Gateway

How Clientless Access Policies Work

January 8, 2024

Contributed by:

C S C

You configure clientless access to web applications by creating policies. You can configure the settings for a clientless access policy in the configuration utility. A clientless access policy is composed of a rule and a profile. You can use the preconfigured clientless access policies that come with Citrix Gateway. You can also create your own custom clientless access policies.

Citrix Gateway provides preconfigured policies for the following:

Outlook Web Access and Outlook Web App
SharePoint 2007
All other Web applications

Note:

OWA 2016 and SharePoint 2016 are supported only using advanced clientless access.

Keep in mind the following characteristics of the preconfigured clientless access policies:

They are configured automatically and cannot be changed.
Each policy is bound at the global level.
Each policy is not enforced unless you enable clientless access either globally or by creating a session policy.
You cannot remove or modify global bindings, even if you do not enable clientless access.

Support for other web applications depends on the rewrite policies you configure on Citrix Gateway. Citrix recommends testing any custom policies that you create to ensure that all components of the application rewrite successfully.

If you allow connections from Receiver for Android, Receiver for iOS, or Citrix Secure Hub, you must enable clientless access. For Citrix Secure Hub that runs on an iOS device, you must also enable Secure Browse within the session profile. Secure Browse and clientless access work together to allow connections from iOS devices. You do not have to enable Secure Browse if users do not connect with iOS devices.

The Quick Configuration wizard configures the correct clientless access policies and settings for mobile devices. Citrix recommends running the Quick Configuration wizard to configure the correct policies for connections to StoreFront and Citrix Endpoint Management.

You can bind custom clientless access policies either globally or to a virtual server. If you want to bind clientless access policies to a virtual server, you need to create a custom policy and then bind it. To enforce different policies for clientless access either globally or for a virtual server, change the priority number of the custom policy so it has a lower number than the preconfigured policies, thus giving the custom policy higher priority. If no other clientless access policies are bound to the virtual server, the preconfigured global policies take precedence.

Note: You cannot change the priority numbers of the preconfigured clientless access policies.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

How Clientless Access Policies Work

January 8, 2024

Contributed by:

C S C

January 8, 2024

Contributed by:

C S C

How Clientless Access Policies Work

In this article