Configure the NetScaler Gateway appliance by using wizards
NetScaler Gateway has the following six wizards that you can use to configure settings on the appliance:
- The first-time setup wizard appears when you log on to the NetScaler Gateway appliance for the first time.
- The quick configuration wizard helps you configure the correct policies, expressions, and settings for connections to Citrix Endpoint Management and StoreFront.
- The NetScaler Gateway wizard helps you configure NetScaler Gateway-specific settings.
- The setup wizard helps you configure basic NetScaler Gateway settings for the first time.
- Citrix Endpoint Management Integrated Configuration helps you configure your NetScaler Gateway and Citrix Endpoint Management environment.
- The Published Applications wizard helps you configure settings for user connections by using the Citrix Workspace app.
First-time setup wizard
When you finish installing and configuring the initial settings on the NetScaler Gateway appliance, when you log on to the configuration utility for the first time, the First-time Setup wizard appears if the following conditions are not met:
- You did not install a license on the appliance.
- You did not configure a subnet or mapped IP address.
- If the default IP address of the appliances is
Configure NetScaler Gateway with the first-time setup wizard
To configure the NetScaler Gateway (the physical appliance or the VPX virtual appliance) for the first time, you need an administrative computer configured on the same network as the appliance.
Assign a NetScaler Gateway IP (NSIP) address as the management IP address of your appliance and a subnet IP (SNIP) address to which your servers can connect. You assign a subnet mask that applies to both NetScaler Gateway and SNIP addresses. Also configure a time zone. If you assign a host name, you can access the appliance by specifying its name instead of the NSIP address.
There are two sections in the First-time Setup Wizard. In the first section, you configure the basic system settings for the NetScaler Gateway appliance including:
NSIP address, SNIP address, and subnet mask Appliance host name DNS servers Time zone Administrator password In the second section, you install licenses. If you specify the address of a DNS server, you can use the hardware serial number (HSN) or license key to allocate your licenses, instead of uploading your licenses from a local computer to the appliance.
Note: Citrix recommends saving your licenses to your local computer.
When you finish configuring these settings, NetScaler Gateway prompts you to restart the appliance. When you log on to the appliance again, you can use other wizards and the configuration utility to configure other settings.
Quick Configuration wizard
The Quick Configuration wizard allows you to configure multiple virtual servers on NetScaler Gateway. You can add, edit, and remove virtual servers.
The Quick Configuration wizard allows for seamless configuration for the following deployments:
- StoreFront connections to Citrix Virtual Apps and Desktops, with the ability to configure multiple instances of the Secure Ticket Authority (STA)
- Citrix Endpoint Management only
- StoreFront only
- Citrix Endpoint Management and StoreFront together
The Quick Configuration wizard allows you to configure the following settings on the appliance:
- Virtual server name, IP address, and port
- Redirection from an unsecure to a secure port
- LDAP server
- RADIUS server
- Certificates
- DNS server
Citrix Endpoint Management and Citrix Virtual Apps and Desktops
Note: To enable SSO, you have to manually enable the Single Sign-on to web applications option in the Create NetScaler Gateway Session Profile > Client Experience tab for the session action.
NetScaler Gateway supports user connections directly to Citrix Endpoint Management, which gives users access to their web, SaaS, and mobile apps, along with access to ShareFile. You can also configure settings to StoreFront, which gives users access to their Windows-based applications and virtual desktops.
When you run the Quick Configuration wizard, the following policies are created based on your Citrix Endpoint Management and StoreFront settings:
- Session policies, including policies and profiles for Receiver, Receiver for Web, Citrix Secure Access client, and Program Neighborhood Agent
- Clientless access
- LDAP and RADIUS authentication
Configure settings with the quick configuration wizard
You can configure settings in NetScaler Gateway to enable communication with Citrix Endpoint Management or StoreFront by using the Quick Configuration wizard. When you complete the configuration, the wizard creates the correct policies for communication between NetScaler Gateway, Endpoint Management, and StoreFront. These policies include authentication, session, and clientless access policies. When the wizard completes, the policies are bound to the virtual server.
When you complete the Quick Configuration wizard, NetScaler Gateway can communicate with Endpoint Management or StoreFront, and users can access their Windows-based applications and virtual desktops and web, SaaS, and mobile apps. Users can then connect directly to Endpoint Management.
During the wizard, you configure the following settings:
- Virtual server name, IP address, and port
- Redirection from an unsecure to a secure port
- Certificates
- LDAP server
- RADIUS server
- Client certificate for authentication (only for two-factor authentication)
- Endpoint Management or StoreFront
The Quick Configuration wizard supports LDAP, RADIUS, and client certificate authentication. You can configure two-factor authentication in the wizard by following these guidelines:
- If you select LDAP as your primary authentication type, you can configure RADIUS as the secondary authentication type.
- If you select RADIUS as your primary authentication type, you can configure LDAP as the secondary authentication type.
- If you select client certificates as your primary authentication type, you can configure LDAP or RADIUS as the secondary authentication type.
You cannot create multiple LDAP authentication policies by using the Quick Configuration wizard. For example, you want to configure one policy that uses sAMAccountName in the Server Logon Name Attribute field and a second LDAP policy that uses the User Principal Name (UPN) in the Server Logon Name Attribute field. To configure these separate policies, use the NetScaler Gateway configuration utility to create the authentication policies. For more information, see Configuring LDAP Authentication.
You can configure certificates for NetScaler Gateway in the Quick Configuration wizard by using the following methods:
- Select a certificate that is installed on the appliance.
- Install a certificate and private key.
- Select a test certificate. Note: If you use a test certificate, you must add the fully qualified domain name (FQDN) that is in the certificate.
You can open the Quick Configuration wizard in one of the following two ways:
- When you are on the NetScaler Gateway logon page and select NetScaler Gateway in Deployment Type, the Home tab appears. If you select any other option in Deployment Type, the Home tab does not appear.
- From the link Create/Monitor NetScaler Gateway in the NetScaler Gateway details pane. The link appears if you install a license that enables NetScaler features. If you license the appliance for NetScaler Gateway only, the link does not appear.
After you initially run the wizard, you can run the wizard again to create more virtual servers and settings.
Important: If you use the Quick Configuration wizard to configure an extra NetScaler Gateway virtual server, you must use a unique IP address. You cannot use the same IP address that is used on an existing virtual server. For example, you have a virtual server with the IP address with a port number of 80. You run the Quick Configuration wizard to create a second virtual server with the IP address with port number 443. When you try to save the configuration, an error occurs.
To configure settings with the Quick Configuration wizard
- In the configuration utility, do one of the following:
- If the appliance is licensed for NetScaler Gateway only, click the Home tab.
- If the appliance is licensed to include NetScaler features, on the Configuration tab, in the navigation pane, click NetScaler Gateway and then in the details pane, under Getting Started, click Configure NetScaler Gateway for Enterprise Store.
- In the dashboard, click Create New NetScaler Gateway.
- In NetScaler Gateway Settings, configure the following:
- In Name, type a name for the virtual server.
- In IP address, type the IP address for the virtual server.
- In Port, type the port number. The default port number is 443.
- Select Redirect requests from port 80 to a secure port to allow user connections from port 80 to go to port 443.
- Click Continue.
- On the Certificate page, do one of the following:
- Click Choose Certificate and then in Certificate, select the certificate.
- Click Install Certificate, and then in Choose Certificate and in Choose Key, click Browse to navigate to the certificate and private key.
- Click Use Test Certificate and then in Certificate FQDN enter the fully qualified domain name (FQDN) contained in the test certificate.
- Click Continue.
- In Authentication Settings, do the following:
- In Primary Authentication, select LDAP, RADIUS, or Cert.
- Select an authentication server or configure the settings for the authentication type you selected in the previous step. If you select Cert, either select the client certificate or install a new client certificate.
- In Secondary Authentication, select the authentication type and then configure the authentication server settings.
- Click Continue.
When you finish configuring the network and authentication settings, you can then configure Citrix Endpoint Management or Citrix Virtual Apps and Desktops (StoreFront) settings.
Configure enterprise store settings
NetScaler Gateway supports user access to web, SaaS, and mobile apps and ShareFile only through Endpoint Management. If you also deploy StoreFront, users have access to Windows-based apps and virtual desktops. You can configure settings for the following options:
- Endpoint Management only
- StoreFront only
- Endpoint Management and StoreFront together
When you click Continue from the preceding procedure, you can then configure the settings for your deployment scenario. The following procedures start on the Citrix Integration Settings page.
After you create the virtual server, editing the virtual server in the Quick Configuration wizard does not allow you to change Citrix Endpoint Management or Citrix Virtual Apps and Desktops settings.
For example, if you cancel the configuration of a virtual server at any stage before configuring the Citrix Enterprise Store settings, the wizard automatically selects StoreFront without configuring any settings. When this situation occurs, you can edit the virtual server details for configuring StoreFront, but you cannot switch to Citrix Endpoint Management. To switch, you must create a new virtual server and must not cancel the wizard at any time during the configuration. If you do not need StoreFront virtual server, you can delete it by using the Quick Configuration wizard.
To configure settings for StoreFront only
- Click Citrix Virtual Apps and Desktops.
- In Deployment Type, select StoreFront.
- In StoreFront FQDN, enter the fully qualified domain name (FQDN) of the StoreFront server.
- In Receiver for Web Path, leave the default path or enter your own path.
- Select HTTPS for secure user connections.
- In Single Sign-on Domain, enter the domain for StoreFront.
- In STA URL, enter the complete IP address or FQDN of the server running the Secure Ticket Authority (STA) if you deploy StoreFront and provide access to published applications from Citrix Virtual Apps or virtual desktops from Citrix Virtual Desktops.
- Click Done.
When users connect through NetScaler Gateway to StoreFront, users can start their apps and desktops from either Receiver for Web or Receiver.
To configure settings for Endpoint Management only
- Click Citrix Endpoint Management.
- In App Controller FQDN, enter the FQDN for Endpoint Management.
- Click Done.
NetScaler Gateway wizard
You use the NetScaler Gateway wizard to configure the following settings on the appliance:
- Virtual servers
- Certificates
- Name service providers
- Authentication
- Authorization
- Port redirection
- Clientless access
- Clientless access for SharePoint
Configure Settings by using the NetScaler Gateway wizard
After you run the Setup Wizard, you can run the NetScaler Gateway wizard to configure other settings on NetScaler Gateway. You run the NetScaler Gateway wizard from the configuration utility.
NetScaler Gateway comes with a test certificate. If you do not have a signed certificate from a Certificate Authority (CA), you can use the test certificate when using the NetScaler Gateway wizard. When you receive the signed certificate, you can remove the test certificate and install the signed certificate. Citrix recommends obtaining the signed certificate before making NetScaler Gateway publicly available for users.
Note: You can create a Certificate Signing Request (CSR) from within the NetScaler Gateway wizard. If you use the NetScaler Gateway wizard to create the CSR, you must exit from the wizard and then start the wizard again when you receive the signed certificate from the Certificate Authority. For more information about certificates, see Installing and Managing Certificates.
You can configure user connections for Internet Protocol version 6 (IPv6) in the NetScaler Gateway wizard when you configure a virtual server. For more information about using IPv6 for user connections, see Configuring IPv6 for User Connections.
To start the NetScaler Gateway wizard
- In the configuration utility, click the Configuration tab and then in the navigation pane, click NetScaler Gateway.
- In the details pane, under Getting Started, click NetScaler Gateway wizard.
- Click Next and then follow the directions in the wizard.
Setup Wizard
You use the Setup Wizard to configure the following initial settings on the appliance:
- System IP address and subnet mask
- Mapped IP address and subnet mask
- Host name
- Default gateway
- Licenses
Note: Before running the Setup Wizard, download your licenses from the Citrix website. For more information, see Licensing NetScaler Gateway
Published Applications wizard
You use the Published Applications wizard to configure NetScaler Gateway to connect to servers running Citrix Virtual Apps and Desktops in the internal network. With the Published Applications wizard, you can:
- Select a virtual server for connections to the server farm.
- Configure the settings for user connections for StoreFront, single sign-on, and the Secure Ticket Authority.
- Create or select session policies for SmartAccess.
Within the wizard, you can also create session policy expressions for user connections. For more information about configuring NetScaler Gateway to connect to a server farm, see Integrate NetScaler Gateway with StoreFront.
Integrated Citrix Endpoint Management configuration
You can deploy NetScaler Gateway with Citrix Endpoint Management MDM that provides the ability to scale, ensure high availability for apps, and maintain security. To use the Citrix Endpoint Management configuration, you need to install Version 10.1, Build 120.1316.e.
The Integrated Citrix Endpoint Management Configuration creates the following:
- Load balancing servers for Device Manager.
- Load balancing servers for Microsoft Exchange with email filtering.
- Load balancing servers for ShareFile.
For more information about creating settings with the Integrated Citrix Endpoint Management Configuration, see Configuring Settings for Your Citrix Endpoint Management Environment