Product Documentation

Deprecated Features and Functionalities

Dec 20, 2017

Some of the NetScaler functionalities are deprecated in 12.0 and in its subsequent releases. Citrix recommends that you do not use these features through the NetScaler command interface, NetScaler GUI, or Nitro automation. However, to ease the transition to new alternatives, the deprecated features are usable for a limited time and will be removed in future releases. Citrix recommends you to use the below alternatives for the following set of deprecated functionalities.

Deprecated Features and Its Alternatives in NetScaler 12.0

The following table is a list of deprecated features and its alternative:

Deprecated Functionality Alternative Functionality Alternative command/configuration/operation

SPDY

HTTP/2

Command:

set httpProfile <profilename> -http2 ENABLED

Ref page: https://docs.citrix.com/en-us/netscaler/12/system/http-configurations/configuring-http2.html 

SureConnect (SC)

AppQoE

Configuration:

# set session life [Global]

set appqoe parameter -sessionLife 300

# bind point is LB vserver only, doesn't work on service level like SC

# AppQoE use case example (traffic classification and loading screen)

Ref page: https://docs.citrix.com/en-us/netscaler/12/appexpert/appqoe.html 

For more information, see AppQoE Use Cases topic. 

Priority Queuing (PQ)

AppQoE

 

Configuration:

# enable vserver level queueing

set appqoe parameter -avgwaitingclient 10

# setting PQ like actions, qDepth and polqDepth are present as well to configure

add appqoe action PRI_MEDIUM -priority MEDIUM

add appqoe action PRI_HIGH -priority HIGH -priqDepth 1000

add appqoe action PRI_LOW -priority LOW -polqDepth 1000

# four levels of priorities are present : HIGH, LOW, LOWEST, MEDIUM

# bind point LB vserver only

add appqoe policy text_medium -rule "HTTP.REQ.URL.PATH.CONTAINS(\".html\")" -action PRI_MEDIUM

add appqoe policy image_medium -rule "HTTP.REQ.URL.PATH.CONTAINS(\".jpg\")" -action PRI_MEDIUM

bind lb vserver v2 -policyName text_medium -priority 1

bind lb vserver v2 -policyName image_medium -priority 2

Ref page: https://docs.citrix.com/en-us/netscaler/12/appexpert/appqoe.html

 

HTTP Denial of Service Protection (HDoSP)

AppQOE

 

Configuration:

enable AppQOE feature

set appqoe parameter -dosAttackThresh 100

set appqoe parameter -avgwaitingclient 100

set appqoe parameter -MaxAltRespBandWidth 100

add appqoe action DOS_SIMPLE -dosAction simpleResponse

add appqoe policy POL_DOS_SIMPLE -rule "ANALYTICS.STREAM(\"Top_URL\").IS_TOP_FREQUENTS(10)" -action DOS_SIMPLE

bind lb vserver v1 -policyName POL_DOS_SIMPLE -priority 3

Ref page: https://docs.citrix.com/en-us/netscaler/12/appexpert/appqoe.html

HTMLInjection

AppFlow with Client Side Measurements

 

Configuration Steps:

  1. enable feature AppFlow
  2. add appflow action with clientside measurements enabled
    1. add appflow action Appflow_act1 -collectors collector_1 -clientSideMeasurements ENABLED
  3. add appflow policy with this action and bind to vserver/AppFlow global.

Ref page:

https://docs.citrix.com/en-us/netscaler/12/ns-ag-appflow-intro-wrapper-con.html

Filter

  1. RESET/DROP on request side,
  2. ERRORCODE;
  3. RESET/DROP on response side,
  4. ADD/CORRUPT
  5. FORWARD

 

Filter actions:

  1. Use Responder RESET/DROP
  2. Use Responder RESPONDWITH or REDIRECT
  3. Use Rewrite RESET/DROP
  4. Use Rewrite INSERT_HTTP_HEADER/CORRUPT_HTTP_HEADER
  5. Use CS policy and action that select appropriate LB Vserver that can select that service.

Note: Everything is done using Advanced policies.

Ref pages:

Responder: https://docs.citrix.com/en-us/netscaler/12/appexpert/responder.html

Rewrite: https://docs.citrix.com/en-us/netscaler/12/appexpert/rewrite.html

Q and S prefixes in Advanced expressions

HTTP.REQ and HTTP.RES

 

Pattern function in Rewrite action

-search Rewrite action parameter

 

AAA preauthentication policy

Nfactor authentication (advanced EPA policy)

 

Add authentication epaaction EPA_ACT

add authentication policy epa1 -rule true -action EPA_ACT

Ref page: https://docs.citrix.com/en-us/netscaler/12/aaa-tm/multi-factor-nfactor-authentication/nfactor-authentication-configuring.html

Deprecated Classic Policy Expressions and Its Alternatives

The following table is a list of features using Classic policy expressions that are deprecated and its alternative Advanced expression. As a general note, Classic Policy Engine (CPE) is deprecated and its alternative, Advanced policy infrastructure is used. For more information, see Configuring Advanced Policy Infrastructure topic. 

Deprecated Policy and Expression Alternative Policy and Expression Ref Page

Application Firewall Classic policy

Application Firewall Advanced policy

Compression Classic policy

Compression Advanced policy

Classic cache redirection policy

Advanced redirection policies

Content Switching Classic policy

Content Switching Advanced policy

SSL Classic policy

Content Switching Advanced policy

Audit SYSLOG Policy

Advanced Audit SYSLOG Policy

Audit NSLOG policy

Advanced Audit NSLOG Policy

Authentication local policy

Advanced Authentication policy (“add authentication Policy”)

RADIUS Authentication policy

Advanced Authentication policy (“add authentication Policy”)

LDAP Authentication policy

Advanced Authentication policy (“add authentication Policy”)

Authentication Certification (cert) policy

Advanced Authentication policy (“add authentication Policy”)

TACACS Authentication policy

Advanced Authentication policy (“add authentication Policy”)

Authentication negotiate policy

Advanced Authentication policy (“add authentication Policy”)

SAML Authentication policy

Advanced Authentication policy (“add authentication Policy”)

Delegation Forms Authentication (DFA) policy

Advanced Authentication policy (“add authentication Policy”)

Web authentication policy

Advanced Authentication policy (“add authentication Policy”)

Authorization policy

Advanced Authorization policy

Traffic Management session policy

Advanced Traffic Management Session Policy

Tunnel traffic policy

Advanced Tunnel Traffic Policy

VPN traffic policy

Advanced VPN Traffic Policy

VPN Session policy

Advanced VPN Session Policy

Trace Classic expression

Trace Advanced expression

SYS.EVAL_CLASSIC_EXPR Classic expression

Converting expression to advanced (replacing SYS.EVAL_CLASSIC_EXPR)

Using NSPEPI Conversion Tool

You can use the nspepi tool to convert commands, expressions, and configurations. For more information, see Converting Expressions by Using NSPEPI Tool topic.

Here is a list of conversion from Classic expressions to Advanced expressions.

  • ns_true -> true
  • ns_false -> false
  • REQ.HTTP -> HTTP.REQ
  • RES.HTTP -> HTTP.RES
  • HEADER "foo" -> HEADER("foo")
  • CONTAINS "bar" -> .CONTAINS("bar")   [Note use of “.”.]
  • REQ.IP -> CLIENT.IP
  • RES.IP -> SERVER.IP
  • SOURCEIP -> SRC
  • DESTIP -> DST
  • REQ.TCP -> CLIENT.TCP
  • RES.TCP -> SERVER.TCP
  • SOURCEPORT -> SRCPORT
  • DESTPORT -> DSTPORT
  • STATUSCODE -> STATUS
  • REQ.SSL.CLIENT.CERT -> CLIENT.SSL.CLIENT_CERT

AppQoE Use Cases

When using AppQoE as an alternative for SureConnect feature, you can refer to the following use case configurations.

Use Case 1: To limit simultaneous download of huge files and display loading screen

add appqoe action NS_RESP -respondWith NS -maxConn 50

add appqoe policy POL_DWN_PKG -rule "HTTP.REQ.URL.CONTAINS(\"tar.gz\")" -action NS_RESP

bind lb vserver v1 -policyName POL_DWN_PKG -priority 8

Use Case 2: To limit simultaneous download of huge files and display loading screen with alternate content

add appqoe action ACS_RESP -respondWith ACS -altContentsvcName s2 -altContentPath /netscaler/alt.html -maxConn 50

add appqoe policy POL_DWN_ACS -rule "HTTP.REQ.URL.CONTAINS(\"tar.gz\")" -action ACS_RESP

bind lb vserver v1 -policyName POL_DWN_ACS -priority 9

Use Case 3: Custom loading screen

import appqoCe customResp [http://<location>]|[local:<file>] simple_custom_resp

add appqoe action CUST_RESP -respondWith NS simple_custom_resp -maxConn 50

add appqoe policy POL_CRESP -rule "HTTP.REQ.URL.CONTAINS(\"tar.gz\")" -action CUST_RESP

bind lb vserver v1 -policyName POL_CRESP -priority 10