In the TechZone article NetScaler Global Deny List: Always-on protection for the threats you haven’t modeled yet the following is stated:

Always evaluated: Unlike WAF signatures, NetScaler Global Deny List rules are evaluated unconditionally for relevant traffic before requests hit subsequent processing modules. If traffic matches a global deny rule, it is immediately blocked. 

However, this feature doesn't appear in the Packet Flow diagram in docs (https://docs.netscaler.com/en-us/citrix-adc/current-release/getting-started-with-citrix-adc#packet-flow).

Have I missed something here? Does this evaluate in the traffic flow in the same place where WAF or somewhere else?

Is there a way to unbind all CipherGroups from an SSL Profile without entering it's name? (Or somehow script our way around it)?

Let's say we have an SSL Profile called ns_default_ssl_profile_frontend and currently we have bound a Cipher Group called comping-cipher-2025-q1 and we want to replace it with comping-cipher-2026-q1. This case is easy when we know the name, but if the old cipher is named comping-cipher-2023-q2, the unbind command wouldn't work anymore.

The target is to homogenize our managed environments and apply similar setup for TLS posture, but the starting point is not ideal. Ideas?

A security bulletin for NetScaler CVE's (CVE 2026-3055 and CVE 2026-4368) has been published here: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300 There's an associated blog for Global Deny List which was published sometime ago: https://community.citrix.com/techzone-blogs/netscaler/netscaler-global-deny-list-always-on-protection-for-the-threats-you-havent-modeled-yet-r1254/. If you see public discussions about CVE's on any public forum such as reddit etc, please point customers to this link, we'll be answering questions here.

I’m looking to automate SSL certificate management on our Citrix NetScaler.

I’ve read in several posts that Citrix ADM, now called NetScaler Console, uses ACME for certificate renewal. I also found multiple references stating that ACME should be supported starting with release 14.1. However, I couldn’t find any confirmation in the 14.1 release notes that ACME is already available for the on-premises version.

Release Note: https://docs.netscaler.com/en-us/updates?product=NetScaler%2520Console%2520on-prem%2520%28ADM%29&version=14.1&build=56.71

Has anyone gained practical experience using ACME with Citrix ADM/NetScaler Console on-prem, or is this feature still in planning?

Thank you in advance for your help!

My CCE-AppDS certification is due to expire at the end of the year and I'm trying to understand the current Cloud/Citrix/Netscaler policy for recertifying.

Previous resources https://elearning.citrix.com/ and https://training.citrix.com/ which contained a bunch of useful information about exams, different available certification paths, preparation resources and docs describing the topics of exams are not available anymore and the only resource I found is https://www.citrix.com/training-and-certifications/ which contains too few information (or I failed to find it) and doesn't give the clear understanding.

Also I didn't find a way to ask Cloud/Citrix/Netscaler directly about the questions I worry about, the provided link suggests to ask a question to Webassessor support but I don't think they can answer to questions, not related to exam technical problems. So I'm trying to ask the questions here with the hope the community could help :)

• Do I understand correctly "Citrix Certified Expert – App Delivery and Security (CCE-AppDS)" certification doesn't exist anymore and "the top" certificate now is "Citrix Certified Professional – App Delivery and Security (CCP-AppDS)", which previously was just the middle step?

• Does having actual CCE-AppDS certificate the valid and enough prerequisite for passing CCP-AppDS exam or it's necessary to pass some training (or start from CCA-AppDS)??

• Which topics are covered by the current CCP-AppDS related exam - are there the same as "old" CCP-AppDS or "old" CCE-AppDS or it's smth new? Is it possible to find somewhere the official document with the topics of the current exams like the ones existed previously on Training and E-Learning resources?

Thanks in advance,

Aleksei

If it is, is there a plan to publish an updated CPX image for 14.1?

Thanks!