Brad Ordner Posted January 5, 2020 Share Posted January 5, 2020 Hi, Wanted to clarify if this part of Mitigation Steps for CVE-2019-19781 is for the HTTPs management traffic? We have Private IPs assigned to our NSIPs and did not deploy this code as they are not public facing IPs - shell nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0 shell "echo 'nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0' >> /nsconfig/rc.netscaler" The ‘skip_systemaccess_policyeval’ Flag This flag ensures that the responder policies are evaluated on the admin portal traffic. If the admin portal IP is in a secured environment, this knob is not needed. Enabling this might cause some obstruction to some admin pages. In such a case, the customer can toggle the flag during their maintenance window and set it back to the value ‘1’. We tried to deploy it in our Azure VPXs and the entire thing lost its licence. So don't really want to deploy on our On Prem devices. Thanks Brad Link to comment Share on other sites More sharing options...
Mark Du Plessis Posted January 8, 2020 Share Posted January 8, 2020 I've discovered on firmware 12.1.54.x (might be on other version as well) that this "fix" breaks some GUI functions. If you only use the Responder policy and do not apply the file skip_systemaccess_policyeval=0 part of the fix the GUI is not affected. If the full fix is applied, try the following: Go to any CAG ( Gateway vServer) that has STAs applied to them and try view the STAs. You should receive an error popup and then no STA servers shown. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now