NetScaler Gateway Clients

Release Notes

April 18, 2024

Contributed by:

H C

Important:

Citrix SSO for iOS is now renamed to Citrix Secure Access. We are updating the UI screenshots in our documentation to reflect this name change. Also, you might notice Citrix SSO references used in the iOS documentation during this transition period.

The release notes describe the new features, enhancements to existing features, fixed issues, and known issues available in a service release. The release notes include one or more of the following sections:

What’s new: The new features and enhancements available in the current release.

Fixed issues: The issues that are fixed in the current release.

Known issues: The issues that exist in the current release and their workarounds, wherever applicable.

Important notes about EPA clients:

EPA clients are supported on macOS 10.13, 10.14, 10.15, 11.x, 12.x and 13.x versions.

EPA clients are supported on the NetScaler 12.1, 13.0, 13.1, and 14.1 versions.

V24.04.1 (18 April 2024)

What’s new

EPA libraries are updated to 24.04.1.0 (OPSWAT OESIS library V 4.3.3503.0).

[CSACLIENTS-9559]
This release addresses some issues to improve the overall performance and stability.

V24.03.1 (14 Mar 2024)

What’s new

EPA libraries are updated to 24.03.1.0 (OPSWAT OESIS library V 4.3.3460.0).
Automatic single sign-on (SSO) to Citrix Secure Access through Citrix Workspace app - Preview

Citrix Secure Access for macOS now supports automatic single sign on (SSO) to Citrix Secure Access when you log on to Citrix Workspace app. Ensure that you use Citrix Secure Access for macOS 24.03.1 and Citrix Workspace app for Mac 2402 and above, to leverage this functionality. This feature is supported only on cloud stores and not for on‑premises stores.
- Currently, this functionality is disabled, by default. You can sign up for the preview using https://podio.com/webforms/29383411/2410629.
- For admin and end-user instructions, refer to Automatic single sign-on to Citrix Secure Access through Citrix Workspace app for Mac - Preview.
- For end-user instructions, refer to Automatic single sign-on to Citrix Secure Access via Citrix Workspace app.
[CSACLIENTS-6321]
Overall performance and stability improvements

Citrix Secure Access client is enhanced with the following capabilities to improve the overall performance and stability:
- An increase in the number of the simultaneous connections that can be tunneled through a VPN. This is applicable only to iOS clients.
- An improved VPN connection resiliency with IPv6 gateways. This is applicable to both macOS and iOS clients.
[NSHELP-36903]

V24.02.1 (15 Feb 2024)

What’s new

Support for EPA scan operators on Mac clients

Citrix Secure Access client for macOS now supports all the operators <, >, >=, <=, ==, and != on the EPA editor. Also, the Mac OS option is available as a separate option on the EPA editor (Mac > Mac OS). You can perform a product version scan of your macOS devices using these operators.

For details, see the Note section in Advanced Endpoint Analysis scans.

[CSACLIENTS-6462]
EPA libraries are updated to 24.1.2.1 (OPSWAT OESIS library V 4.3.3405.0).

[CSACLIENTS-8520]
This release addresses some issues to improve the overall performance and stability.

24.1.5 EPA client for macOS (12 Feb 2024)

What’s new

EPA support for Mac devices with Apple silicon processor

Citrix EPA client now supports Mac devices that use the Apple silicon processor. Mac devices no longer require Rosetta to be installed to run the Citrix EPA client.

[CSACLIENTS-8731]
Support for EPA scan operators on Mac clients

Citrix EPA client for Mac now supports the operators (<, >, >=, and <= ) in the EPA expressions. Admins can configure EPA scans to allow a wide range of OS versions.

For example, to allow the OS versions from 12.4 to 13.0, except 12.8, admins can configure the expression version >= 12.4 && version <= 13.0 && version != 12.8. This means that the macOS version must be from 12.4 to 13.0 but cannot be 12.8.

For details, see Advanced Endpoint Analysis scans.

[CSACLIENTS-6462]

V23.12.2 (20 Dec 2023)

What’s new

This release addresses issues to improve the overall performance and stability.

V23.12.1 (06 Dec 2023)

What’s new

EPA libraries are updated to 23.11.1.5 (OPSWAT OESIS library V 4.3.3318.0).

[CSACLIENTS-8516]
This release addresses other issues to improve the overall performance and stability.

V23.11.2 (01 Nov 2023)

What’s new

EPA libraries are updated to 23.11.1.1 (OPSWAT OESIS library V 4.3.3279.0).

[CSACLIENTS-8515]

V23.11.1 (27 Oct 2023)

What’s new

Citrix SSO for iOS is now renamed to Citrix Secure Access. We are updating the UI screenshots in our documentation to reflect this name change.
EPA libraries are updated to 23.10.1.1 (OPSWAT OESIS library V 4.3.3246.0).
This release addresses the following:
- Connection issues with the Citrix Secure Private Access environment.
- Other issues to improve the overall performance and stability.

V23.10.2 (17 Oct 2023)

This release addresses the IPv6 login issues.

V23.10.1 (09 Oct 2023)

What’s new

EPA libraries are updated to 23.9.1.2 (OPSWAT OESIS library V4.3.3221.0).
Support for Local LAN access

Citrix Secure Access for macOS / Citrix SSO for iOS now support the Local LAN access functionality of NetScaler Gateway. You can configure local LAN access so that once a VPN connection is established, end users are either allowed to or blocked from accessing local LAN resources on their client devices. For more information, see the following:

V23.09.1 (07 Sep 2023)

Important:

If you are using the latest Apple OS versions such as macOS 14/iOS 17 and later, then we recommend that you upgrade to Citrix Secure Access client/Citrix SSO version 23.09.1 or later. For more information about the NetScaler Gateway client software requirements, see Citrix Secure Access client system requirements.

What’s new

EPA libraries are updated to 1.3.9.9 (OPSWAT OESIS v4.3.3160).

[CSACLIENTS-6547]
Secured connection insights on the UI

On the “Connections” screen of the Citrix Secure Access client UI, you can view the secured connection details. The details include the IP address, FQDN, destination port, and the duration of the connection. For more information, see Secured connection insights.

[SPA-2364]
Reauthenticate with NetScaler Gateway after a VPN connection failure

Citrix Secure Access client for macOS and Citrix SSO for iOS now prompt you to reauthenticate with NetScaler Gateway when a VPN connection is lost. You are notified on the UI indicating that the connection to NetScaler Gateway is lost and that you must reauthenticate to resume the connection. For more information, see:
- Reconnect to NetScaler Gateway from macOS after a VPN connection failure
- Reconnect to NetScaler Gateway from iOS after a VPN connection failure.
[CSACLIENTS-6071]

V23.08.1 (24 Aug 2023)

What’s new

This release addresses issues that help to improve overall performance and stability.
EPA libraries are updated to 1.3.9.9 (OPSWAT OESIS v4.3.3122).

23.7.6 EPA client for macOS (10 Aug 2023)

This release addresses issues that help to improve overall performance and stability.

V23.07.1 (17 Jul 2023)

What’s new

Various options to share log files

The “Email Logs” option in Citrix SSO for iOS is now replaced with the “Share Logs” option. The compressed log files can now be shared through options such as email, chat, save to files, and so on.

For more information, see Send logs.

[CSACLIENTS-3834]
Enhancements to Logs page

The Logs page of Citrix Secure Access for macOS is enhanced with the following options:
- Maximum number of log files: Specify the maximum number of log files that you want to add for log collection.
- Email logs: Send the logs over email.
For more information, see Send logs.

[SPA-2365]

Fixed issues

When connecting to VPN, if you are prompted to select a certificate for authentication, then the authentication login screen appears behind the Citrix Secure Access client’s home page.

[CSACLIENTS-455]

V23.06.1 (07 Jun 2023)

What’s new

Help menu on the navigation bar

A Help menu is now added to the navigation bar of the Citrix Secure Access client. The options (Open Logs, Export Logs, Email Logs, and Clear Logs) in the Help menu can be used for debugging logs.

An Email Logs option is introduced under the Help menu. It can be used to share the logs over email. For more information, see Send logs.

[SPA-2361]

Fixed issues

In some cases, the DNS short name resolution fails on Citrix Secure Access for macOS and Citrix SSO for iOS.

[NSHELP-34568]

Known issues

In some cases, the excluded routes in reverse split-tunneling are tunneled.

[CGOP-24575]

V23.05.2 (11 May 2023)

Fixed issues

After an upgrade, the Citrix SSO for iOS client devices cannot establish per-app VPN connections.

[NSHELP-35224]

V23.05.1 (04 May 2023)

What’s new

EPA libraries are updated to 1.3.9.3 and OPSWAT libraries are updated to 4.3.2987.
Support for sending events to Citrix Analytics

Citrix Secure Access for macOS now supports sending events such as session creation, session termination, and app connection to Citrix Analytics service. These events are then logged in the Secure Private Access service dashboard.

[SPA-2197]

Fixed issues

When the users are connected to Citrix Secure Access or Citrix SSO, the “Connection Duration” field fails to display the time in the region-specific format.

[CGOP-23587]

V23.04.1 (04 Apr 2023)

What’s new

EPA libraries are updated to 1.3.9.1 and OPSWAT libraries are updated to 4.3.2923.

V22.12.2 (27-Feb-2023)

What’s new

EPA libraries are updated to 1.3.8.9 (OPSWAT OESIS v4.3.2892.0).

V22.12.1 (07-Dec-2022)

This release addresses issues that help to improve overall performance and stability.

V22.11.1 (29-Nov-2022)

Fixed issues

Transfer logon does not work for non-nFactor authentication with on-premises gateways.

[CGOP-22729]

22.11.3 EPA plug-in for macOS (28-Nov-2022)

Fixed issues

Citrix EPA plug-in for macOS crashes when GSLB is enabled on NetScaler.

[CGOP-22722]

V22.10.1 (17-Nov-2022)

What’s new

The Citrix Endpoint Analysis plug-in now supports new MAC address validation expression where pattern sets can be created for the list of allowed IP addresses.

[CGOP-22095]

Fixed issues

Sometimes, empty proxy settings in NetScaler Gateway release 13.0 or 13.1 causes Citrix SSO to create improper proxy settings.

[NSHELP-31970]
Sometimes, VPN clients fail to reconnect after a network outage or after the device wakes up from sleep mode.

[NSHELP-32483]
Sometimes, gateway connections fail when using IPv6 literals as the destination.

[NSHELP-32876]

22.10.1 EPA plug-in for macOS (27-Oct-2022)

What’s new

The Citrix Endpoint Analysis plug-in now a supports new MAC address validation expression where pattern sets can be created for the list of allowed IP addresses.

[CGOP-22098]
The Citrix Endpoint Analysis plug-in sends duplicate consent alerts while handling private network access preflight requests from Google Chrome.

[CGOP-21751]

V22.06.1 (20-Sep-2022)

What’s new

EPA libraries are updated to 4.3.2523.0 (1.3.7.5)

Fixed issues

nFactor authentication with EPA scan does not work on the macOS clients.

[NSHELP-32182 - macOS]
On the Secure Access Agent home page for macOS, extra padding with white or black color appears on the left and top of the hamburger menu depending on the selected theme (light or dark).

[CGOP-19353 - macOS]
When logging into the VPN, the WebView window minimizes on the first try if the device certificate is configured.

[CGOP-19354 - macOS]
Endpoint analysis does not work for the Citrix Secure Access app on the macOS client when GSLB is enabled on the NetScaler appliance.

[CGOP-21634 - macOS]
If there is a space in the configured application name and you try to access the app, the Enhanced Security Enabled popup does not show up on the macOS clients.

[ACS-2632 - macOS]
nFactor authentication with an optional client certificate fails when there are no appropriate client certificates on the device.

[NSHELP-32127 - iOS]
On a Mac device using Chrome, the VPN extension crashes while accessing two FQDNs.

[NSHELP-32144]
Citrix Secure Access crashes when an incorrect location value is received from the gateway. This can happen if the administrator defines a responder policy to redirect to another host.

[NSHELP-32312]
Direct connections to the resources outside of the tunnel established by Citrix Secure Access might fail if there is a significant delay or congestion.

[NSHELP-31598]

V3.2.4.9 - EPA plug-in for macOS (01-Aug-2022)

Fixed issues

Citrix Endpoint Analysis plug-in does not handle private network access preflight requests from the Google Chrome browser version 104.

[CGOP-20709]
Citrix Endpoint Analysis plug-in for macOS does not support GSLB.

[CGOP-21543]

Known issues

Citrix Endpoint Analysis plug-in for macOS displays a duplicate consent dialog box when started from the Google Chrome browser version 104. The users have to accept both the prompts.

[CGOP-21751]

V22.03.1 (14-Jun-2022)

What’s new

EPA libraries are updated to 4.3.2393.0.

Fixed issues

An extra DNS domain is added to the search list. This is because, when the split tunnel is set to “Split” or “Both” only the specified domains and their subdomains are NOT tunneled. If the specified domain is A.B.C, then B.C is also matched in addition to A.B.C and *.A.B.C.

[CGOP-21657]
HTTP/HTTPS proxy settings that do not use a PAC file are broken.

[CGOP-21660]

V22.02.3 (24-Mar-2022)

What’s new

Citrix Secure Access for macOS resolves the FQDN of a service node on every TCP data connection from the client for the cloud workspace connections. Resolving the FQDN of a service node on every TCP data connection is not applicable for the on-premises gateway connections.

[ACS-1068]

Fixed issues

Sometimes, the Citrix Secure Access for macOS drops connections because of issues with some non-DNS protocols using port 53, such as STUN.

[NSHELP-31004]
The Citrix Secure Access app breaks some protocols when the server sends data before the client, immediately after the connection is established.

[NSHELP-29374]
If the user closes the authentication window of the Citrix Secure Access client for macOS without completing the authentication, then subsequent attempts to connect to the server fail until the app is restarted.

[ACS-2415]
The Citrix Secure Access client for macOS is now bundled with OPSWAT library version 4.3.2367.0

[NSHELP-30802]
Citrix Secure Access for macOS takes a longer time than expected to run the post-authentication EPA check.

[NSHELP-29118]

Known issues

Citrix Secure Access app for macOS logs out one minute after the already connected Citrix Secure Private Access service region becomes unreachable. However, this does not affect the on-premises gateway connections.

[ACS-2715]

V22.02.2 (15-Feb-2022)

Fixed issues

Multiple pop-ups are displayed when a user tries to access an unsubscribed Web app from Citrix Secure Access for macOS.

[ACS-2406]

V22.01.1 (08-Feb-2022)

Fixed issues

Per-App VPN connections with Citrix SSO for iOS devices fail to connect to NetScaler Gateway on ports other than 443.

[NSHELP-30653]

V1.4.1 (28-Jan-2022)

what’s new

The Citrix SSO app for macOS is now rebranded as Citrix Secure Access.

[ACS-1092]

Fixed issues

Client certificate authentication fails if the authentication server requests for the client certificate multiple times in the same web view session.

[CGOP-20388]
Citrix SSO fails to establish a VPN connection if the server certificate has only an IP address for common name because of a proxy in between the client and the ADC.

[CGOP-20390]
EPA scan for checking the antivirus last full system scan fails on macOS.

[NSHELP-29571]
Sometimes, the Citrix SSO app crashes while handling large DNS packets.

[NSHELP-29133]

V1.4.0 (17-Nov-2021)

Fixed issues

Sometimes, the server validation code fails when the server certificate is trusted. As a result, end users cannot access the gateway.

[NSHELP-28942]
Citrix SSO fails to re-establish the VPN connection after network disruption.

[CGOP-19988]

V1.3.13 (05-Nov-2021)

Fixed issues

You might experience failures when filtering sessions for managed versus unmanaged VPNs. The initial requests to establish the session are missing the “ManagedVpn” information in the User-Agent header.

[CGOP-19561]

V1.3.12 (21-Oct-2021)

Fixed issues

Client certificate authentication fails for Citrix SSO for macOS if there are no client certificates in the macOS Keychain.

[NSHELP-28551]
The Citrix SSO app crashes intermittently when receiving notifications.

[CGOP-19363]
The VPN extension might crash when the “isFeatureEnabled” parameter is called to check a feature flag.

[CGOP-19360]
The gateway VPN extension crashes if the DTLS protocol has an empty payload.

[CGOP-19361]
The SSO app crashes intermittently when the device wakes up from the sleep mode and the VPN is connected.

[CGOP-19362]

V1.3.11 (17-Sep-2021)

Fixed issues

EPA scan for firewall check fails for macOS devices using Citrix SSO.

[CGOP-19271]
Citrix SSO crashes in an iOS 12 device when legacy authentication or Intune Network Access Compliance (NAC) is configured.

[CGOP-19261]

V1.3.10 (31-Aug-2021)

What’s new

Citrix SSO for macOS is now bundled with OPSWAT library version 4.3.1977.0.

[NSHELP-28467]

V1.3.9 (13-Aug-2021)

Fixed issues

On some systems with HTTP proxy software installed, the NetScaler Gateway IP address shows up internally as 127.0.0.1 thus preventing tunnel establishment.

[CGOP-18538]
The setting “Block Untrusted Servers” does not work on systems that support non-English localization of Citrix SSO for iOS.

[CGOP-18539]
Citrix SSO cannot connect to systems where the DNS name does not match the common name in the server certificate. Citrix SSO now checks for the subject alternative names, and connects correctly.

[NSHELP-28348]

V1.3.8 (07-Jul-2021)

What’s new

Citrix SSO for macOS is compatible with versions 10.15 (Catalina) and higher only.

[CGOP-12555]
Starting from Citrix SSO for macOS version 1.3.8, the EPA libraries are embedded within the app and are not downloaded from the NetScaler Gateway server. The current embedded EPA library version is 1.3.5.1.

[NSHELP-26838]

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Release Notes

April 18, 2024

Contributed by:

H C

April 18, 2024

Contributed by:

H C

V24.04.1 (18 April 2024)
V24.03.1 (14 Mar 2024)
V24.02.1 (15 Feb 2024)
24.1.5 EPA client for macOS (12 Feb 2024)
V23.12.2 (20 Dec 2023)
V23.12.1 (06 Dec 2023)
V23.11.2 (01 Nov 2023)
V23.11.1 (27 Oct 2023)
V23.10.2 (17 Oct 2023)
V23.10.1 (09 Oct 2023)
V23.09.1 (07 Sep 2023)
V23.08.1 (24 Aug 2023)
23.7.6 EPA client for macOS (10 Aug 2023)
V23.07.1 (17 Jul 2023)
V23.06.1 (07 Jun 2023)
V23.05.2 (11 May 2023)
V23.05.1 (04 May 2023)
V23.04.1 (04 Apr 2023)
V22.12.2 (27-Feb-2023)
V22.12.1 (07-Dec-2022)
V22.11.1 (29-Nov-2022)
22.11.3 EPA plug-in for macOS (28-Nov-2022)
V22.10.1 (17-Nov-2022)
22.10.1 EPA plug-in for macOS (27-Oct-2022)
V22.06.1 (20-Sep-2022)
V3.2.4.9 - EPA plug-in for macOS (01-Aug-2022)
V22.03.1 (14-Jun-2022)
V22.02.3 (24-Mar-2022)
V22.02.2 (15-Feb-2022)
V22.01.1 (08-Feb-2022)
V1.4.1 (28-Jan-2022)
V1.4.0 (17-Nov-2021)
V1.3.13 (05-Nov-2021)
V1.3.12 (21-Oct-2021)
V1.3.11 (17-Sep-2021)
V1.3.10 (31-Aug-2021)
V1.3.9 (13-Aug-2021)
V1.3.8 (07-Jul-2021)

Was this helpful