What a great way to start the year!   With bells ringing as AppFirewall enhancements (released in the 10.5-53.9010.e software release) functionally improve flexibility and performance.

Let’s start with AppFirewall performance improvements

The development team released 10.5-53.9010.e at the end of December, 2014.  Some of the performance numbers for AppFirewall basic throughput are higher than before.  In some cases such as MPX 8005, MPX 8015 and MPX 11530 are now about ~2x better than the numbers reported in the previous release.  While MPX 11515, 11520, 11540, 22120 AppFirewall numbers are  around ~3x better than numbers reported in the previous release.

Exact numbers will be published in the updated AppFirewall datasheet soon.  Feel free to contact your sales rep for latest numbers if this is urgent.

Other NetScaler AppFirewall enhancements

Improvements include the ability to do trace HTML Requests with AppFirewall security violation logs.  This can provide the option to isolate traffic for a specific AppFirewall profile and collect nstrace and trigger logs, block action or have a malformed request.  Details of this new enhancement can be found here, CTX200351.

One enhancement that a customer specifically requested was for the ability to secure applications that follow the Google Web Toolkit (GWT) remote procedure calls (RPC) mechanism.

  • This enhancement gives the customer security with NetScaler AppFirewall without having to figure out the specific config.
  • The AppFirewall understands and interprets GWT RPC requests, inspects the payload for security check violations, and takes specified actions.  Details on this enhancement can be found here, CTX200350

Another enhancement is the ability to configure location based detection and protection with NetScaler AppFirewall.

  • From specific geographic areas, one can use location based policies and a built-in location database to customize firewall protection against requests.
  • This can also be used to identify the locations from which malicious requests originate. Details of this capability can be found here, CTX200332.

I will also be covering some of these and more new features at Citrix Summit 2015 (week of Jan 12 2015) if you will be attending.  Many more to look forward to in 2015!