-
Selecting the Citrix Gateway plug-in for Users
-
Configuring Access Scenario Fallback
-
Creating Policies for Access Scenario Fallback
-
-
AlwaysOn VPN before Windows logon (Formally AlwaysOn service)
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Creating Policies for Access Scenario Fallback
To configure Citrix Gateway for access scenario fallback, you need to create policies and groups in the following ways:
- Create a quarantine group in which users are placed if the endpoint analysis scan fails.
- Create a global Web Interface or StoreFront setting that is used if the endpoint analysis scan fails.
- Create a session policy that overrides the global setting and then bind the session policy to a group.
- Create a global client security policy that is applied if the endpoint analysis fails.
When configuring access scenario fallback, use the following guidelines:
- Using client choices or access scenario fallback requires the Endpoint Analysis plug-in for all users. If endpoint analysis cannot run or if users select Skip Scan during the scan, users are denied access. Note: The option to skip the scan is removed in Citrix Gateway 10.1, Build 120.1316.e
- When you enable client choices, if the user device fails the endpoint analysis scan, users are placed into the quarantine group. Users can continue to log on with either the Citrix Gateway plug-in or the Citrix Receiver to the Web Interface or StoreFront. Note: Citrix recommends that you do not create a quarantine group if you enable client choices. User devices that fail the endpoint analysis scan and are quarantined are treated in the same way as user devices that pass the endpoint scan.
- If the endpoint analysis scan fails and the user is put in the quarantine group, the policies that are bound to the quarantine group are effective only if there are no policies bound directly to the user that have an equal or lower priority number than the policies bound to the quarantine group.
- You can use different web addresses for the Access Interface and, the Web Interface or StoreFront. When you configure the home pages, the Access Interface home page takes precedence for the Citrix Gateway plug-in and the Web Interface home page takes precedence for Web Interface users. The Receiver home page takes precedence for StoreFront.
To create a quarantine group
- In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > User Administration, and then click AAA Groups.
- In the details pane, click Add.
- In Group Name, type a name for the group, click Create and then click Close. Important: The name of the quarantine group must not match the name of any domain group to which users might belong. If the quarantine group matches an Active Directory group name, users are quarantined even if the user device passes the endpoint analysis security scan.
After creating the group, configure Citrix Gateway to fall back to the Web Interface if the user device fails the endpoint analysis scan.
To configure settings to quarantine user connections
- In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway and then click Global Settings.
- In the details pane, under Settings, click Change global settings.
- In the Global Citrix Gateway Settings dialog box, on the Published Applications tab, next to ICA Proxy, select OFF.
- Next to Web Interface Address, type the web address for StoreFront or the Web Interface.
- Next to Single Sign-On Domain, type the name of your Active Directory domain and then click OK.
After configuring the global settings, create a session policy that overrides the global ICA proxy setting and then bind the session policy to the quarantine group.
To create a session policy for Access Scenario Fallback
- In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Policies and then click Session.
- In the details pane, click Add.
- In Name, type a name for the policy.
- Next to Request Profile, click New.
- On the Published Applications tab, next to ICA Proxy, click Override Global, select On and then click Create.
- In the Create Session Policy dialog box, next to Named Expressions, select General, select True value, click Add Expression, click Create and then click Close.
After creating the session policy, bind the policy to a quarantine group.
To bind the session policy to the quarantine group
- In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > User Administration, and then click AAA Groups.
- In the details pane, select a group and then click Open.
- Click Session.
- On the Policies tab, select Session, and then click Insert Policy.
- Under Policy Name, select the policy and then click OK.
After creating the session policy and profile enabling the Web Interface or StoreFront on Citrix Gateway, create a global client security policy.
To create a global client security policy
- In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway and then click Global Settings.
- In the details pane, under Settings, click Change global settings.
- On the Security tab, click Advanced Settings.
- In Client Security, enter the expression. For more information about configuring system expressions, see Configuring System Expressions and Configuring Compound Client Security Expressions
- In Quarantine Group, select the group you configured in the group procedure and then click OK twice.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.