Gateway

Configure NetScaler Gateway to support HDX Insight

June 24, 2025

Contributed by:

HDX Insight provides end-to-end visibility for HDX traffic to virtual apps and desktops passing through NetScaler. It also enables administrators to view real-time client and network latency metrics, historical reports, end-to-end performance data, and troubleshoot performance issues.

To configure NetScaler Gateway to support HDX Insight using GUI

On the Configuration tab navigate to System> AppFlow>Collectors, and click Add.
On the Create AppFlow Collector page, populate the following fields, and click Create.
- Name: Name for the collector
- IP address: IPv4 address of the collector
- Port: Port on which the collector listens
- Net Profile: Net profile to associate with the collector. The IP address defined in the profile is used as the source IP address for AppFlow traffic for this collector. If you do not set this parameter, the NetScaler IP (NSIP) address is used as the source IP address.
- Transport: Transport type of collector.
Navigate to System > AppFlow > Actions, click Add.
On the Create AppFlow Action page, populate the following fields, and click Create.
- AppFlow Action Name: Name for the action
- Comment: Any comment about the action
- Collector: Select the names of collectors to be associated with the AppFlow action.
- Transaction Log: Transactions type to be logged.
Navigate to System> AppFlow>Policies, click Add.
On the Create AppFlow Policy page, populate the following fields, and click Create.
- Name: Name for the policy.
- Action: Name of the action to be associated with the policy.
- UNDEF: Name of the AppFlow action to be associated with this policy when an undefined event occurs.
- Expression: Expression or other value against which the traffic is evaluated. Must be a Boolean expression.
- Comments: Any comments about this policy.
Navigate to NetScaler Gateway>Virtual Servers, select the virtual server and click Edit.
Scroll down the VPN Virtual Server page and under the Policies section, click +.
On the Choose Type screen, in the Choose Policy drop-down menu, select AppFlow. In the Choose Type drop-down menu, choose Request or ICA Request and click Continue.
Click the highlighted arrow under Select Policy.
Select the AppFlow policy and click Select.
Finally click Bind.

To configure NetScaler Gateway to support HDX Insight using CLI

At the command prompt, type:

add appflow collector col3 -IPAddress<ip_mas>
add appflow action act1 <action_name>
add appflow policy <policy_name> true <action_name>
bind vpn Vserver <vserver_name>  -pol <policy_name> - priority101 END -type <ICA_Request>
<!--NeedCopy-->

Disable HDX Insight for non-NetScaler AppFlow (NSAP) HDX session

In a NetScaler appliance, you can now disable HDX Insight for the non-NSAP HDX sessions.

At the command prompt, type:

set ica parameter HDXInsightNonNSAP (YES | NO )
<!--NeedCopy-->

By default, HDX Insight for non-NSAP sessions is enabled.

HDX Insight support with Secure HDX

Secure HDX is an Application Level Encryption (ALE) solution that prevents any network elements in the traffic path from inspecting the HDX traffic. Starting from release 14.1 build 47.46, HDX Insight is available when Secure HDX is enabled. For more information on Secure HDX, see Secure HDX (Preview).

Administrators can monitor HDX Insight through Director, Monitor, and NetScaler Console service. For more information on performance metrics with Secure HDX enabled, see Diagnose Session Performance issues in Director and Diagnose Session Performance issues in Monitor. HDX Insight on the NetScaler Console service functions without any changes. For more information, see HDX Insight.

System requirements

HDX Insight with Secure HDX is currently supported only on the following platforms:

Citrix Workspace app for Windows - version 2503 and later.
VDA for Windows - version 2503 and later.
Director - version 2503 and later.

For more information on the system requirements to access HDX Insight when Secure HDX is enabled, see System requirements.

Benefit

Network latency for HDX Insight can be monitored in Director when Secure HDX is enabled.

Key enhancement

Data security: Secure connection between NetScaler Gateway and VDA over TLS when Secure HDX is enabled.

Limitations

HDX Insight with Secure HDX is not supported for the following scenarios:

EDT connections
HDX Multi-stream ICA (MSI) connections
IPv6 protocol
Transparent mode and LAN proxy mode topologies
SOCKS protocol

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

NetScaler Secure Deployment Guide

Configure NetScaler Gateway to support HDX Insight

June 24, 2025

Contributed by:

June 24, 2025

Contributed by:

Configure NetScaler Gateway to support HDX Insight

To configure NetScaler Gateway to support HDX Insight using GUI

To configure NetScaler Gateway to support HDX Insight using CLI

Disable HDX Insight for non-NetScaler AppFlow (NSAP) HDX session

HDX Insight support with Secure HDX

System requirements

Benefit

Key enhancement

Limitations

In this article