Skip to main content
Loading the Elevenlabs Text to Speech AudioNative Player…

What’s Going On?

NetScaler (briefly known as Citrix ADC) firmware 13.0 has officially reached end of life (EoL) as of Monday, July 15th, 2024. Past this date, NetScaler deployments running 13.0 are no longer eligible for vendor support. NetScaler 13.0 is also under no obligation to receive security fixes through new firmware builds.

What Should Customers Do?

Customers still running NetScaler 13.0 firmware (including their SDX bundle) should immediately plan to upgrade to NetScaler firmware 13.1 or 14.1 to restore their deployments to a supportable state and remain eligible for security and stability fixes and feature updates.

Where possible, NetScaler 14.1 would be an ideal target for most customers to gain access to newer features.

Per NetScaler release notes documentation, NetScaler firmware 13.0’s last build at the time of this advisory is 92.31 released on July 9th, 2024. This release addressed security vulnerabilities described in CTX677944, CTX677998, and CTX678072. Customers who are unable to upgrade to a supported firmware release should, in the interim, ensure they upgrade to this last build of 13.0 as soon as possible to address these security vulnerabilities.

Are There Migration Considerations?

Transitioning off NetScaler 13.0 has several considerations that may require careful planning, including but not limited to the following:

  • Classic policy expressions remain depreciated or outright unsupported or removed for some features. The nspepi tool can assist in identifying and converting affected policies
  • Certain features relying on classic policies are no longer supported on 13.1 and onward, having been depreciated on prior firmware releases, and must be migrated to alternative equivalent features that support advanced policy expressions
  • Basic authentication policies (and those bound directly to Citrix Gateway vServers) are depreciated and should be transitioned to advanced authentication (nFactor) with AAA-TM vServers. While they may continue to function, support may be best-effort as they are not recommended
  • Classic policy expressions on session policies remain depreciated and should transition to advanced policy expressions. This entails re-creating the session policies (the profiles can be re-used), unbinding all session policies using classic expressions from all vServers or AAA groups of the appliance, and binding the replacement policies to those objects
  • Endpoint Analysis (EPA) scans defined in session policies should transition to advanced authentication policies
  • Portal themes used on NetScaler (Citrix) Gateway or AAA-TM vServers other than RfWebUI-based themes are unsupported. If you are using a built-in theme such as Greenbubble, X1, or Default or a custom theme based on them, they are unsupported on 13.1 and beyond as RfWebUI-based themes are necessary for various functions of advanced authentication
  • In NetScaler 14.1, configuring SSL settings directly on vServers is depreciated. While it remains functional, the ability to do so may be removed in a later firmware release. NetScaler is encouraging customers to adopt SSL profiles, which are a more convenient and centralized way to control SSL settings across multiple vServers and minimize human error that may unintentionally create less secure SSL/TLS configurations

NetScaler 13.1 or 14.1’s “preconfiguration” checking tool can help assess the presence of depreciated or removed features to aid in migration planning and determine what configuration adjustments might require implementation before attempting an upgrade. Some classic policy configurations can be automatically migrated during the upgrade but should be thoroughly tested post-upgrade to ensure they are functional.

Supplemental Links:

We’re Here to Help

Ferroque Systems is a recognized leader in NetScaler professional and managed services. We have a strong track record of designing, deploying, and supporting NetScalers for commercial and enterprise customers worldwide.

Contact us to discuss the current state of your NetScaler fleet. We will assist you in crafting a path forward to ensure your NetScalers remain supported, stable, and secure.

  • Ferroque Systems
    Ferroque Systems

    Ferroque Systems is a technology consulting, IT advisory, and managed services firm specialized in virtualization and digital workspaces. Recognized internationally for our Citrix expertise, we focus on delivering innovative solutions to meet the needs and strategic goals of growing enterprise and mid-market businesses across the globe.

Redefine Your Approach to Technology and Innovation

Schedule a call to discover how customized solutions crafted for your success can drive exceptional outcomes, with Ferroque as your strategic ally.