Posted  by  admin

Download Netscaler Gateway For Mac

  1. Netscaler Gateway App
  2. Netscaler Gateway Plug In Download
  3. Download Netscaler Gateway For Mac Catalina

NetScaler Gateway 10.1. Sign In to access restricted downloads. Evaluations and Trial Software. Earlier Versions. Access Gateway. Sign In to access restricted downloads. Earlier Versions. NetScaler Gateway Plug-in v4.4.8 for Mac OS X. Jul 22, 2019. NetScaler Gateway Plug-in v4.4.4 for Mac OS X. Download Citrix Workspace app.

Applicable Products

  • NetScaler Gateway

Objective

This article contains information about how to configure NetScaler Gateway EPA to scan the Media Access Control (MAC) address to authenticate the IP address of the user.

Background

When authenticating the (MAC address of an internet user against predefined combinations of MAC addresses and IP addresses, the network-based MAC address scan fails. This is because the network traffic from the internet does not contain the actual MAC address of the user. The MAC address available with the network traffic is that of a gateway or an intermediate appliance.

Therefore, to scan the MAC address from the computer of the user, registry-based scan or a Client Security scan must be performed.

Instructions

Registry Based Method

Complete the following procedure to perform a registry-based scan for the MAC address of an internet user to authenticate them against predefined combinations of MAC addresses and IP addresses:
Note: The following procedure contains a sample configuration with registry scan to search the MAC address or an equivalent entry in the registry of the computer.

  1. Search the MAC address in the registry of the computer.The exact match of the MAC address might not be easy to search. However, you can search for an equivalent entry for the MAC address. To search, run the following command on from the command prompt:
    net config rdr
    The following is the sample output of the command:

    The command completed successfully.

    Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

  2. Run the following command from the command prompt to start the Registry Editor utility:
    regedt32
    Note
    : Do not use the regedit command to start the Registry Editor utility. You cannot make the appropriate search if you run the regedit command.

  3. Search the key identified in the Step 1, such as A38A41F5-783E-4AED-9035-A2798922CE33, in the registry of the computer.The search for the sample entry displays that the key exists at the following location in the registry:

    The following screen shot displays the location of the key in the Registry Editor Window:

    In addition, the search shows that the sub key for this entry is NetCfgInstanceId. To locate the actual network interface card (NIC), ensure that you check all the options available under the entry. In the preceding screen shot, the Status Bar of the Registry Editor Window displays the complete path of the sub key.

  4. Run the following command from the command line interface of the NetScaler appliance to add the path that is identified in the preceding steps of the procedure:
    add aaa preauthenticationpolicy scan_epa q/CLIENT.REG(HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass
    {4D36E972-E325-11CE-BFC1-08002BE10318}
    0011_NetCfgInstanceId).VALUE '
    { A38A41F5-783E-4AED-9035-A2798922CE33}
    ' && REQ.IP.SOURCEIP 10.103.0.42/ EPA

    In this command, scan_epa is the name of the policy and EPA is the name of the action.

  5. Run the following command from the NetScaler CLI to enable pre-authentication checks:
    set aaa preauthenticationparameter -preauthenticationaction ALLOW -rule ns_true

    Note: Use this procedure to authenticate a small group of users. However, it might not be practical to add each of the large number of Secure Access (SSL VPN) users.

Non-Registry Based Method

The following is the preauthentication policy for MAC address and domain check:
EPA MAC Check CLIENT.SYSTEM('MAC_ADDR_anyof_XXXXXXXXXXXX[COMMENT: MAC Address]') EXISTS – no colons or spaces or dashes in the MAC address.

To enable preauthentication policy for MAC address, run the following command from CLI:
add aaa preauthenticationpolicy <policy name> 'CLIENT.SYSTEM('MAC_ADDR_anyof_<MAC address>[COMMENT: MAC Address]') EXISTS' <Action Name>

Additional Resources

MAC's MAC addres filter in EPA will be as below

CLIENT.SYSTEM(MAC-MAC_ADDR_anyof_<MAC-addr>[COMMENT: MAC Address]) EXISTS

where as for Windows it appears as

MAC_ADDR_anyof_<MAC-addr>[COMMENT: MAC Address]

Disclaimer

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Citrix Netscaler is available as a physical appliance and virtual appliance. Netscaler Virtual appliance is available for XenServer, VMWare ESXi, Hyper-V and KVM. This post will cover the installation of Netscaler VPX on VMWare ESXi host. Even though we are using netscaler 12.x build here, the procedure is same for almost all versions of Netscaler VPX appliances for VMWare ESXi.

NetScaler VPX Installation on ESXi

We need to download the netscaler VPX for ESXi from citrix.

Pre-requisites:

  • My citrix login credentials to download media and license.
  • Two free IP ( with subnet mask gateway) One for Netscaler IP ( NSIP) and another for subnet IP (SNIP)
  • DNS server details (optional)
  • Time Zone
  • Necessary ESXi resources and login credentials for ESXi host.

Importing Netscaler OVF

Extract the downloaded zip file which will contain mf, ovf and vmdk files as shown below.

Login to ESXi host or VCenter server- Select new vm in web console or file – deploy / import ovf in vsphere client

Select deploy OVF – Next

Provide the Name for VPX and select or drag and drop all 3 files as shown below, only two files will show after selecting.

Select the datastore

select the network card for VPX

view and finish

With this Netscaler VPX will be created on ESXi and it will be powered on.

Netscaler VPX initial Configuration

once VPX is powered on – Open console and provide the ip details

  • Netscaler IP – This is NSIP, used for management
  • Subnet Mask
  • Gateway

enter 4 for save and quit – Enter

Check the login nsroot/nsroot

Now the VPX is installed and we can manage from web browser.

Netscaler VPX assigning SubnetIP and Hostname

Login to netscaler by entering the NSIP provided earlier. default login details are user nsroot and password nsroot

skip the ceip

select the subnet IP

provide the Subnet IP and Mask, Subnet IP is used for internal servers and services communication

Similarly click on host name, provide hsotname for netscaler, DNS server IP’s ( click on + sign for multiple DNS) and time zone.

Netscaler will reboot to apply changes, select Yes

Login to Netscaler after reboot.

Click on license

If you have license bound to host id import else select do it later , Will cover below how to license VPX.

Review all the IP’s and details and continue.

Netscaler VPX is ready, But need to license it.

Licensing Citrix Netscaler VPX

License Netscaler Licenses are bound to Host ID which is the MAC address of the network interface in case of VPX. For Physical appliances, login to portal and download directly the license file as host ID is not required, its already hoard coded.

Identifying Netscaler Host ID

Netscaler host ID can be identified in 2 ways in GUI as shown below. Configuration – system – Host ID

The second way of getting host ID and the best way is using CLI. Configuration – System – Diagnostics – Command line interface.

Netscaler Gateway App

Run below commands as shown below.

  • shell
  • lmutil lmhostid
Download citrix netscaler gateway free

Then Host ID will show as below.

Login to Mycitrix portal – allocate – select your vpx license – provide Host id taken from above step and download license.

Adding Netscaler Licenses

After downloading the license – Configuration – System – License – Select Manage license

Select add license

Browse the license in local computer as shown below – open

Select reboot to apply the license.

Confirm reboot

Netscaler Gateway Plug In Download

After reboot login to verify the edition and license features, in my case its platinum.

Download Netscaler Gateway For Mac Catalina

Hope this post is useful. Your suggestions and comments are most welcome.