Citrix Access Gateway Release (blog)

Citrix Access Gateway (based on the NetScaler platform) provides the best secure application access for Citrix XenApp and Citrix XenDesktop virtual desktops and applications. It is also the remote access component of Citrix CloudGateway, which offers secure delivery of Web, SaaS and iOS apps, along with ShareFile data. With all the prowess of the proven NetScaler platform, comes a standard tradeoff of simplicity vs. power. With all the features and control that an Access Gateway offers, it can be intimidating for some of us. At Citrix, we take the end user experience very seriously, and want to make sure that you get the job done, with the least effort possible, without compromising on the capabilities that our products can offer! With this vision, in our (just released) Z3 release, we have created a new Simplified Configuration Wizard in Access Gateway. This Remote Access wizard is meant to assist our most common use cases – Remote Access to Published Apps & Desktops, as well as CloudGateway. On the new Access Gateways (or NetScalers), based on release, you will be able to access this wizard, in the following ways:

  1. On an appliance, licensed as purely an Access Gateway (does not provide any additional NS service), you will see a new Access Gateway Home Tab, next to the Dashboard Tab. Clicking on this Home tab will take you to the new AGEE home page, which shows basic monitoring information, specific to Access Gateway. More importantly, in the top right corner, you will see a link called ‘Create New Access Gateway’. Clicking this link launches the new Remote Access Wizard.
  2. On NetScaler appliances / VPX, you will be able to reach the same Access Gateway Home page by clicking the Access Gateway Configuration summary node. Exact Location: Configuration -> Access Gateway -> Getting Started -> Create/Monitor Access Gateway. This will take you to the same Access Gateway Home page as described above. Once there, you will see a link called ‘Create New Access Gateway’. Clicking this link launches the new Remote Access Wizard.

This wizard is split into following configuration blocks:

  • Access Gateway Settings
  • Authentication
  • Certificate
  • DNS
  • Remote Access configuration for Web Interface / CloudGateway

Running this wizard automatically creates for you, various policies (authentication, session, …), and binds them to an AG vServer.   Lets take a look at the various policies created:

Continue reading more of this article here at the Citrix blogs.

Security vulnerabilities in Citrix Access Gateway standard edition

Three security vulnerabilities have been identified in Access Gateway Standard Edition:

    • Directory traversal in Access Gateway Standard Edition 5.0.x prior to version 5.0.4 (critical severity)

    • Access Gateway Standard Edition 5.0.x can act as an open proxy (high severity)

    • Text content injection in Access Gateway Standard Edition 5.0.3 and 5.0.4 (low severity)

Access Gateway Standard Edition versions 4.5.x and 4.6.x and currently supported versions of NetScaler Access Gateway Enterprise Edition are not affected by these vulnerabilities.

What Customers Should Do

A patch for version 5.0.4 of the Access Gateway Standard Edition firmware has been released to address these vulnerabilities. Citrix strongly recommends that all customers using affected versions of Access Gateway Standard Edition apply this patch to their appliances as soon as possible. This patch can be found at the following location:

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. If you would like to report a security issue to Citrix, please compose an e-mail to stating the exact version of the product in which the vulnerability was found and the steps needed to reproduce the vulnerability.

Read the original KB article here.

Citrix Access Gateway and VDI-in-a-Box – Firewall Exceptions

Communication between end-points and the CAG

All traffic between end-points (users) and the CAG is tunneled securely over SSL. This applies throughout the entire process from user authentication to desktop delivery.

• TCP Port 80 (used for redirection to 443)

• TCP Port 443 Continue reading “Citrix Access Gateway and VDI-in-a-Box – Firewall Exceptions”