Vulnerability in Citrix Access Gateway Standard Edition 5.0 could result in unauthorized access to network resources

A vulnerability has been identified in Citrix Access Gateway Standard Edition that could allow an unauthenticated user to gain access to network resources.

This vulnerability has been assigned the following CVE number:

• CVE-2013-2263

This vulnerability affects all 5.0.x versions of the Citrix Access Gateway Standard Edition appliance firmware earlier than

Citrix Access Gateway Standard Edition versions 4.5.x and 4.6.x are not affected by this vulnerability.

What Customers Should Do Continue reading “Vulnerability in Citrix Access Gateway Standard Edition 5.0 could result in unauthorized access to network resources”

Citrix Access Gateway consolidation

The Citrix Access Gateway team is pleased to announce changes being made to simplify the product line and sales process. On September 17, 2012 the following changes were announced:

Products Discontinued

  • Access Gateway VPX (non-NetScaler code)
  • Access Gateway 2010
  • Access Gateway software editions 4.x and 5.x
  • Extended warranty option for Access Gateway MPX 5500

Name Change

  • Access Gateway MPX (formerly Access Gateway 5500)

New! Citrix Access Gateway VPX

Citrix has announced the new Access Gateway VPX virtual appliance based on NetScaler to replace the discontinued Access Gateway VPX.

Read more here.

How to configure StoreFront with Access Gateway 5.0.4 in Controller Mode

Citrix has released this cool video (apporx 30 min long) which shows you how to configure StoreFront with Access Gateway 5.0.4 in Controller Mode.

Access Gateway licensing demystified

Access Gateway discussed in this blog is the Access Gateway based on NetScaler, which is popularly referred to as Access Gateway Enterprise. Citrix has recently announced End of Life for all non-NetScaler based Access Gateway platforms, which then makes Enterprise edition, the de-facto Access Gateway.

In this blog, Prashant Batra will discuss the two license types used on your Access Gateway appliance, the two kinds of vServers you can set up to leverage these licenses to provide standard / advanced functionalities, and an example scenario towards the end, to help illustrate these concepts in a real scenario.

License Types

Access Gateway is licensed at two levels:

  • Platform License
  • Universal License

Platform Licenses

Every Access Gateway (VPX/MPX) comes with a Platform license, which enables all the basic functionality in Access Gateway. After purchasing an appliance, this license is automatically made available in your MyCitrix account, and can be easily downloaded and installed on your appliance.

Platform licenses can be used to provide seamless access to:

  • ICAProxy access to XenApp / XenDesktop, using Web Interface
  • ICAProxy access to XenApp / XenDesktop, using Storefront (CloudGateway Express)

Read the rest of Prashant Batra’s blog here on the Citrix blogs.

Mac OS X 10.8 (Mountain Lion) Access Gateway VPN client fails


This document contains information on issues that are reported when using Citrix Access Gateway VPN Client with Mac OS X 10.8 (Mountain Lion). An attempt to connect to a VPN tunnel fails and possibly crashes the machine.


The Access Gateway VPN Client (all versions) is currently not supported with Mac OS X 10.8 Mountain Lion.


Citrix recommends uninstalling the plug-in. At this time, there is no workaround for the Access Gateway VPN Clients when using Mac OS X 10.8 Mountain Lion.


Citrix is currently investigating this issue.

Read the original post here at the Citrix Knowledgebase.

Access Gateway 10.0 build 54.6 Licensing issues

Access Gateway 10.0 build 54.6 disables all AG functionality if the hostname within the license file is anything other than “ns”. Note: This issue affects all Access Gateway 8.x and 9.x instances that upgrade to version 10.0 build 54.6.


The Access Gateway license file is locked to the hostname of the device, and at start up versions of Access Gateway, check for the existence of an appropriate license. If the licenses are found and are verified, the functionality is turned on. This applies to both the ICA Proxy capability of the Access Gateway platform licenses, as well as the advanced Access Gateway features turned on by the universal licenses.

Build 54.6 of 10.x (the first build of release 10.0) was found to have an issue with how the license files were parsed, which leads to all Access Gateway functionality being disabled. This is because the software is checking for the hostname “ns” within the license files, whereas in most production deployments the hostname of the device is always something that is environment specific, and is expected to match the hostname set for the device itself.


Citrix is currently working on a new build of Access Gateway 10.0 with a fix to address this issue. Until then, do not upgrade Access Gateway 9.x instances or NetScalers to version 10.0 where the Access Gateway capability is used.

You can read the original post here.