Jump to content

Recommended Posts

Posted

The old Citrix Gateway plugin for macOS is pretty much replaced with the Citrix Secure Access Client. According to the docs (https://docs.netscaler.com/en-us/netscaler-gateway/citrix-gateway-clients/citrix-sso-for-ios-macos-devices)

Quote

The legacy VPN client was built using Apple’s private VPN APIs that are now deprecated. VPN support in Citrix Secure Access for macOS and iOS is rewritten from the ground up using Apple’s public Network Extension framework.

But for some reason the Gateway still includes the deprecated binary (version 4.4.8 (518)) and if the user hits the NetScaler Gateway using their web browser, this plugin offered for the client:

image.png.9825065991562626f227674430a393c3.png

To avoid this from happening, I started gathering the User-Agent information and requested URLs to show a Responder HTML page guiding the end user to go to AppStore and download Citrix Secure Access Client. I got this done for Safari with HTTP.REQ.HEADER("User-Agent").CONTAINS("Machintosh") && HTTP.REQ.URL.EQ("/vpns/m_services.html").

However, the Secure Access Client seems to support also logging in with web browser and the same m_services.html is used to start the plugin. So, we're blocking installing the old plugin with the Responder, but on the other hand, we're losing the ability to connect using browser.

Am I missing something or has anyone else found a solution for such use case?

  • 2 weeks later...
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...