Gateway

Current Release 13.1 13.0 12.1

NetScaler Gateway release notes
About NetScaler Gateway
Common NetScaler Gateway deployments
Client software requirements
NetScaler Gateway compatibility with Citrix products
NetScaler Gateway licensing
- Install a license on NetScaler Gateway
- NetScaler Gateway licensing FAQs
Before Getting Started
Pre-installation checklist
Install and configure the NetScaler Gateway appliance
- Configure the NetScaler Gateway appliance by using wizards
- Configure NetScaler Gateway settings
- Configure the host name and FQDN on NetScaler Gateway
- Policies and profiles on NetScaler Gateway
- System expressions on NetScaler Gateway
- Certificates management on NetScaler Gateway
- Manage NetScaler Gateway configuration settings
- Certificates management on NetScaler Gateway
- Test your NetScaler Gateway configuration
Upgrade the NetScaler Gateway software
Deploy NetScaler Gateway in a double-hop DMZ
- Communication flow in a double-hop DMZ deployment
- Install and configuring NetScaler Gateway in a double-hop DMZ
Maintain and monitor NetScaler Gateway systems
- Configuring Delegated Administrators
  - Configuring Command Policies for Delegated Administrators
  - Configuring Custom Command Policies for Delegated Administrators
- Configuring Auditing on NetScaler Gateway
  - Configuring Logs on NetScaler Gateway
  - Configuring ACL Logging
- Enabling Citrix Secure Access client Logging
- To monitor ICA connections
Authentication and Authorization
- Configuring Default Global Authentication Types
- Configuring Authentication Without Authorization
- Configuring Authorization
  - Configuring Authorization Policies
  - Setting Default Global Authorization
- Disabling Authentication
- Configuring Authentication for Specific Times
- How Authentication Policies Work
  - Configuring Authentication Profiles
  - Binding Authentication Policies
  - Setting Priorities for Authentication Policies
- Configuring Local Users
- Configuring Groups
  - Adding Users to Groups
  - Configuring Policies with Groups
- Configuring LDAP Authentication
  - To configure LDAP authentication by using the configuration utility
  - Determining Attributes in Your LDAP Directory
  - Configuring LDAP Group Extraction
  - Configuring LDAP Group Extraction for Multiple Domains
  - 14-day password expiry notification for LDAP authentication
- Configuring Client Certificate Authentication
  - Configuring and Binding a Client Certificate Authentication Policy
  - Configuring two-factor Client Certificate Authentication
  - Configuring Smart Card Authentication
- Configuring RADIUS Authentication
  - To configure RADIUS authentication
  - Choosing RADIUS Authentication Protocols
  - Configuring IP Address Extraction
  - Configuring RADIUS Group Extraction
  - Configuring RADIUS user accounting
- Configuring SAML Authentication
  - Configure SAML authentication
  - Using SAML authentication to log in to NetScaler Gateway
  - Improvements in SAML Authentication
- Configuring TACACS+ Authentication
  - Clear Config Basic Must Not Clear TACACS Config
- Configuring Multifactor Authentication
  - Configuring Cascading Authentication
  - Configuring Two-Factor Authentication
- Configuring single sign-on
  - Configuring single sign-on with Windows
  - Configuring single sign-on to Web Applications
  - Configuring single sign-on to a Domain
  - Configuring single sign-on for Microsoft Exchange 2010
- Configuring One-Time Password Use
  - Configuring RSA SecurID Authentication
  - Configuring Password Return with RADIUS
  - Configuring SafeWord Authentication
  - Configuring Gemalto Protiva Authentication
- nFactor for NetScaler Gateway Authentication
- NetScaler Gateway Visualizer
- Configure NetScaler Gateway to use RADIUS and LDAP Authentication with Mobile Devices
- Restrict access to NetScaler Gateway for members of one Active Directory group
High Availability deployment
- How High Availability Works
- Configuring Settings for High Availability
  - Creating or Changing an RPC Node Password
  - Configuring the Primary and Secondary Appliances for High Availability
- Configuring Communication Intervals
- Synchronizing NetScaler Gateway Appliances
- Synchronizing Configuration Files in a High Availability Setup
- Configuring Command Propagation
  - Troubleshooting Command Propagation
- Configuring Fail-Safe Mode
- Configuring the Virtual MAC Address
  - Configuring IPv4 Virtual MAC Addresses
  - Configuring IPv6 virtual MAC addresses
- Configuring High Availability Pairs in Different Subnets
  - Adding a Remote Node
- Configuring Route Monitors
  - Adding or Removing Route Monitors
- Configuring Link Redundancy
- Understanding the Causes of Failover
- Forcing Failover from a Node
NetScaler Gateway deployment in cluster configurations
- Configuring Clustering
Unified Gateway
- NetScaler Gateway FAQ
VPN configuration on a NetScaler Gateway appliance
- How users connect with the Citrix Secure Access client
- Full VPN setup on a NetScaler Gateway appliance
- Select the user access method
- Deploy Citrix Secure Access clients for user access
- Select the Citrix Secure Access client for users
  - Deploy the Citrix Secure Access client from Active Directory
  - Manage Citrix Secure Access client by using Active Directory
- Integrate the Citrix Secure Access client with Citrix Workspace app
  - How users connect with Citrix Workspace app
  - Decouple the Citrix Workspace app icon
  - Configure IPv6 for ICA connections
  - Configure the Citrix Workspace app home page on NetScaler Gateway
  - Apply the Citrix Workspace app theme to the NetScaler Gateway logon page
  - Create a custom theme for the NetScaler Gateway logon page
- NetScaler Gateway VPN client registry keys
- Enforce the HttpOnly flag on authentication cookies
- Customize the user portal for VPN users
  - Prompt users to upgrade older or unsupported browsers by creating a custom page
- Clientless VPN access with NetScaler Gateway
  - Advanced clientless VPN access with NetScaler Gateway
  - Configure domain access for users
  - Clientless VPN access for SharePoint 2003, SharePoint 2007, and SharePoint 2013
  - Enable clientless access persistent cookies
- Citrix SSO VPN client for mobile devices
- Configure the Client Choices page
- Configure access scenario fallback
- Configure connections for the Citrix Secure Access client
  - Configure the number of user sessions
  - Configure time-out settings
  - Connect to internal network resources
  - Configure split tunneling
  - Configure client interception
  - Configure name service resolution
  - Enable proxy support for user connections
  - Configure address pools
  - Support for VoIP phones
  - Configure Access Interface
  - Create and apply web and file share links
- Traffic policies
- Session policies
- Advanced policy support for Enterprise bookmarks
- Endpoint polices
  - Preauthentication policies and profiles
  - Post-authentication policies
  - Preauthentication device check expressions for user devices
  - Configure Device Certificate in nFactor as an EPA component
  - EPA as a factor in nFactor authentication
  - EPA scan classification types on Windows client
- Advanced Endpoint Analysis scans
  - Advanced Endpoint Analysis Policy Expression Reference
  - EPA scan for MAC addresses
- Manage user sessions
- Always On
- Always On VPN before Windows Logon
  - Configure Always On VPN before Windows Logon
Using Advance Policy to Create VPN Policies
Configure DTLS VPN virtual server using SSL VPN virtual server
Integrate NetScaler Gateway with Citrix products
- How users connect to applications, desktops, and ShareFile
- Integrate NetScaler Gateway with StoreFront
- Integrate NetScaler Gateway with Citrix Virtual Apps and Desktops
- Deploy NetScaler Gateway with Citrix Endpoint Management, Citrix Virtual Apps, and Citrix Virtual Desktops
- Configure settings for your Citrix Endpoint Management Environment
- Configure SmartControl
Microsoft Intune Integration
- When to Use the Integrated Intune MDM Solution
- Understanding the NetScaler Gateway Intune MDM Integration
- Configuring Network Access Control device check for NetScaler Gateway virtual server for single factor authentication deployment
- Configuring a NetScaler Gateway application on the Azure portal
- Understanding MSAL Token Authentication
- Configuring NetScaler Gateway Virtual Server for MSAL Token Authentication
- Set up NetScaler Gateway for using micro VPN with Microsoft Endpoint Manager
- Extended support for Azure AD Graph
HDX Enlightened Data Transport Support
- When to Use Enlightened Data Transport Support
- Configuring NetScaler Gateway to Support Enlightened Data Transport and HDX Insight
- Path MTU discovery and DF bit propagation for UDP traffic
- L7 Latency Thresholding
Reducer for HDX
RDP Proxy
- Stateless RDP Proxy
- RDP connection redirection
- Populate RDP URLs based on LDAP attribute
- Randomize RDP file name with RDP proxy
- Configure names for RDP files
Outbound ICA Proxy support
- Configuring Outbound ICA Proxy
NetScaler Gateway Enabled PCoIP Proxy Support for VMware Horizon View
- Configuring NetScaler Gateway Enabled PCoIP proxy for VMware Horizon View
- Configuring VMware Horizon View Connection Server
Proxy Auto Configuration for Outbound Proxy support for NetScaler Gateway
Configuration support for SameSite cookie attribute
Optimize network traffic with Citrix SD-WAN WANOP
RfWebUI Persona on NetScaler Gateway UX Configuration
- RfWebUI configuration parameters
NetScaler Gateway portal customizations
- NetScaler Gateway portal customization using custom plug-ins
- Create and customize login schema
- Portal customizations from the Admin UI
Optimizing NetScaler Gateway VPN split tunnel for Office365
Type of Service Support for UDP traffic
Configuring Server Name Indication Extension
Validating the Server Certificate During an SSL Handshake
Simplified SaaS app configuration using a template
Document History

View PDF

This content has been machine translated dynamically.

Give feedback here

Thank you for the feedback

NetScaler Gateway
NetScaler Gateway 14.1

This content has been machine translated dynamically.

Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)

Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)

Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)

此内容已经过机器动态翻译。放弃

このコンテンツは動的に機械翻訳されています。免責事項

이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인

Este texto foi traduzido automaticamente. (Aviso legal)

Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))

This article has been machine translated.

Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)

Ce article a été traduit automatiquement. (Clause de non responsabilité)

Este artículo ha sido traducido automáticamente. (Aviso legal)

この記事は機械翻訳されています.免責事項

이 기사는 기계 번역되었습니다.책임 부인

Este artigo foi traduzido automaticamente.(Aviso legal)

这篇文章已经过机器翻译.放弃

Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))

Switch to english Auf Englisch anzeigen Lire en anglais Leer en inglés 英語に切り替え 영어로 전환 Mudar para ingles 切换到英文 Passa all'inglese

Translation failed!

Understanding MSAL Token Authentication

October 9, 2024

Contributed by:

Following is the flow of events in a typical NetScaler Gateway- MSAL token authentication:

When an app is launched in iOS or Android, the app contacts Microsoft. The user is prompted to log on with user credentials. After a successful logon, the app gets an MSAL token.
This MSAL token is presented to a NetScaler Gateway, which has been configured to validate the MSAL token.
NetScaler Gateway validates the signature of the MSAL token with the corresponding certificate from Microsoft.
After a successful validation, NetScaler Gateway extracts the User’s Principal Name (UPN) and grants the app VPN access to the internal resources.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

DIESER DIENST KANN ÜBERSETZUNGEN ENTHALTEN, DIE VON GOOGLE BEREITGESTELLT WERDEN. GOOGLE LEHNT JEDE AUSDRÜCKLICHE ODER STILLSCHWEIGENDE GEWÄHRLEISTUNG IN BEZUG AUF DIE ÜBERSETZUNGEN AB, EINSCHLIESSLICH JEGLICHER GEWÄHRLEISTUNG DER GENAUIGKEIT, ZUVERLÄSSIGKEIT UND JEGLICHER STILLSCHWEIGENDEN GEWÄHRLEISTUNG DER MARKTGÄNGIGKEIT, DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK UND DER NICHTVERLETZUNG VON RECHTEN DRITTER.

CE SERVICE PEUT CONTENIR DES TRADUCTIONS FOURNIES PAR GOOGLE. GOOGLE EXCLUT TOUTE GARANTIE RELATIVE AUX TRADUCTIONS, EXPRESSE OU IMPLICITE, Y COMPRIS TOUTE GARANTIE D'EXACTITUDE, DE FIABILITÉ ET TOUTE GARANTIE IMPLICITE DE QUALITÉ MARCHANDE, D'ADÉQUATION À UN USAGE PARTICULIER ET D'ABSENCE DE CONTREFAÇON.

ESTE SERVICIO PUEDE CONTENER TRADUCCIONES CON TECNOLOGÍA DE GOOGLE. GOOGLE RENUNCIA A TODAS LAS GARANTÍAS RELACIONADAS CON LAS TRADUCCIONES, TANTO IMPLÍCITAS COMO EXPLÍCITAS, INCLUIDAS LAS GARANTÍAS DE EXACTITUD, FIABILIDAD Y OTRAS GARANTÍAS IMPLÍCITAS DE COMERCIABILIDAD, IDONEIDAD PARA UN FIN EN PARTICULAR Y AUSENCIA DE INFRACCIÓN DE DERECHOS.

本服务可能包含由 Google 提供技术支持的翻译。Google 对这些翻译内容不做任何明示或暗示的保证，包括对准确性、可靠性的任何保证以及对适销性、特定用途的适用性和非侵权性的任何暗示保证。

このサービスには、Google が提供する翻訳が含まれている可能性があります。Google は翻訳について、明示的か黙示的かを問わず、精度と信頼性に関するあらゆる保証、および商品性、特定目的への適合性、第三者の権利を侵害しないことに関するあらゆる黙示的保証を含め、一切保証しません。

ESTE SERVIÇO PODE CONTER TRADUÇÕES FORNECIDAS PELO GOOGLE. O GOOGLE SE EXIME DE TODAS AS GARANTIAS RELACIONADAS COM AS TRADUÇÕES, EXPRESSAS OU IMPLÍCITAS, INCLUINDO QUALQUER GARANTIA DE PRECISÃO, CONFIABILIDADE E QUALQUER GARANTIA IMPLÍCITA DE COMERCIALIZAÇÃO, ADEQUAÇÃO A UM PROPÓSITO ESPECÍFICO E NÃO INFRAÇÃO.

Was this helpful

Send us your feedback

Instructions for Contributors

This content has been machine translated dynamically.

Give feedback here

Thank you for the feedback

Understanding MSAL Token Authentication

October 9, 2024

Contributed by:

October 9, 2024

Contributed by:

Understanding MSAL Token Authentication

In this article