Important Notes About This Release

1. Caution! This release may require you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

2. Do not interrupt the install/uninstall process of this enhancement build by clicking Cancel. Interrupting the process prevents a clean rollback and leaves your original installation corrupted.

Where to Find Documentation

This document describes the issue(s) solved, new features, and known issues in this build and includes installation instructions.

The latest version of the product documentation is available from Citrix eDocs at http://edocs.citrix.com.

Installing This Enhancement Build

The latest version of the NetScaler Gateway software can be downloaded from the Citrix web site.

To download the NetScaler Gateway software from the Citrix web site

1. Go to the Citrix Web site, click My Account, and then log on.

2. At the top of the web page, click Downloads.

3. Under Find Downloads, select NetScaler Gateway.

4. In Select Download Type, select Product Software and then click Find.

5. On the NetScaler Gateway page, click NetScaler Gateway 10.5.

6. Select the software and then click Download.

When the software is downloaded to your computer, you can install the software by using the Upgrade Wizard in the Configuration Utility or the command-line interface.

To install the enhancement build by using the Upgrade Wizard

1. In the Configuration Utility, in the left pane, click System.

2. In the right pane, click Upgrade Wizard.

3. Click Next and then follow the directions in the wizard.

To install this enhancement build by using the command-line interface

1. To upload the software to the NetScaler Gateway, use a secure FTP client to connect to the appliance.

2. Copy the software from your computer to the /var/nsinstall directory on the appliance.

3. Open a Secure Shell (SSH) client to open an SSH connection to the appliance.

4. At a command prompt, type shell.

5. At a command prompt, type cd /var/nsinstall to change to the nsinstall directory.
   To view the contents of the directory, type ls.

6. To unpack the software, type tar –xvzf build_X_XX.tgz, where build_X_XX.tgz is the name of the build to which you want to upgrade.

7. To start the installation, at a command prompt, type ./installns.

8. When the installation is complete, restart NetScaler Gateway.

9. When the NetScaler Gateway restarts, at a command prompt type what or show version to verify successful installation.

NetScaler Gateway 10.5 Compatibility with Citrix Products

The following table provides the Citrix product names and versions with which NetScaler Gateway 10.5, Build 51.1017.e is compatible.

Supported Receivers and Plug-ins

New Features in This Release

This release of NetScaler Gateway includes support for the following:

• If users are logged on with Citrix Reciever, if the server running the Secure Ticket Authority (STA) becomes unavailable, the STA ticket does not refresh and session reliability fails. To fix this problem, upgrade NetScaler Gateway to Version 10.5 Build 51.1017.e. This release supports configuring multiple STA servers on NetScaler Gateway.

  [From NG_51.1017.e][#404522]

• Users can connect with single sign-on to Remote Desktop (RDP) connections through Netscaler Gateway.

  [From NG_51.1017.e][#422442]

• You can configure content switching on the NetScaler Gateway appliance. When users connect, the appliance terminates SSL connections and then does content switching prior to honoring policies on NetScaler Gateway. For more information about content switching, see Content Switching in the NetScaler documentation.

  The following example contains the general steps for configuring content switching with NetScaler Gateway:

  1. Configure the NetScaler Gateway virtual server.

  2. Configure internal load balancing virtual servers for any traffic that is being content switched.

  3. Define the services over which connections communicate and then bind the services to the load balancer. For example, you can use the following commands:
     Add service artemis-xm 19.70.1.2 HTTP 443
     Add service sharefile_server 10.70.1.3 HTTP 443
     bind lb_vserver lb_appc artemis_xm
     bind lb_vserver lb_sharefile sharefile_service

  4. Define the URLs with specific patterns to go to one of the two internal load balancers. All other network traffic goes to NetScaler Gateway. For example, you can use the following commands:
     add csaction appc_cs –targetLbVserver lb-appc
     add csaction sharefile_cs –targetLBVserver lb-sharefile
     add policy patset cs_list
     bind patset cs_list “/zdm/�
     bind patset cs_list “/devicecheck�
     add cspolicy appc_cs –rule “http.req.uri.contains_any(cs_list)� –action appc_cs
     bind vpn vserver artemis_ng –policy appc_cs –priority 10
     add cspolicy sharefile_cs “http.req.url.startswith(‘/sharefile’) …
     bind vpn vserver argemis_ng –policy sharefile-cs –priorit 11

  [From NG_51.1017.e][#438365]

• Users can log on to NetScaler Gateway by using Risk-Based Authentication that is part of delegated forms authentication support in StoreFront.

  [From NG_51.1017.e][#448538]

Known Issues in This Release

1. If the appliance has NetScaler Gateway virtual servers or AAA-TM configured and you upgrade to Version 10.5, Build 51.1017.e, user attempts to log on with LDAP authentication might fail.

   [From NG_51.1017.e][#501641]

2. If you configure endpoint analysis policies on NetScaler Gateway, when users log on by using either Safari or Firefox web browsers and if Symantec Endpoint Protection is installed, the link to download the Endpoint Analysis Plug-in does not appear after the time expires. This only occurs when the setting Network Threat Protection in Symantec Endpoint Protection is enabled and if the Endpoint Analysis Plug-in is not previously installed. The failure is due to the Port Scan setting, which can be changed by using the instructions in the article Built-in signatures for Symantec Endpoint Protection IPS for Mac on Symantec's web site.

   [From NG_51.1017.e][#505075]