Gateway

Install and configuring NetScaler Gateway in a double-hop DMZ

You need to complete several steps to deploy NetScaler Gateway in a double-hop DMZ. The steps include installation of appliances in both DMZs and configuring the appliances for user device connections.

Install NetScaler Gateway in the first DMZ

To install NetScaler Gateway in the first DMZ, follow the instructions in Install the hardware.

If you are installing multiple NetScaler Gateway appliances in the first DMZ, you can deploy the appliances behind a load balancer.

Configure NetScaler Gateway in the first DMZ

In a double-hop DMZ deployment, it is mandatory that you configure each NetScaler Gateway in the first DMZ to redirect connections to either StoreFront or the Web Interface in the second DMZ.

Redirection to StoreFront or the Web Interface is performed at the NetScaler Gateway Global or virtual server level. To connect to the Web Interface through NetScaler Gateway, a user must be associated with a NetScaler Gateway user group for which redirection to the Web Interface is enabled.

Install NetScaler Gateway in the second DMZ

The NetScaler Gateway appliance in the second DMZ is called the NetScaler Gateway proxy because it proxies ICA and Secure Ticket Authority (STA) traffic across the second DMZ. Install the hardware to install each NetScaler Gateway appliance in the second DMZ.

You can use this installation procedure to install other appliances in the second DMZ.

After you install NetScaler Gateway appliances in the second DMZ, you configure the following settings:

  • Configure a virtual server on the NetScaler Gateway proxy.
  • Configure NetScaler Gateway appliances in the first and second DMZ to communicate with each other.
  • Bind the NetScaler Gateway in the second DMZ globally or to a virtual server.
  • Configure the STA on the appliance in the first DMZ.
  • Open ports in the firewalls separating the DMZ.
  • Install certificates on the appliances.
Install and configuring NetScaler Gateway in a double-hop DMZ