Netscaler 11.1, SecureWeb external HTTPS traffic not working


#1

I’ve come across an issue after upgrading netscaler to 11.1.51.21 & 11.1.53.11 that external SSL traffic that is sent via HTTP proxy is failing with the following error message.

Cannot Open Page
The request timed out.

Scenario:
Netscaler is running 11.1.51.21, 11.1.52.13 or 11.1.53.11 firmware
SecureWeb version 10.4 (or above)
SecureWeb is configured to tunnel traffic to internal network with SecureBrowse method
Netscaler gateway has a traffic policy configured that sends external traffic to a HTTP proxy
HTTP proxy has authentication enabled

Behaviour:
External HTTP sites can be accessed with no issues using SecureWeb
Accessing HTTPS sites fails immediately with the following error message being displayed:

Cannot Open Page
The request timed out.

Explanation:
Looking into the network trace on the netscaler we can see that the netscaler immediately resets the connection to proxy after successfully establishing a tunnel via the CONNECT method.

Resolution:
This issue is caused by a bug in the netscaler firwamre and is resolved by upgrading to netscaler 12.0.41.16