Configuring System Expressions

A system expression specifies the conditions under which the policy is enforced. For example, expressions in a preauthentication policy are enforced while a user is logging on. Expressions in a session policy are evaluated and enforced after the user is authenticated and logged on to Citrix Gateway.

Expressions on Citrix Gateway include:

  • General expressions that limit the objects users can use when establishing a connection to Citrix Gateway. For example, see:
  • Client security expressions that define the software, files, processes, or registry values that must be installed and running on the user device. For example, see:
  • Network-based expressions that restrict access based on network settings. For example, see:

Citrix Gateway can also be used as a Citrix ADC appliance. Some expressions on the appliance are more applicable to Citrix ADC. General and network-based expressions are used commonly with Citrix ADC and are not generally used with Citrix Gateway. Client security expressions are used on Citrix Gateway to determine that the correct items are installed on the user device.

Configuring Client Security Expressions

Expressions are a component of a policy. An expression represents a single condition that is evaluated against a request or a response. You can create a simple expression security string to check for conditions, such as:

  • User device operating system including service packs
  • Antivirus software version and virus definitions
  • Files
  • Processes
  • Registry values
  • User certificates
Configuring System Expressions