytics and select Buy ADM License. Earlier, to buy the server license, you had to visit Citrix Cloud or contact Technical Support. For more information, see Buy ADM Licenses.
[NSADM-78172]
Changes to NetScaler Console express account
With NetScaler Console express account, you can now avail the following benefits:
-
No limit to use configuration jobs and StyleBook config packs. Earlier, you were only able to use up to two configuration jobs and StyleBook config packs.
-
View all discovered virtual servers in Network Functions and Network Reporting. Earlier, you were able to view only licensed virtual servers.
For more information, see Manage NetScaler Console resources using Express account.
[NSADM-76506]
Fixed Issue
When you are monitoring many virtual servers, the Network Functions dashboard takes longer time to load or it becomes unresponsive.
[NSHELP-29274]
September 29, 2021
Management and Monitoring
ADM service now supports maximum 50 instance backup files.
[NSADM-76475]
StyleBooks
StyleBooks support implicit typecasting of datatypes
When you use StyleBook expressions for different datatypes, the StyleBook engine now implicitly typecasts the output to an appropriate datatype. For example, if you do an add operation between ‘string’ and ‘integer’ types, the StyleBook engine sets the output datatype to ‘string’.
[NSADM-77219]
Fixed Issues
-
In Web Insight, the scheduled export option is temporarily disabled because the report appears blank.
[NSADM-77966]
-
ADM agent displays an error message “Invalid PEM key: Incorrect password”, when you upload a password-protected certificate.
[NSHELP-28983]
September 15, 2021
StyleBooks
Some internal config packs and StyleBooks do not appear on the ADM GUI
If the default StyleBook has type:apisec
, the StyleBook and its config packs do not appear on the ADM GUI. However, you can create config packs for such StyleBooks using their API.
[NSADM-77222]
Case-insensitive ADM StyleBooks
ADM StyleBooks now treats all the variables and parameters with uppercase and lowercase as the same.
[NSADM-64246]
September 06, 2021
View users’ trend of Gateway virtual servers
Under Infrastructure > Network Reporting in the ADM GUI, now you can view the trend of total connected and current users of Gateway virtual servers.
[NSADM-70811]
View the exact SSL rating of an application
In Applications > Dashboard, you can now view the SSL rating of an application along with protocol and cipher suite scores. You can review SSL issues and upgrade the application to obtain an A+ rating. However, if you observe some drop in traffic because of this upgrade, you can roll back the secure front-end profile configured on your application. This action reverts the A+ rating to a previous rating.
Earlier, you were only able to view whether an application has an A+ rating or not.
[NSADM-74247]
WAF and Bot analytics support only for premium license virtual servers
You can now enable WAF Security Violations and Bot Security Violations, and view WAF/Bot analytics only for the premium licensed virtual servers. For the standard and advanced licensed virtual servers, these options are disabled.
[NSADM-72931]
Export realtime WAF/Bot data to Splunk
When you configure Splunk integration details in NetScaler Console by navigating to Settings > Ecosystem Integration, you can now view Realtime Export and Periodic Export options. Under Realtime Export, you can select the WAF and Bot features to export the data to Splunk in realtime.
For more information, see Splunk integration.
[NSADM-72909]
StyleBooks
Download the support bundle of a configuration pack
In Applications > Configuration > Config Packs, you can now download the support bundle of a configuration pack. This bundle helps the Citrix technical support team to view, analyze, and troubleshoot configuration pack issues.
[NSADM-72260]
August 20, 2021
User interface improvements
Several enhancements are added to the ADM user interface to improve user experience. These enhancements automate and simplify the process of onboarding ADC instances to ADM. Also, the new simpler and intuitive interface makes it easier to navigate. Here’s a summary of the GUI changes:
Add ADC instance workflow: Sometimes you might skip onboarding the ADC instances in the Getting Started workflow while setting up ADM service for the first time. In such cases, you can onboard the instances from the ADM GUI dashboard. If ADC instances are not yet added, the GUI prompts you to add the instances.
Navigation menu: The left-hand navigation menu has been reorganized and regrouped. The new modules in the menu are Security, Gateway, and Infrastructure. Some of the old modules, Networks, Analytics, and Orchestration, are now merged into the new modules. If you’ve not added ADC instances yet, when you click any module on the navigation bar, a tabular preview of the features of that module appears.
The following image helps you map the old modules and topics with the new navigation.
For more information, see Onboard ADC instances by using the ADM GUI dashboard.
[NSADM-68433]
WAF recommendation
NetScaler Console now enables you to scan applications and get recommendations for:
-
WAF profiles
-
WAF signatures
Navigate to Security > WAF Recommendation and under Applications, click Start Scan to configure the WAF scan settings for an application.
Using these recommendations, you can apply the required WAF profiles and signatures to the application and ensure that the application is secured.
For more information, see WAF recommendations.
[NSADM-57849]
Invite users with a limited access to ADM
As a super administrator, you can now invite users with a group level access to ADM service. With this feature, you can limit the users’ access to a group in their first login. In Citrix Cloud, navigate to Identity Access Management > Administrators. Under the Custom access option, select Application Delivery Management. Then, select the group to which you want to add this user.
The invitation link is sent to the specified user email address. When the user logs in to ADM using this link, the user is added to the specified group. Earlier, the invited users were able to access all ADM features. You were not able to limit users’ access to a group. For more information, see Configure users on NetScaler Console.
[NSADM-69347]
Select labels in service graph for microservices
In service graph for microservices, you can now change the Service Info labels from Settings. The Filters tab in settings enables you to select the labels (based on the selected duration and the active transactions from the services). After selecting the labels from settings, the Service Info tab in the Filters section enables you to apply filters on the selected labels to filter results. This feature ensures better visibility to the service graph.
[NSADM-76557]
Enhancement: Update a StyleBook definition inline
Updating a StyleBook definition inline allows you to modify the StyleBook without upgrading its version. You can now update the custom StyleBook definitions that are imported from a StyleBook bundle. And, you can also update a StyleBook definition or StyleBook bundle that has config packs with it. Earlier, you were only able to update StyleBook definitions that are imported as a file.
Note
Before you update the StyleBook definition, ensure it is backward compatible. So, all parameters can be retained in the updated StyleBook. And, the newly added parameters appear as optional.
For more information, see Update custom StyleBooks.
[NSADM-72258]
IPv6 support in IP Reputation violation
In Security > Security Violations, the IP Reputation violation now displays the IPv6 address for the client IP.
[NSADM-72372]
July 27, 2021
StyleBooks
StyleBook definition supports a splat expression
A splat expression [*]
provides a simpler way to retrieve a certain attribute from a complex list for all the iterations. You can now include splat expressions in a StyleBook definition. Earlier, you had to specify a repeat
construct to retrieve the same information.
Syntax: list[*].attribute
This expression iterates over all the items of the list specified to its left and returns the attribute value specified to its right. When you want to retrieve an IP address or host name of each virtual server from the list, you can use the following splat expressions:
Example 1:
$parameters.server-members[*].hostname
<!--NeedCopy-->
This expression returns a list of host names from all the server-members.
Example 2:
$parameters.server-members[*].sub-domains[*].name
<!--NeedCopy-->
This expression returns a list of all names under the subdomains of each server-members.
These expressions always return the right-most element type’s list.
[NSADM-67724]
Manage SSL certificates by using StyleBooks
You can now write a StyleBook definition to allow users to select SSL certificates from the ADM certificate store. This store lists the existing SSL certificates that are uploaded to your ADM server. With this feature, you can store SSL certificates at one place that is the ADM certificate store and reuse them whenever required.
Add this field in the Create Configuration packGUI using the new certkey
parameter. And, it is an object type attribute. The following is an example snippet to specify in the StyleBook definition
parameters:
-
name: certificate
label: Certificate
description: Certificate to be bound to this virtual load balanced application`
type: certkey
required: true
<!--NeedCopy-->
When creating a configuration pack, a user can add or select SSL certificates from the certificate store. Also, the user can select the same certificate for multiple config packs. Earlier, users were able to specify certificate details only while creating a configuration pack.
[NSADM-57943]
Name change for security insight and bot insight
When you enable analytics for a virtual server, you can now view the following name change for security insight and bot insight:
-
WAF Security Violations
-
Bot Security Violations
[NSADM-72932]
Fixed Issues
-
In App Dashboard, when you drill down an application and in the Web Insight tab, the See more option under Clients does not work. This issue is also observed in Applications > Web Insight.
[NSHELP-28153]
-
Under Infrastructure > Instance Advisory > Security Advisory, when you click Proceed to upgrade workflow to upgrade a vulnerable NetScaler CPX instance, an error message appears. This issue happens because the ADM upgrade workflow supports only MPX, SDX, and VPX instances.
With this fix, a separate CPX column is added under Current CVEs > ADC instances are impacted by CVEs. To upgrade a vulnerable CPX instance, click the document link in the GUI, which ishttps://docs.citrix.com/en-us/citrix-adc-cpx/current-release/upgrade-cpx.html.
[NSADM-75311]
-
When you remove an ADC instance from theInfrastructure > Instance Dashboard > NetScaler page, the Asset Inventory page does not update the claim status of the instance. As a result, sometimes, the ADC instance gets automatically registered after around 15 minutes.
[NSADM-63266]
July 01, 2021
Security advisory notifications
You can now receive the following notifications for ADM security advisory activities.
-
Email, Slack, PagerDuty, and ServiceNow notifications for:
-
Difference between the latest and previous scans
-
New CVEs added in security advisory repository
-
-
Cloud notification for scan result changes
To enable or disable notifications, from the ADM GUI, navigate to Infrastructure > Instance Advisory > Security Advisory and click the settings icon on the upper-right corner.
[NSADM-71234]
Performance indicator for an application - Non-A+ SSL rating
When you drill down an application that is not having the A+ SSL Rating, you can now view:
- The impact on the app score
- The Non-A+ SSL Rating details under Issues
For more information, see Non-A+ SSL rating.
[NSADM-71320]
Import StyleBooks from GitHub Enterprise Server
When you add a StyleBooks repository in ADM, you can now specify repositories on GitHub Enterprise Server. This feature helps you import or sync StyleBooks and config packs from a GitHub Enterprise Server. Earlier, you were able to import and sync StyleBooks and config packs only from the GitHub website.
[NSADM-72257]
Fixed Issues
The issues that are addressed in Build July 01, 2021.
-
If you rename a scheduled configuration job and delete it from the ADM GUI, the ADM server does not remove this job.
[NSADM-73577]
-
In ADM, when you deploy a configuration job on a CPX instance, it fails with the
SSH authentication error
message.[NSHELP-27521]
-
Web Insight data does not populate properly if the application name contains a space.
[NSHELP-27178]
June 08, 2021
Support for identification and remediation of CVE-2020-8299 and CVE-2020-8300
NetScaler Console security advisory now supports identification and remediation of the newly announced CVE-2020-8299 and CVE-2020-8300.
Remediation for CVE-2020-8299 requires an upgrade of the vulnerable ADC instances to a release and build that has the fix. Remediation for CVE-2020-8300 requires a two-step process:
-
Upgrade the vulnerable ADC instance to a release and build that has the fix.
-
Apply configuration jobs.
For details about how to remediate CVE-2020-8300, see Remediate vulnerabilities for CVE-2020-8300.
For more information about security advisory and how to remediate other CVEs, see Security Advisory.
Note
It might take a couple of hours for security advisory system scan to conclude and reflect the impact of CVE-2020-8299 and CVE-2020-8300 in the security advisory module. To see the impact sooner, start an on-demand scan by clicking Scan-Now.
[NSADM-71136]
View monitor status to check application health
You can now use the Application dashboard in the ADM GUI under Applications > Dashboard, to view the health monitor status of an application and the failure message if any. For details, see Application details.
[NSADM-46935]
View app security configuration in app dashboard
When you drill-down an application from Applications > Dashboard, the Security tab now enables you to view if the application is configured with app security. If the WAF or Bot configuration is not enabled for the application, you can use the StyleBook to configure.
[NSADM-66873]
Improvements to RTT calculation
NetScaler instances might not able to calculate the RTT value for some transactions. For such transactions, the web transaction analytics and Web Insight in ADM display the RTT value as < 1 ms.
The RTT calculation for such transactions is improved and ADM now displays the following RTT values as:
-
NA - Displays when the ADC instance cannot calculate the RTT.
-
< 1ms - Displays when the ADC instance calculates the RTT in decimals between 0 ms and 1 ms. For example, 0.22 ms.
[NSADM-65648]
Web Insight - View details for cipher related issues
In Applications > Web Insight, you can now view details for the following SSL parameters under SSL Errors:
-
Cipher mismatch
-
Unsupported Ciphers
Under SSL errors, click an SSL parameter (Cipher Mismatch or Unsupported Ciphers) to view details such as the SSL cipher name, the recommended actions, and the details of the affected applications and clients.
For more information, see Web Insight.
[NSADM-62525]
Fixed Issues
-
If you rename a scheduled configuration job and delete it from the ADM GUI, the ADM server does not remove this job.
[NSADM-73577]
-
While registering the ADM agent, the default password must be changed. If the new password contains a special character such as open and/or close bracket, a syntax error occurs. As a result, you cannot log on to ADM agent.
[NSHELP-27638]
May 17, 2021
Troubleshoot issues using the diagnostic tool
When you onboard an ADC instance onto NetScaler Console service, you might experience issues that prevent the ADC instance from successful onboarding. As an administrator, you must know the reason for the onboarding failure.
You can now perform diagnostic checks using the diagnostic tool when you:
Experience any issues during auto-onboarding or script-based onboarding Want to ensure if the ADC instance is ready to onboard Want to analyze issues for the already onboarded ADC instances that show “Down” status in the ADM GUI After analyzing the issues, you can troubleshoot and then onboard the ADC instances to ADM service. For more information, see Troubleshoot issues using the diagnostic tool
Service graph: simplified on-boarding process
The service graph on-boarding process is now simplified. To populate a service graph in NetScaler Console, see Service Graph - Simplified onboarding.
[NSADM-66696]
Import and synchronize config packs from a GitHub repository
You can now import and synchronize config packs from a GitHub repository to NetScaler Console. To do so, you must create a folder with the name “config packs” in the root directory of the repository. Then, keep all the config packs in this folder that you want to import or synchronize with ADM. In Applications > Configuration > Repositories, click Sync to import config packs. Earlier, this action was only synchronizing StyleBooks. For more information, see Import and synchronize StyleBooks from GitHub repository.
[NSADM-67722]
A+ SSL rating (by Qualys SSL Labs) analytics
When an application uses unsecured ciphers, protocols and SSL settings for SSL transactions, it can impact the privacy, data integrity and security of the users accessing the application. For this purpose, Qualys SSL Labs gives rating to applications based on ciphers, protocols, and other SSL settings. Learn more about SSL Server Test.
As an application owner, you can now assess if your application will be rated A+ by Qualys. To assess, check the compliance of the applications virtual server SSL settings to the ADC secure front-end profile. The settings required for an A+ rating (as of May 2018) from Qualys SSL Labs are preloaded into the secure front-end profile.
If your application SSL rating is “Not A+”, you can use a one-click way to deploy the secure front-end SSL profile on your applications.
When your application is rated as “Not A+”, you can see the details of a virtual server whose configuration does not comply with the secure front-end profile. Likewise, you can see remediation measures to make the virtual server comply with the secure front-end profile.
After you deploy the secure SSL profile to make your application A+, you can assess the incoming traffic in SSL insight to see the ciphers, protocols on which SSL transactions are getting negotiated. In case some legitimate traffic gets dropped after deploying A+ profile, you can roll back the secure front-end profile configured for your application. For information, see Assess application security ratings in ADM.
Note
In some cases, after deploying the secure front-end profile, if you make some custom configuration to the virtual server, rollback might not be possible due to inconsistent configuration.
[NSADM-67076]
April 27, 2021
Fixed Issues
-
ADM does not communicate with NetScaler BLX instances through SSH, and some ADC features such as Config Audit and Config Jobs might not run on BLX as expected.
[NSADM-68985]
-
AppFlow and Bot signature creation fails in ADM service.
[NSADM-70199]
April 17, 2021
Improvements to security violations
In Security > Security Violations, you can now view the following improvements:
-
When you enable analytics for Account Takeover, Website Scanning, and Content Scraping violations, the Advanced Security Analytics and Web Insight settings are also enabled automatically.
-
From the settings option, when you select the application to configure the prerequisite settings for Account Takeover, Website Scanning, and Content Scraping violations, the Premium license filter is applied. This enhancement enables you to view and select only the premium licensed applications.
-
From the settings option, the Website Scanning and Scraping prerequisite configuration page enables you to select the Session Tracking Method first and then the application.
-
The All Virtual Servers page in Settings > ADM Licensing & Analytics Config displays the Instance License option that enables you to analyze the license type of the instance.
[NSADM-68058]
View security violations in App Dashboard
In Security > Security Violations > Application Overview, the violation details that you were able to view for WAF and Bot are also now available in the Application Dashboard. Navigate to Applications > Dashboard, select an application, and click the Security tab to view the WAF and Bot violations applicable for the selected application.
Apart from the visibility of the application performance and usage, this enhancement also enables you to visualize the violation details in a single-pane view.
[NSADM-66876]
IP address color code changes dynamically to indicate instance status
In the ADM GUI, under Network > Instances > NetScaler, in the IP address column, the color codes for IP addresses marks change dynamically to indicate instance status. For example, if a particular primary instance is in “up” state, the color code for the circular P mark for the corresponding IP address changes to green. Also, you can hover the circular mark to check the instance status. Previously, the color codes for IP addresses were static: blue for primary and grey for secondary.
[NSADM-67681]
Fixed issue
For SSL certificates, the ADM GUI displays the issuer type as “Not Recommended” even if the certificates are configured in SSL Dashboard settings.
[NSHELP-26123]
March 30, 2021
Bot insight - View log message for bot management
In Security > Security Violations > Application Overview, under Bot, when you select an application and click Logs to view bot details, you can now view the bot category identified as signature and the signature ID. The signature ID enables you to analyze if the detected bot is a good bot or a bad bot. For any other bot category, the signature ID displays N/A.
For more information about signature category and ID, see Bot signature update.
[NSADM-63099]
App Security Violation - Bot
In Security > Security Violations > All Violations, you can now view Keystroke and Mouse dynamic based bot detection under the BOT violation category. For more information, see App Security Violation.
[NSADM-61855]
Fixed issues
-
In Infrastructure Analytics, the UI term “Packet dropped” for SSL violation counters (PE CPU Limit, PPS Limit, Throughput Limit, SSL Throughput Limit, SSL TPS Limit) is now changed to “rate limit breaches”.
[NSADM-69007]
-
ADM generated tech-support bundle fails to unzip.
[NSHELP-26726]
March 17, 2021
Protect your organization by using security advisory
NetScaler Console Security Advisory helps you identify ADC instances impacted by Citrix Common Vulnerabilities and Exposures (CVEs) and apply appropriate remediation. The advisory highlights NetScaler CVEs putting your ADC instances at risk and recommends mitigations and remediations. You can review the recommendations and take appropriate actions, by using ADM service to apply the mitigations and remediations.
The following are the security advisory features:
- Scan: includes default system scan and on-demand scan.
- System scan: scans all managed instances by default once a week. ADM decides the date and time of system scans, and you cannot change them.
- On-demand scan: enables you to manually scan the instances when required. If the time elapsed after the last system scan is significant, you can run on-demand scan to assess the current security posture. Or scan after a remediation or mitigation has been applied, to assess the revised posture.
-
CVE impact analysis: shows results of all CVEs impacting your infrastructure and all the ADC instances getting impacted and suggests remediation and mitigation. Use this information to apply mitigation and remediation to fix security risks.
-
CVE reports: stores copies of the last five scans. You can download these reports and analyze them.
- CVE repository: gives a detailed view of all the ADC-related CVEs that Citrix has announced since December 2019, that might have an impact on your ADC infrastructure. You can use this view to understand the CVEs in Security Advisory scope and to learn more about the CVE.
For more information, see Security advisory.
[NSADM-69280]
New features added to Citrix low-touch onboarding workflow
The new Citrix low-touch onboarding workflow comes with an enhanced GUI with several new features and better user experience. Two new tabs, Security Advisory and Upgrade Advisory, are introduced. NetScaler Console Security Advisory alerts you about vulnerabilities putting your ADC instances at risk and recommends mitigations and remediations. You can use the Upgrade Advisory to check ADC instances that are nearing end of life (EOL) or on older versions. We can upgrade these ADCs to latest releases and benefit from the latest enhancements and fixes. To know more, see Low-touch onboarding of NetScaler instances using NetScaler Console service connect.
[NSADM-69280]
Monitor ADC instance lifecycle using NetScaler Console upgrade advisory
NetScaler Console upgrade advisory helps you monitor the lifecycle of your ADC instances. As a network administrator, you might manage many instances running on different ADC releases in NetScaler Console. Monitoring the lifecycle of each ADC instance can be a cumbersome task. To ease this process, ADM upgrade advisory provides the following information:
-
Identifies instances reaching or reached EOL or EOM. So, you can plan ADC upgrades ahead of EOL or EOM date.
-
Highlights the instances that are not on latest release or build. You can upgrade these instances to latest release or build to benefit from new features and bug fixes.
-
Highlights the instances that are not on preferred ADC builds. Some organizations might have a preferred ADC builds for their instances. In ADM, you can set the preferred build for your organization depending on features, fixed issues, and other considerations. Then, review and upgrade the instances that are not on preferred builds. Instances running the preferred builds are indicated with a star icon.
-
Highlights instances running on the most popular releases or builds. Instances running the popular builds are indicated with a ribbon icon.
After you review the abovementioned points, you can proceed to create a maintenance job to upgrade ADC instances from the Upgrade Advisory page.
Important
Upgrade advisory only monitors EOM or EOL of ADC software versions. It doesn’t check the EOL of ADC hardware appliances.
For more information, see Upgrade Advisory.
[NSADM-56646]
Analyze the root cause for application slowness
Application slowness is a major concern for any organization because it results in business impact or productivity. In Applications > Web Insight, you can now view a new metric, Applications with Response Time Anomalies. Using this metric, as an administrator, you can analyze if the application slowness arises from:
-
Client network latency
-
Server network latency
-
Server processing time
For more information, see Analyze the root cause for application slowness.
[NSADM-63170]
March 03, 2021
Discover API endpoints in ADM
You can now discover the API endpoints that are in your organization using API gateway. In NetScaler Console, the Security > API Gateway > API Discovery page displays the API endpoints that are part of ADC instances and API deployments.
In API Discovery, when you select a virtual server or API deployment, the ADM GUI displays the API endpoints and their details such as:
-
Method - It displays the method used in an API endpoint. For example,
GET
andPOST
methods - Total requests - It displays the count of API requests on the API endpoint.
-
Response statuses - It displays the count for each response status. For example,
2xx
,3xx
,4xx
, and5xx
. - Found in Spec - This column appears only for API deployments. Sometimes, the internal APIs that are not part of the API definition might receive traffic from outside. This column helps you identify whether the API endpoint and observed method are part of the API definition.
Virtual servers:
API deployments:
[NSAPISEC-1234]
Grant API gateway configuration and management permissions
As an administrator, you can create an access policy to grant user permissions for API gateway configuration and management. The user permissions can be view, add, edit, and delete. To do so, navigate to Settings > User & Roles > Access policies.
[NSADM-63097]
Improvements to global service graph
In Applications > Service Graph > Global, you can now view:
-
The microservices based on the cluster name.
Note
You can view microservices for only three clusters.
-
The enhanced view of the discrete virtual servers and custom apps
Venafi integration in NetScaler Console
To maintain digital security, you must automate the management of SSL certificates in your environment. Expired SSL certificates can lead to security risk. Now you can configure Venafi Trust Protection Platform servers to manage SSL certificates from the ADM service GUI.
With Venafi integration, you can reissue certificates and automate renewal of certificates installed on the ADC instances, through ADM service GUI. For more information, see Automate SSL certificate management.
[NSADM-58047]
Fixed issues
-
When you a create a job in Infrastructure > Configuration Jobs and select the Execution Frequency as specific day of a week or date of a month, the scheduled job does not run according to the specified time.
[NSHELP-26034]
-
ADM fails to register or update without a DNS server, when a proxy server is enabled and the agent fails to get its IP address.
[NSHELP-25835]
-
For non-admin users, GSLB Services data takes more than a minute to appear under Infrastructure > Network Functions > GSLB in the ADM GUI.
[NSHELP-25740]
-
You receive email notifications on license pool thresholds, even when it is not configured.
[NSHELP-25723]
-
In Gateway Insight, when you schedule a report (Export Reports > Schedule Export), the generated report displays Page Not Found.
[NSHELP-25496]
-
Sometimes, the ADM GUI fails to display instance licenses.
[NSADM-67697]
February 11, 2021
Reconcile your StyleBook configuration
When you audit the ADC configuration with the StyleBook configuration pack, you can now reconcile any changes or drifts detected on the ADC instance. This action restores the ADC configuration to match the configuration pack version on ADM.
Consider that you created an object on the ADC instance using the StyleBook configuration. If that object is deleted from the ADC instance, the Configuration Audit page identifies the change and allows you to reconcile it. The Reconcile action restores the deleted object on the ADC instance as defined in the configuration pack.
If any changes or drifts detected during the configuration pack update, a confirmation message appears to reconcile the changes.
[NSADM-62742]
Update custom StyleBook definitions in the GUI
You can now update a custom StyleBook definition from the ADM GUI itself.
Note
Before you update the StyleBook definition from the ADM GUI, ensure the following:
- The StyleBook definition has no dependent StyleBooks.
- There are no config packs created from the StyleBook definition.
Earlier, you had to do the following:
- Download the StyleBook.
- Delete it from ADM.
- Update the definition offline.
- Import it back to ADM.
With this feature, you can update the definition in place.
[NSADM-67726]
New data type and built-in IP functions to StyleBook definition
The ADM StyleBooks now support the ipnetwork
data type to facilitate new IP functions. This data type has two parts. First part is the IP address and second part is the netmask.
The netmask is represented using a netmask length (netmask-len
) or netmask IP address (netmask_ip
). The netmask length is an integer between 0-32 and 0–128 for an IPv6 address. It is used to determine the IP addresses count in a network.
Following are the new built-in IP functions:
-
ip_network()
: Returns an IP network notation when it receives the IP address and netmask length as the input. -
network_ip()
: Returns the first IP address of the specified IP network. -
subnets()
: Returns the list of subnets from the specified IP network and netmask length. -
netmask_ip()
: Returns the netmask IP address for the specified IP network. -
broadcast_ip()
: Returns the broadcast IP address for the specified IP network. -
cidr()
: Returns a CIDR notation for the specified IP network. -
is_cidr()
: This function accepts anipnetwork
value. And, it returnsTrue
if the specified value matches the CIDR notation of the IP network. -
is_in_network()
: This function acceptsipnetwork
andipaddress
values. And, it returnsTrue
if the specified IP address exists in the specified IP network.
[NSADM-56083]
Introduced an advanced option while you import a StyleBook configuration
In Applications > Configuration > Config Packs, the Import Configuration option now includes an advanced option. This option is useful when you import the configuration pack that already has the configuration objects on the ADC instance.
Consider that the same ADC instance is added on two ADM servers. And, one of the ADM servers has deployed a configuration pack on that ADC instance. If you want to migrate that configuration pack to another server (or to the ADM Service), export it to your local computer. Then, use this option on the ADM server where you want to import the configuration pack. This option imports it without redeploying the configuration objects on the ADC instance.
[NSADM-62743]
View API analytics for all API traffic
The API Gateway > API Analytics page now displays all the API requests and responses. Earlier, this page only displayed the API traffic that configured the rate limit or authentication policy.
[NSADM-62936]
Improvements to service graph
In the Microservices service graph, as an administrator, you can now analyze:
- The number of hits between the services based on the edge width.
- The reasons for the services in review or critical status.
Service icon | Description |
---|---|
The edge width indicates the number of hits. The greater or more the edge width, indicates the number of hits is higher. | |
Service with a warning icon indicates that the service has errors. | |
Service with a stopwatch icon indicates that the service has latency or response time issues. | |
Service with both stopwatch and warning icons indicate that the service has both errors and latency/response time issues. |
Note
If a service has no warning or stopwatch icon, it indicates that the service has anomalies or threshold breach for Hits.
[NSADM-65798]
Fixed issues
-
In Gateway Insight, when you schedule a report (Export Reports > Schedule Export), the generated report displays “Page Not Found”.
[NSHELP-25496]
-
While you add an ADC instance in ADM, if you select SNMP v2 as the NetScaler profile, the ADM IP address is added as the SNMP manager.
[NSHELP-26245]
-
In Infrastructure > Configuration Jobs, the scheduled configuration job does not run according to the specified time when the Execution Frequency is set as follows:
- Specific day of a week.
- Specific date of a month.
[NSHELP-26034]
-
ADM fails to register or update without a DNS server when the following conditions are met:
- A proxy server is enabled.
- The agent fails to obtain its IP address.
[NSHELP-25835]
-
Sometimes, the ADM GUI fails to display instance licenses.
[NSADM-67697]
January 29, 2021
IPAM displays the resources of the allocated IP address
You can now view more details about allocated IP addresses from an IPAM network:
-
Module: Displays the ADM module that reserved the IP address. For example, if the IP address is reserved by StyleBooks, this column displays StyleBooks as the module.
-
Resource Type: Displays the resource type in that module. For the StyleBooks module, only the configurations resource type uses the IPAM network. So, it displays Configurations under this column.
-
Resource ID: Displays the exact resource id with a link. Click this link to access the resource that is using the IP address. For the configuration resource type, it displays the configuration pack ID as the resource ID.
[NSADM-62751]
Fixed issues
You cannot remove a NetScaler SDX instance from NetScaler Console if the instance is configured as an FQDN and contains a hyphen (“-“) in the name. [NSHELP-26022]
ADM fails to register or update without a DNS server, when a proxy server is enabled and the agent fails to get its IP address. [NSHELP-25835]
January 13, 2021
Service graph – View services key metric trends
In service graph, you can now use the tabular view to see:
-
Key metrics for the service
-
Key metrics between a source service to a destination service
As an administrator, using these key metrics, you can analyze the trends of golden signals for the selected time duration. For more information, see View service details.
[NSADM-65163]
Service graph - Use the Poll Now option to get the pod status
In service graph, you can now use the Poll Now option to get the latest pod status. The Poll Now option fetches the latest pod status from the cluster.
-
Click a node and select View Details
-
In the Pods tab, click Poll Now
[NSADM-62963]
New StyleBook attribute to add a dynamic list
In the StyleBook definition, you can now add the allow-new-values
attribute to add a dynamic list for a parameter. When a user selects this StyleBook to create a configuration, the user can add new values to the list.
You can use the allow-new-values
and allowed-values
attributes in a combination. This combination allows you to define a list of valid values for a parameter and also accept new values.
Example:
-
name: port
type: tcp-port
allowed-values:
- 80
- 81
- 8080
allow-new-values: true
<!--NeedCopy-->
In this example, a user can either select from 80, 81, 8080, or enter a new value for the parameter port while creating/updating a configuration pack. For more information, see allow-new-values.
[NSADM-62749]
Invite users with a custom access to ADM service
As a super administrator, you can now invite new users with the custom access to use the ADM service. This option allows you to limit the user access only to ADM service in Citrix Cloud. Earlier, you were not able to invite users to access only ADM service. So, you had to send an invitation with the full access.
To invite new users in Citrix Cloud, navigate to Identity Access Management > Administrators. In the Custom access option, select Application Delivery Management. By default, the Administrator role is selected.
The invitation link is sent to the specified user email address. And, the user can log on to NetScaler Console with this link as an administrator. With an administrative access, the user can do the following:
- Add and manage ADC instances in ADM.
- Deploy configurations on ADC instances using StyleBook.
- Configure pooled capacity licenses for ADC instances.
- Create and configure Autoscale groups.
Note
The administrator can access the ADM GUI from Citrix Cloud. However, the Settings > User & Roles page is restricted. A super administrator can grant access to this page if needed.
For more information about how to send an invite and configure the users, see Configure Users on NetScaler Console.
[NSADM-55384]
Fixed issues
-
In Gateway Insight, the total count displayed under Gateway is incorrect.
[NSHELP-25729]
-
When you select Record and Play under Configuration Source in Infrastructure > Configuration Jobs > Create Job, the following error message appears:
Unable to get config diff for: <instance IP>
[NSADM-63986]
-
If you provide invalid regex in application for a group and select few applications manually, the manually selected applications are not visible if the regex is invalid.
[NSHELP-25739]
In this article
- November 29, 2021
- November 09, 2021
- October 26, 2021
- October 14, 2021
- September 29, 2021
- September 15, 2021
- September 06, 2021
- August 20, 2021
- July 27, 2021
- July 01, 2021
- June 08, 2021
- May 17, 2021
- April 27, 2021
- April 17, 2021
- March 30, 2021
- March 17, 2021
- March 03, 2021
- February 11, 2021
- January 29, 2021
- January 13, 2021