-
Before Getting Started
-
Install and configure the Citrix Gateway appliance
-
Deploy Citrix Gateway in a double-hop DMZ
-
Maintain and monitor Citrix Gateway systems
-
VPN configuration on a Citrix Gateway appliance
-
Integrate the Citrix Gateway plug-in with Citrix Workspace app
-
Configure DTLS VPN virtual server using SSL VPN virtual server
-
Integrate Citrix Gateway with Citrix products
-
Integrate Citrix Gateway with Citrix Virtual Apps and Desktops
-
Configure settings for your Citrix Endpoint Management Environment
-
Configure load balancing servers for Citrix Endpoint Management
-
Configure load balancing servers for Microsoft Exchange with Email Security Filtering
-
Configure Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering
-
Allow Access from mobile devices with Citrix Mobile Productivity Apps
-
Configure domain and security token authentication for Citrix Endpoint Management
-
Configure client certificate or client certificate and domain authentication
-
-
Citrix Gateway Enabled PCoIP Proxy Support for VMware Horizon View
-
Proxy Auto Configuration for Outbound Proxy support for Citrix Gateway
-
Access Citrix Virtual Apps and Desktops resources with the Web Interface
-
Configuring Additional Web Interface Settings on Citrix Gateway
-
Configuring Access to Applications and Virtual Desktops in the Web Interface
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Before Getting Started
Before you install Citrix Gateway, you must evaluate your infrastructure and collect information to plan an access strategy that meets the specific needs of your organization. When you define your access strategy, you need to consider the security implications and complete a risk analysis. You also need to determine the networks to which users are allowed to connect and decide on policies that enable user connections.
In addition to planning for the resources available for users, you also need to plan your deployment scenario. Citrix Gateway is compatible the following Citrix products:
- Citrix Endpoint Management
- Citrix Virtual Apps
- Citrix Virtual Desktops
- StoreFront
- Web Interface
- Citrix SD-WAN
For more information about deploying Citrix Gateway, see Common Deployments and Integrating With Citrix Products
As you prepare your access strategy, take the following preliminary steps:
- Identify resources. List the network resources for which you want to provide access, such as Web, SaaS, mobile or published applications, virtual desktops, services, and data that you defined in your risk analysis.
- Develop access scenarios. Create access scenarios that describe how users access network resources. An access scenario is defined by the virtual server used to access the network, endpoint analysis scan results, authentication type, or a combination thereof. You can also define how users log on to the network.
- Identify client software. You can provide full VPN access with the Citrix Gateway plug-in, requiring users to log on with Citrix Workspace app, Secure Hub, or by using clientless access. You can also restrict email access to Outlook Web App or WorxMail. These access scenarios also determine the actions users can perform when they gain access. For example, you can specify whether users can modify documents by using a published application or by connecting to a file share.
- Associate policies with users, groups, or virtual servers. The policies you create on Citrix Gateway enforce when the individual or set of users meets specified conditions. You determine the conditions based on the access scenarios that you create. You then create policies that extend the security of your network by controlling the resources users can access and the actions users can perform on those resources. You associate the policies with appropriate users, groups, virtual servers, or globally.
This section includes the following topics to help you plan your access strategy:
- Planning for Security includes information about authentication and certificates.
- Prerequisites that define network hardware and software you might need.
- The Pre-Installation Checklist that you can use to write down your settings before you configure Citrix Gateway.
Prerequisites for installing Citrix Gateway
Before you configure settings on Citrix Gateway, review the following prerequisites:
- Citrix Gateway is physically installed in your network and has access to the network. Citrix Gateway is deployed in the DMZ or internal network behind a firewall. You can also configure Citrix Gateway in a double-hop DMZ and configure connections to a server farm. Citrix recommends deploying the appliance in the DMZ.
- You configure Citrix Gateway with a default gateway or with static routes to the internal network so users can access resources in the network. Citrix Gateway is configured to use static routes by default.
- The external servers used for authentication and authorization are configured and running. For more information, see Authentication and Authorization.
- The network has a domain name server (DNS) or Windows Internet Naming Service (WINS) server for name resolution to provide correct Citrix Gateway user functionality.
- You downloaded the Universal licenses for user connections with the Citrix Gateway plug-in from the Citrix website and the licenses are ready to be installed on Citrix Gateway.
- Citrix Gateway has a certificate that is signed by a trusted Certificate Authority (CA). For more information, see Installing and Managing Certificates.
Before you install Citrix Gateway, use the Pre-Installation Checklist to write down your settings.
Planning for security
When planning your Citrix Gateway deployment, you must understand the basic security issues associated with certificates, and with authentication and authorization.
Configure secure certificate management
By default, Citrix Gateway includes a self-signed Secure Sockets Layer (SSL) server certificate that enables the appliance to complete SSL handshakes. Self-signed certificates are adequate for testing or for sample deployments, but Citrix does not recommend using them for production environments. Before you deploy Citrix Gateway in a production environment, Citrix recommends that you request and receive a signed SSL server certificate from a known Certificate Authority (CA) and upload it to Citrix Gateway.
If you deploy Citrix Gateway in any environment where Citrix Gateway must operate as the client in an SSL handshake (initiate encrypted connections with another server), you must also install a trusted root certificate on Citrix Gateway. For example, if you deploy Citrix Gateway with Citrix Virtual Apps and the Web Interface, you can encrypt connections from Citrix Gateway to the Web Interface with SSL. In this configuration, you must install a trusted root certificate on Citrix Gateway.
Authentication support
You can configure Citrix Gateway to authenticate users and to control the level of access (or authorization) that users have to the network resources on the internal network.
Before deploying Citrix Gateway, your network environment must have the directories and authentication servers in place to support one of the following authentication types:
- LDAP
- RADIUS
- TACACS+
- Client certificate with auditing and smart card support
- RSA with RADIUS configuration
- SAML authentication
If your environment does not support any of these authentication types, or you have a small population of remote users, you can create a list of local users on Citrix Gateway. You can then configure Citrix Gateway to authenticate users against this local list. With this configuration, you do not need to maintain user accounts in a separate, external directory.
Secure your Citrix Gateway deployment
Different deployments might require different security considerations. The Citrix ADC secure deployment guidelines provide general security guidance to help you decide on an appropriate secure deployment based on your specific security requirements.
For details, see Citrix ADC secure deployment guidelines.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.