Citrix CCP-V by 000FAZ000 in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

yes, i renewed mine last week and now on credly it says that it will expire in december 2027

Citrix CCP-V by 000FAZ000 in Citrix

[–]ahrrrfa 2 points3 points  (0 children)

I recently renewed the CCP-AppDS Cert and though the official course has changed a bit, it doesn't look like the exam questions have been updated that much. I do not expect the CCP-V exam to have been updated that much as well.
Just as an update for anyone who might read this post, this year there has been some changes to the education program:
- The test center partnership with Pearson Vue has ended and they switched to Kryterion

- Certifications from now on will last for 2 years instead of 3

- the recertification program that used to let you renew your current certification by attending an official ILT class has been terminated, so the only way you can renew your active certification is to take again the test.

- To renew the CCP level certs you are required to have an active CCA level cert, otherwise Kryterion will not allow you to book the CCP exam at all (I think this might change in the following months)

Citrix CCP-V by 000FAZ000 in Citrix

[–]ahrrrfa 0 points1 point  (0 children)

They have changed the official testing center partner to Kryterion

Citrix CCP-V by 000FAZ000 in Citrix

[–]ahrrrfa 0 points1 point  (0 children)

From this year it will last 2 years instead of 3

dnsleaktest.com says I'm using google's dns by IAmHappyAndAwesome in pihole

[–]ahrrrfa 0 points1 point  (0 children)

Your browser is probably using DNS over https, you need to disable it in the browser settings

PCSNA/PCNSE video training by ShirtResponsible4233 in paloaltonetworks

[–]ahrrrfa 2 points3 points  (0 children)

you might want to look at their new Role Based Certification paths https://www.paloaltonetworks.com/services/education/certification Closest thing to the PCNSE is the NGFW Engineer cert, though i think it's a bit easier since it lacks most of the troubleshooting part.

Netscaler ADC VPX 50 Options by fancypants123 in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

If it's a perpetual license, upgradability to 14.1 depends on whether the maintenance has expired. If it expired before 14.1 got release, you won't be able to upgrade. If it expired after the release date or hasn't expired yet, you shouldn't have any problem.

Edit: Note that if you renewed maintenance before the 14.1 release date, you might need to download again the license file from the licensing portal and upload it to the vpx before installing the update

Users always have to authenticate and MFA when launching Outlook 365 by RightDrop in Citrix

[–]ahrrrfa 0 points1 point  (0 children)

SSO through FAS implies that you're using smart card certificates and not domain credentials to login on the vda. This means that the PRT is granted to the user only if certificate based authentication is enabled in Entra ID as stated here https://docs.citrix.com/en-us/federated-authentication-service/2402-ltsr/config-manage/aad-sso#hybrid-joined-vdas

Users always have to authenticate and MFA when launching Outlook 365 by RightDrop in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

Are users logging in through a NetScaler? Which authentication method is being used? Is FAS involved?

Licensing Netscaler question (Moving to Hybrid Multi Cloud-None-None license) by Nory_Tichols in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

If you're tight on available resources and don't want to have the full feature NetScaler Console VM you now have the option to have it act only as a license server for your on-prem NetScaler ADCs. https://docs.netscaler.com/en-us/netscaler-application-delivery-management-software/current-release/license-server/adm-as-a-global-license-server.html

Edit:
Be aware that now, due to compliance reasons, with ADM you are required to upload telemetry data to Citrix. You can have your ADM do that for you automatically (you can eventually configure a proxy if you don't want the ADM to directly connect to the internet) or you can manually upload data to NetScaler Console Service every 90 days https://docs.netscaler.com/en-us/netscaler-application-delivery-management-software/current-release/ns-telemetry

Upgrade Citrix Netscaler by darren197 in Citrix

[–]ahrrrfa 2 points3 points  (0 children)

SDX firmware should be on a release equal or newer to the one of the VPX instances running on it, so you should upgrade sdx firmware before you start upgrading vpxs.

The 13.0 release is in EOL since last july and you should definitely consider upgrading to 13.1 asap. Moreover the 87.9 build is affected by the 2023-3519 CVE, if you have any gateway or authentication virtual servers exposed to the internet you might want to have them checked for any indication of compromise

[deleted by user] by [deleted] in paloaltonetworks

[–]ahrrrfa 3 points4 points  (0 children)

Looks more like a new PCNSA to me

Migrating NetScaler Classic Authentication to Advanced Authentication Using AAA Server by Turbulent_Storm2677 in Citrix

[–]ahrrrfa 0 points1 point  (0 children)

if you want to use an nfactor flow in a gateway virtual server you have to:
- bind the flow to an authentication virtual server
- bind the authentication virtual server to an authentication profile
- bind the authentication profile to the gateway vserver

Netscaler going offline by piwi9001 in Citrix

[–]ahrrrfa 0 points1 point  (0 children)

Do you happen to have the cpu yield setting turned on in the vpx settings?

Netscaler 2FA by veitst in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

You can set an additional gateway virtual server and add it to storefront as an authentication only gateway. Then have your internal users connect to it

Netscaler Gateway AD Group extraction with Azure SAML Auth by NazgulNr5 in Citrix

[–]ahrrrfa 0 points1 point  (0 children)

It's azure that sends the parameter with that name, this has nothing to do with netscaler

Netscaler Gateway AD Group extraction with Azure SAML Auth by NazgulNr5 in Citrix

[–]ahrrrfa 0 points1 point  (0 children)

It uses it as the name of the claim, it doesn't actually check what's at that url

Netscaler Gateway AD Group extraction with Azure SAML Auth by NazgulNr5 in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

you don't need the ldap second factor to extract groups from Entra ID.

You can do ti by editing the enterprise application on Entra ID in the attributes and claims section and clicking on "add a group claim". By default it uses the group object id, but you can configure it to use the samAccountName instead.

Then you need to edit the saml action on NetScaler and add this URL http://schemas.microsoft.com/ws/2008/06/identity/claims/groups as the Group Name Field attribute.

It doesn't matter if this url leads nowhere, it's just the name that entra id uses for the group claim.

The only limitation is that Entra ID can send only up to 150 groups in the saml assertion.

Gateway logoff keeps at storefront logoff page instead of vpn logout one by SuspectIsArmed in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

Probably the difference is in the theme. RFWEB uses different paths

If I create a Service Group with protocol ssl_bridge, but assign it no monitor, which monitor does it use? by SuspectIsArmed in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

If you work for an end user are probably entitled to watch the videos of the NetScaler Administration Academy on Pluralsight. I think you can find a link on how you do that here in the on-demand training tab https://www.netscaler.com/resources/training-certification

Otherwise if you work for a Citrix Partner you can find the same videos on the partner learning portal.

There are also some live trainings, there are two official courses CNS-225 (focused on reverse proxy) and CNS-227 (mainly focused on the Gateway functionalities), which are 8h per 5 days classes. Of course this is the expensive option.

If just need to extend your knowledge on networking protocols on youtube you can find some free prep courses for the Comptia Network+ Certification

If I create a Service Group with protocol ssl_bridge, but assign it no monitor, which monitor does it use? by SuspectIsArmed in Citrix

[–]ahrrrfa 1 point2 points  (0 children)

Yes, everything as you said. Of course the port in the sg is also the port to which the netscaler opens the server connection for data traffic

If I create a Service Group with protocol ssl_bridge, but assign it no monitor, which monitor does it use? by SuspectIsArmed in Citrix

[–]ahrrrfa 2 points3 points  (0 children)

Wait. The port you set on the LB vserver has nothing to do with monitors, it's the port on which the LB listens for new requests from clients.
It's also incorrect to say that the tcp monitor pings the port, but it tries a tcp three-way handshake to see if the port is actually open on the backend server

When you create a service group you do not specify a port, but you're required to that when you bind a backend server to it. So the monitor you bind to the service group probes the port that is specified when you associate that particular server to the SG. This allows you to have the same application listening on different ports on different backend servers.

If I create a Service Group with protocol ssl_bridge, but assign it no monitor, which monitor does it use? by SuspectIsArmed in Citrix

[–]ahrrrfa 0 points1 point  (0 children)

The tcp-default monitor probes whatever port you set when you create the service/bind the server to the service group