About Citrix Gateway

• Citrix Gateway Architecture

• How User Connections Work

Common Deployments

• Deploying in the DMZ

• Deploying in the Secure Network

Client Software Requirements

• Citrix Gateway plug-in System Requirements

• Endpoint Analysis Requirements

Licensing

• Citrix Gateway License Types

• Obtaining Your Platform or Universal License Files

• To install a license on Citrix Gateway

• Verifying Installation of the Universal License

• Licensing FAQs

Before Getting Started

• Planning for Security

• Prerequisites

• Pre-Installation Checklist

Installing the System

• Configuring Citrix Gateway

• Using the Configuration Utility

• Policies and Profiles on Citrix Gateway

  • How Policies Work

  • Creating Policies on Citrix Gateway

  • Configuring System Expressions

• Viewing Citrix Gateway Configuration Settings

  • Saving the Citrix Gateway Configuration

  • Clearing the Citrix Gateway Configuration

• Configuring the Citrix Gateway by Using Wizards

  • Configuring Citrix Gateway with the First-time Setup Wizard

  • Configuring Settings with the Quick Configuration Wizard

  • Configuring Settings by Using the Citrix Gateway Wizard

• Configuring the Host Name and FQDN on Citrix Gateway

• Installing and Managing Certificates

  • Creating a Certificate Signing Request

  • Installing the Signed Certificate on Citrix Gateway

  • Configuring Intermediate Certificates

  • Using Device Certificates for Authentication

  • Importing and Installing an Existing Certificate

  • Convert a Certificate from PFX Format to PEM Format

  • Certificate Revocation Lists

• Testing Your Citrix Gateway Configuration

• Creating Virtual Servers

  • To create additional virtual servers

  • Configuring Connection Types on the Virtual Server

  • Configuring a Listen Policy for Wildcard Virtual Servers

• Configuring IP Addresses on Citrix Gateway

  • Changing or Deleting Mapped IP Addresses

  • Configuring Subnet IP Addresses

  • Configuring IPv6 for User Connections

• Resolving DNS Servers Located in the Secure Network

• Configuring DNS Virtual Servers

• Configuring Name Service Providers

• Configuring Server-Initiated Connections

• Configuring Routing on Citrix Gateway

• Configuring Auto Negotiation

Authentication and Authorization

• Configuring Default Global Authentication Types

• Configuring Authentication Without Authorization

• Configuring Authorization

  • Configuring Authorization Policies

  • Setting Default Global Authorization

• Disabling Authentication

• Configuring Authentication for Specific Times

• How Authentication Policies Work

  • Configuring Authentication Profiles

  • Binding Authentication Policies

  • Setting Priorities for Authentication Policies

• Configuring Local Users

• Configuring Groups

  • Adding Users to Groups

  • Configuring Policies with Groups

• Configuring LDAP Authentication

  • To configure LDAP authentication by using the configuration utility

  • Determining Attributes in Your LDAP Directory

  • Configuring LDAP Group Extraction

  • Configuring LDAP Group Extraction for Multiple Domains

• Configuring Client Certificate Authentication

  • Configuring and Binding a Client Certificate Authentication Policy

  • Configuring Two-Factor Client Certificate Authentication

  • Configuring Smart Card Authentication

• Configuring RADIUS Authentication

  • To configure RADIUS authentication

  • Choosing RADIUS Authentication Protocols

  • Configuring IP Address Extraction

  • Configuring RADIUS Group Extraction

  • Configuring RADIUS user accounting

• Configuring SAML Authentication

  • Configure SAML authentication

  • Using SAML authentication to log in to Citrix Gateway

  • Auth Improvements for SAML Authentication

• Configuring TACACS+ Authentication

  • Clear Config Basic Should Not Clear TACACS Config

• Configuring Multifactor Authentication

  • Configuring Cascading Authentication

  • Configuring Two-Factor Authentication

• Configuring Single Sign-On

  • Configuring Single Sign-On with Windows

  • Configuring Single Sign-On to Web Applications

  • Configuring Single Sign-On to a Domain

• Configuring One-Time Password Use

  • Configuring RSA SecurID Authentication

  • Configuring Password Return with RADIUS

  • Configuring SafeWord Authentication

  • Configuring Gemalto Protiva Authentication

• nFactor for Citrix Gateway Authentication

• Citrix Gateway Visualizer

• Configure Citrix Gateway to use RADIUS and LDAP Authentication with Mobile Devices

• Restrict access to Citrix Gateway for members of one Active Directory group

Configuring the VPN User Experience

• How User Connections Work with the Citrix Gateway plug-in

  • Establishing the Secure Tunnel

  • Operation Through Firewalls and Proxies

  • Citrix Gateway plug-in Upgrade Control

• How to Configure Full VPN Setup on a Citrix Gateway Appliance

• Choosing the User Access Method

• Deploying Citrix Gateway plug-ins for User Access

• Selecting the Citrix Gateway plug-in for Users

  • Installing the Citrix Gateway plug-in for Windows

  • Deploying the Citrix Gateway plug-in from Active Directory

  • Connecting with the Citrix Gateway plug-in for Java

• Integrating the Citrix Gateway plug-in with Citrix Receiver

  • How User Connections Work with Citrix Receiver

  • Decoupling the Citrix Receiver Icon

  • Configuring IPv6 for ICA Connections

  • IConfiguring the Receiver Home Page on Citrix Gateway

  • Applying the Receiver Theme to the Logon Page

  • Creating a Custom Theme for the Logon Page

• Customizing the User Portal

  • Prompt users to upgrade older or unsupported browsers by creating a custom page

• Configuring Clientless Access

  • Enabling Clientless Access

  • How Clientless Access Policies Work

  • Configuring Domain Access for Users

  • Configuring Clientless Access for SharePoint 2003, SharePoint 2007, and SharePoint 2013

  • Enabling Clientless Access Persistent Cookies

  • Saving User Settings for Clientless Access Through Web Interface

• Citrix SSO VPN client for mobile devices

• Configuring the Client Choices Page

  • Showing the Client Choices Page at Logon

  • Configuring Client Choices Options

• Configuring Access Scenario Fallback

  • Creating Policies for Access Scenario Fallback

• Configuring Connections for the Citrix Gateway plug-in

  • Configuring the Number of User Sessions

  • Configuring Time-Out Settings

  • Connecting to Internal Network Resources

  • Configuring Split Tunneling

  • Configuring Client Interception

  • Configuring Name Service Resolution

  • Enabling Proxy Support for User Connections

  • Configuring Address Pools

  • Supporting VoIP Phones

  • Configuring Application Access for the Citrix Gateway plug-in for Java

  • Configuring the Access Interface

  • Create and apply web links

• How a Traffic Policy Works

  • Creating a Traffic Policy

  • Removing Traffic Policies

• Configuring Session Policies

  • Creating a Session Profile

  • Binding Session Policies

  • Configuring Citrix Gateway Session Policies for StoreFront

• Configuring Endpoint Polices

  • How Endpoint Policies Work

  • Evaluating User Logon Options

  • Setting the Priority of Preauthentication Policies

  • Configuring Preauthentication Policies and Profiles

  • Configuring Post-Authentication Policies

  • Configuring Security Preauthentication Expressions for User Devices

  • Configuring Compound Client Security Expressions

• Advanced Endpoint Analysis Scans

  • Configuring Advanced Endpoint Analysis Scans

  • Advanced Endpoint Analysis Policy Expression Reference

  • Troubleshooting Advanced Endpoint Analysis scans

• Managing User Sessions

• AlwaysON

• AlwaysOn VPN before Windows logon (Formally AlwaysOn service)

Configuring Citrix Gateway

• Citrix Gateway FAQ

Deploying in a Double-Hop DMZ

• Deploying Citrix Gateway in a Double-Hop DMZ

• How a Double-Hop Deployment Works

• Communication Flow in a Double-Hop DMZ Deployment

• Preparing for a Double-Hop DMZ Deployment

• Installing and Configuring Citrix Gateway in a Double-Hop DMZ

  • Configuring Settings on the Virtual Servers on the Citrix Gateway Proxy

  • Configuring the Appliance to Communicate with the Appliance Proxy

  • Configuring Citrix Gateway to Handle the STA and ICA Traffic

  • Opening the Appropriate Ports on the Firewalls

  • Managing SSL Certificates in a Double-Hop DMZ Deployment

Using High Availability

• How High Availability Works

• Configuring Settings for High Availability

  • Creating or Changing an RPC Node Password

  • Configuring the Primary and Secondary Appliances for High Availability

• Configuring Communication Intervals

• Synchronizing Citrix Gateway Appliances

• Synchronizing Configuration Files in a High Availability Setup

• Configuring Command Propagation

  • Troubleshooting Command Propagation

• Configuring Fail-Safe Mode

• Configuring the Virtual MAC Address

  • Configuring IPv4 Virtual MAC Addresses

  • Configuring IPv6 virtual MAC addresses

• Configuring High Availability Pairs in Different Subnets

  • Adding a Remote Node

• Configuring Route Monitors

  • Adding or Removing Route Monitors

• Configuring Link Redundancy

• Understanding the Causes of Failover

• Forcing Failover from a Node

  • Forcing Failover on the Primary or Secondary Node

  • Forcing the Primary Node to Stay Primary

  • Forcing the Secondary Node to Stay Secondary

Using Clustering

• Configuring Clustering

Maintaining and Monitoring the System

• Configuring Delegated Administrators

  • Configuring Command Policies for Delegated Administrators

  • Configuring Custom Command Policies for Delegated Administrators

• Configuring Auditing on Citrix Gateway

  • Configuring Logs on Citrix Gateway

  • Configuring ACL Logging

• Enabling Citrix Gateway plug-in Logging

• To monitor ICA connections

Accessing Citrix Virtual Apps and Desktops Resources with the Web Interface

• Integrating Citrix Gateway with Citrix Virtual Apps and Desktops

• Establishing a Secure Connection to the Server Farm

• Deploying with the Web Interface

  • Deploying the Web Interface in the Secure Network

  • Deploying the Web Interface Parallel to Citrix Gateway in the DMZ

  • Deploying the Web Interface Behind Citrix Gateway in the DMZ

• Setting Up a Web Interface Site to Work

  • Web Interface Features

  • Setting Up a Web Interface Site

  • Creating a Web Interface 5.4 Site

  • Creating a Web Interface 5.3 Site

  • Adding Citrix Virtual Apps and Desktops to a Single Site

  • Routing User Connections Through Citrix Gateway

• Configuring Communication with the Web Interface

  • Configuring Policies for Published Applications and Desktops

  • Configuring Settings with the Published Applications wizard

  • Configuring the Secure Ticket Authority on Citrix Gateway

• Configuring Additional Web Interface Settings on Citrix Gateway

  • Configuring Web Interface Failover

  • Configuring Smart Card Access with the Web Interface

• Configuring Access to Applications and Virtual Desktops in the Web Interface

• Configuring SmartAccess

  • How SmartAccess Works for Citrix Virtual Apps and Desktops

  • Configuring Citrix Virtual Apps Policies and Filters

  • Configuring User Device Mapping on Citrix Virtual Apps

  • Enabling Citrix Virtual Apps as a Quarantine Access Method

  • Configuring Citrix Virtual Desktops for SmartAccess

• Configuring SmartControl

• Configuring Single Sign-On to the Web Interface

  • To configure single sign-on to Web applications globally

  • To configure single sign-on to Web applications by using a session policy

  • To define the HTTP port for single sign-on to web applications

  • Additional Configuration Guidelines

  • To test the single sign-on connection to the Web Interface

  • Configuring Single Sign-On to the Web Interface by Using a Smart Card

  • To configure single sign-on for Citrix Virtual Apps and file shares

• Allowing File Type Association

  • Creating a Web Interface Site

  • Configuring Citrix Gateway for File Type Association

Configuring Settings for Your Citrix Endpoint Management Environment

• Configuring Load Balancing Servers for Citrix Endpoint Management

• Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering

• Configuring Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering

• Allowing Access from Mobile Devices with Citrix Mobile Productivity Apps

• Configuring Domain and Security Token Authentication for Citrix Endpoint Management

• Configuring Client Certificate or Client Certificate and Domain Authentication

RfWebUI Persona on Citrix Gateway UX Configuration

• RfWebUI configuration parameters

Citrix Gateway portal customizations

• Citrix Gateway portal customization using custom plug-ins

• Create and customize login schema

• Portal customizations from the Admin UI

RDP Proxy

• Stateless RDP Proxy

• RDP connection redirection

• Populate RDP URLs based on LDAP attribute

• Randomize RDP file name with RDP proxy

Citrix Gateway Enabled PCoIP Proxy Support for VMware Horizon View

• Configuring Citrix Gateway Enabled PCoIP proxy for VMWare Horizon View

• Configuring VMware Horizon View Connection Server

HDX Enlightened Data Transport Support

• When to Use Enlightened Data Transport Support

• Configuring Citrix Gateway to Support Enlightened Data Transport and HDX Insight

• L7 Latency Thresholding

Microsoft Intune Integration

• When to Use the Integrated Intune MDM Solution

• Understanding the Citrix Gateway-Intune MDM Integration

• Configuring Network Access Control device check for Citrix Gateway virtual server for single factor authentication deployment

• Configuring a Citrix Gateway application on the Azure portal

• Understanding Azure ADAL Token Authentication

• Configuring Citrix Gateway Virtual Server for Microsoft ADAL Token Authentication

Outbound ICA Proxy support

• Configuring Outbound ICA Proxy