You can configure NetScaler Gateway to provide users with multiple logon options. By configuring the client choices page, users have the option of logging on from one location with the following choices:
Nov 18, 2019 We ready to roll out MAC IS 10.15 Catalina. Is there a Citrix Access Gateway plugin for 10.15? We are using an onsite Netscaler 12.1. The Network Access with the NetScaler Gateway Plug-in (VPN) button is. Then an Endpoint Analysis plug-in is downloaded to the Windows or Mac client. To make use of these features, we will need the CAG plug-in installed on our client. Currently, the plug-ins are available for MAC.
- NetScaler Gateway Plug-in for Windows
- NetScaler Gateway Plug-in for Mac OS X
- NetScaler Gateway Plug-in for Java
- StoreFront
- Clientless access
Users log on to NetScaler Gateway by using the web address provided. By creating a session policy and profile, you can determine the logon choices users receive. Depending on how you configure NetScaler Gateway, the client choices page displays up to three icons representing the following logon choices:
Users log on to NetScaler Gateway by using the web address provided to them. By creating a session policy and profile, you can determine the logon choices users receive. Depending on how you configure NetScaler Gateway, the client choices page displays up to three icons (picture above) representing the following logon choices:
- I'm using the Citrix Netscaler Gateway for Mac (Version 3.1.8 which is the newest for mac) and macOS High Sierra. When I use the Gateway Plugin to connect to our gateway, it seems to work, because the the NetScaler starts and shows the popup 'Connected to xyz'. But when I try to open a website of the connected vpn, it is not possible.
- Aug 19, 2020 Mac EPA plug-in version must be greater than 3.0.0.31 Mac VPN plug-in version must be greater than 3.1.4 (357) Note: If the Citrix ADC appliance is upgraded to the 11.0 release, all previous VPN (and EPA) plug-ins upgrade to the latest version irrespective of upgrade control configuration.
- When a user connects to the NetScaler Gateway portal using an older client, they will be prompted to upgrade: The pluginlist.xml file exists only in NetScaler Gateway version 11.0 and later. Modify the version and compatibleFrom attributes as shown in the following example: Sample plugin node with type 'MAC-VPN' in pluginlist.xml before update.
Netscaler Gateway Plugin 3.0 For Mac Download
- Network Access. When users log on to NetScaler Gateway for the first time by using a web browser and then select Network Access, the download page appears. When users clickDownload, the plug-in downloads and installs on the user device. When the download and installation is complete, the Access Interface appears.
- StoreFront. If users select the Storefront to log on, the Storefront page appears. Users can then access their published applications or virtual desktops. If users select StoreFront to log on, Receiver opens and users can access applications and desktops.Note: If you configure StoreFront as a client choice, applications and desktops do not appear in the left pane of the Access Interface.
- Clientless access. If users select clientless access to log on, the Access Interface or your customized home page appears. In the Access Interface, users can navigate to file shares, web sites as intranet, and use Outlook Web Access if published.
If users select the NetScaler Gateway Plug-in for Java, the plug-in starts and users are logged on. The choices page does not appear of course.
Secure Browse allows users to connect through NetScaler Gateway from an iOS device. If you enable Secure Browse, when users log on by using Worx Home, Secure Browse disables the client choices page.
So how do we cleanly customize this page without the need of modifying any html or java files. The Netscaler has a powerful rewrite engine that allow us to basically modify any content we want. So let’s suppose we would like to do the following changes to meet the company’s customization needs.
Attention: RfWebUI theme is used in this case. If you are using the X1 theme, you may need to modify the configuration a bit to make it work.
- Change the text “Network Access Connect with the NetScaler Gateway Plug-in.” to something like “Full Tunnel (Remote VPN)“
- Change the text “Clientless Access” to something like “Intranet, Intranet & SharePoint Access“
- Change the text “Virtual App and Desktop Access” to something like “Published Desktops & Applications“
I suggest that you use the browser’s “F12 Developper Tools“. It is really handy when looking for which content you like to rewrite.
Code snippet: rewrite action and policies
add rewrite action delete-clientchoice-sslvpn-action delete_all “HTTP.RES.BODY(1200000).SET_TEXT_MODE(IGNORECASE)” -search “text(”Connect with the NetScaler Gateway Plug-in”)”
add rewrite action replace-clientchoice-cvpn-action replace_all “HTTP.RES.BODY(1200000).SET_TEXT_MODE(IGNORECASE)” “”Email, Intranet & Sharepoint Access”” -search “text(”Clientless Access”)”
add rewrite action replace-clientchoice-icaproxy-action replace_all “HTTP.RES.BODY(1200000).SET_TEXT_MODE(IGNORECASE)” “”Published Desktops & Applications”” -search “text(”Virtual App and Desktop Access”)”
add rewrite action replace-clientchoice-sslvpn-action replace_all “HTTP.RES.BODY(1200000).SET_TEXT_MODE(IGNORECASE)” “”Full Tunnel (Remote VPN)”” -search “text(”Network Access”)”
add rewrite policy replace-clientchoice-icaproxy-policy “HTTP.REQ.URL.CONTAINS(”ctxs.core.min.js”)” replace-clientchoice-icaproxy-action
add rewrite policy replace-clientchoice-cvpn-policy “HTTP.REQ.URL.CONTAINS(”ctxs.core.min.js”)” replace-clientchoice-cvpn-action
add rewrite policy replace-clientchoice-sslvpn-policy “HTTP.REQ.URL.CONTAINS(”ctxs.core.min.js”)” replace-clientchoice-sslvpn-action
add rewrite policy delete-clientchoice-sslvpn-policy “HTTP.REQ.URL.CONTAINS(”ctxs.core.min.js”)” delete-clientchoice-sslvpn-action
Code snippet: binding of rewrite policies (Let’s suppose your access gateway VIP name is: UG_VPN_Unifiedgateway
bind vpn vserver UG_VPN_Unifiedgateway -policy replace-clientchoice-sslvpn-policy -priority 100 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver UG_VPN_Unifiedgateway -policy delete-clientchoice-sslvpn-policy -priority 110 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver UG_VPN_Unifiedgateway -policy replace-clientchoice-cvpn-policy -priority 120 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver UG_VPN_Unifiedgateway -policy replace-clientchoice-icaproxy-policy -priority 130 -gotoPriorityExpression END -type RESPONSE
The result may look something like this:
Netscaler Gateway Plugin 3.0 For Mac Windows 10
Of course you can create additional rewrite actions and policies to modify whatever you like on the client choice page.
Have a wonderful day 🙂
A list containing the majority of Citrix ADC (formerly NetScaler ADC) support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.
The page is updated daily with new support articles and information. Articles will change from time and if information here is outdated or incorrect please let me know using the comments. Links may also expire or change so if you find broken links, please again let me know. For each issue, known product versions affected are recorded however that does not mean product versions that aren’t listed are not affected.
There is a search box that you can use if looking for a specific fault. For example if you have an error code or error message, use that to perform a search. You can also use your browsers search feature which will perform a search against the whole page based on the words you enter.
NetScaler / Citrix ADC:
| wdt_ID | Brief Description of Issue | Brief Description of Fix | Applicable Product Versions Affected (if known) | Link to supplemental Support Article(s) |
|---|---|---|---|---|
| 1 | In the Persistency Table, you can only see one backend server connection mapped to the source client however when running command 'show ns connection table' you can see connections from the source client to multiple backend servers. | Upgrade to 11.1.54.14. | https://support.citrix.com/article/CTX227016 | |
| 2 | When more than one interface is in the same vLAN, you observe MAC moves and MAC conflicts between the NICs. | Move the affected NICs in to different VLANs or else aggregate the interfaces in to a link aggregated channel. | https://support.citrix.com/article/CTX224626 | |
| 3 | When editing a document through the local machine you receive error 'Cannot open a file, incorrect syntax or file path'. | A WireShark trace shows that the client was sending a request to a server not configured on any of the Content Switching policies. Once the server was mapped to a Load Balanced Virtual Server the document was editable through the local machine. | https://support.citrix.com/article/CTX226892 | |
| 4 | Content Switching Virtual Server sends traffic to the wrong Load Balancing Virtual Server, resulting in users receiving 404 HTTP responses. | Enable 'Drop Invalid HTTP Headers' on NetScaler. When the Content Switch receives HTTP invalid/corrupt header next packets from the same source IP the client may be redirected to an incorrect destination. | https://support.citrix.com/article/CTX226724 | |
| 5 | When trying to add a new node to a cluster, you receive rrror 'Invalid interface name/number'. | Make sure you are not using an incorrect backplane interface ID number. | https://support.citrix.com/article/CTX220432 | |
| 6 | When connecting to RDP via NetScaler Clientless VPN bookmarks, the RDP window terminates with error 'An internal error has occured' and the NetScaler resets the backend connection with reset code 9952. | This is caused by a domain mismatch in the LDAP Profile. The SSO Name attribute should be set to 'SamAccountName'. | https://support.citrix.com/article/CTX226709 | |
| 7 | In a High Availability setup, an unusually large spike in the number of persistent connections may result in under performance of the Secure Socket Funneling channel between the primary and secondary node. This under performance can eventually lead to session build up on the primary node and cause persistence to fail. Users are then sent to backend servers based on the Load Balancing method. | This is a known issue and will be resolved from NetScaler versions 12.0.53.x, 11.1.56.x and 11.0.70.x. As a workaround you can enable Nagle's Algorithm and disable Window Scaling on the 'nstcp_internal_apps' TCP profile. | https://support.citrix.com/article/CTX226583 | |
| 8 | You are unable to bind multiple services to a Load Balancing Virtual Servr at the same time using the GUI. | Upgrade to NetScaler version 11.1.53.x. | NetScaler 11.1.51.x and 11.1.52.x. | https://support.citrix.com/article/CTX226582 |
| 9 | The NetScaler Gateway Plugin interrupts DHCP requests that should be sent through the physical interface. Instead these requests are sent through the VPN tunnel. | This is a known issue. For Windows devices, the issue is fixed in 11.1 and 11.0.67.x. For MAC, a fix should be coming as part of the 'High Sierra' MAC plugin update. | https://support.citrix.com/article/CTX226379 | |
| 10 | Applications launched through NetScaler fail with no specific error. The loading dialog box appears and then dissapears. There is no issue with launches internally via StoreFront direct. | NetScaler tried to resolve the VDAs FQDN over UDP and the DNS response is received with a truncated bit. NetScaler should initiate a DNS query over TCP for the same FQDN but does not. This issue is being worked on by Citrix. As a workaround you can either add the VDA FQDN as a DNS A record directly on NetScaler or else reduce the size of the DNS response so that it can be accomodated in 512 bytes. | https://support.citrix.com/article/CTX226338 |