Known issues

V13.4 (February 16, 2022)

  • Enhanced security controls are not enforced for applications opened in a Secure Browser (remote browser) when the apps are launched from a native browser.

    Workaround: Add additional related domains with wildcard domains which satisfy the app URL. For example, if the app FQDN is finapp.acme.com, adding *.acme.com to the related domains enforces the settings as expected.

  • HTTP / Web App URL configured with IP address is not supported.

  • During ZTNA login, Webview intermittently takes a longer time to load.

V11.4 (July 30, 2021)

  • The disabled setting of an entry in the application routing table is not enforced during the application launch.

    [NGSWS-18296]

  • The error page title is not globalized to display the text in the local language.

    [NGSWS-19119]

  • If the NameID configured in the SAML SSO settings of an application is not available in the user’s token, then the string “Anonymous” is used in the SAML assertion. As a result, the SAML SSO in SP initiated flow fails.

    [NGSWS-16761]

V10.5 (June 09, 2021)

  • If the NameID configured in the SAML SSO settings of an application is not available in the user’s token, then the string “Anonymous” is used in the SAML assertion. As a result, the SAML SSO in SP initiated flow fails.

    [NGSWS-16761]

V3.5 (August 19, 2019)

  • Launching an Enterprise Web app for an NTLM authentication enabled resource from Citrix Workspace fails if both of the following conditions are met:
    • Customer’s data center has a proxy server and that proxy server is configured on the Gateway Connector
    • Web App is configured with no SSO (Don’t use SSO)

    Workaround:

    • Publish the Web app as a Basic SSO app or
    • Do not have a proxy server configured on Gateway Connector

    [NGSWS-8266]

  • If there are SSL intercepting devices in the on-premises data center where the Citrix Gateway Connector must be deployed, the connector registration does not succeed if SSL interception is enabled for the following FQDNs.

    • *.nssvc.net
    • *.netscalermgmt.net
    • *.citrixworkspacesapi.net
    • *.citrixnetworkapi.net
    • *.citrix.com
    • *.servicebus.windows.net
    • *.adm.cloud.com

    The SSL interception must be disabled for these FQDNs for successful connector registration.

    [NGSWS-8923]

  • Download logs option is available in Gateway Connector from version 401.251. If you are on an earlier version of the connector and you upgrade the connector to version 401.251, you cannot download the logs even though the Download Logs link is available.

    [NGSWS-8438]

Known issues