This article gives you advanced notice of Secure Private Access service features that are being phased out, so that you can make timely business decisions. Citrix monitors customer use and feedback to determine when features are withdrawn. Announcements can change in subsequent releases and might not include every deprecated feature or functionality. For details about product lifecycle support, see Product Lifecycle Support Policy.
The following table lists the Secure Private Access service features that are deprecated or planned for deprecation.
|Deprecation announced in
|Clientless VPN access method for Web app access
|October 17, 2023
|Use Citrix Enterprise Browser or Direct Access as per your use case. For more details, see About deprecation of clientless VPN access for Web app access.
|Category-based web filtering
|December 31, 2022
|The allow, deny, or RBI redirection functionality per website in Secure Private Access will be retained to provide selective access to non-work related websites from Citrix Enterprise Browser.
|Restrict navigation security control
|15 June 2022
|Citrix Gateway Connector
|30 September 2022
|Connector Appliance. To migrate your Gateway Connector to Connector Appliance, see Migrate Gateway Connector to Connector Appliance.
About deprecation of clientless VPN access for Web app access
What is Clientless VPN (clientless VPN) access method?
Citrix Secure Private Access uses the CVPN-based access method when an internal web app, configured without any enhanced security restrictions, is accessed via Workspace for Web (Citrix Workspace app for HTML5).
Clientless VPN access method is only used when an internal app is accessed via Workspace for Web (Citrix Workspace app for HTML5). Only apps without enhanced security restrictions configured are blocked.
Why are we deprecating this feature?
Clientless VPN method uses client-side URL rewrites which has certain industry-wide technology limitations. In several cases, it can cause app access failures when certain links within the web apps are rewritten. This leads to a poor end-user experience. To provide the best app access experience to our customers, we are deprecating this feature and recommend moving to one of the alternatives mentioned below.
How will it impact the end users accessing Secure Private Access configured applications?
If any web app configured without enhanced security restrictions is accessed via Workspace for Web, then access to that application will be blocked. It will not impact end-user accessing applications via Workspace Application, Direct Access, Remote Browser Isolation service (RBI), or Secure Access Agent.
What are the alternatives and what should the admins do?
Citrix Enterprise Browser: Use the Citrix Workspace app to access these applications via the Citrix Enterprise Browser. This method provides the best end-user experience with enhanced security settings (like restricting downloads, print restrictions, watermarking, restricting clipboard access) and browser management. Secure Private Access for Citrix Workspace. Direct Access: If you want a clientless method to access web applications, use the Direct Access method by which apps can be accessed directly from any native browser like Chrome. This method can be used for use cases where the Citrix Workspace app cannot be installed on the end device or for unmanaged devices. For more details, see Direct access to Enterprise web apps.
Does it impact any existing applications that are accessed via Citrix Workspace app or Secure Access Agent?
No, we are only blocking access to web applications that are accessed via Workspace for Web. This deprecation will not impact any app accessed via Citrix Workspace app or Secure Access clients that are installed on end-devices. If a web application, which is configured with enhanced security restrictions, is accessed via Workspace for Web or the HTML5 variant of Citrix Workspace app, then access to those applications will be blocked.
Have more questions?
Reach out to Citrix Support.