Product Documentation

App Controller and NetScaler Gateway

Oct 08, 2015

Users can connect to enterprise web applications by using either the NetScaler Gateway Plug-in or Citrix Receiver. Some web applications require the use of the NetScaler Gateway Plug-in to establish the full VPN tunnel in order to access applications in the secure network. If the enterprise web application requires a VPN connection, Receiver for Windows and Receiver for Mac can detect if the NetScaler Gateway Plug-in is running. If the plug-in is not running, Receiver can prompt the user with the option to start the plug-in.

If users connect with Receiver for iOS, you configure Secure Browse in NetScaler Gateway to allow VPN connections from these mobile devices. For more information about Secure Browse, see Allowing Access from Mobile Devices.

If users connect by using Receiver for Web and attempt to start an application that requires a VPN connection, the application does not start until users establish a VPN connection through NetScaler Gateway.

There are two steps for allowing connections to applications in the secure network through NetScaler Gateway:

  • Configuring NetScaler Gateway settings.
  • Specifying the application to accept connections from remote users.

To route user connections through NetScaler Gateway, you provide the following information:

  • Name for the appliance. This can be any name you choose.
  • FQDN for the callback URL that verifies that the request came from NetScaler Gateway. You use the same FQDN to which users connect. App Controller appends the FQDN automatically with the authentication service URL. For example, the URL appears as https://NetScalerGatewayFQDN/CitrixAuthService/AuthService.asmx.
  • Fully qualified domain name (FQDN) to which users connect, such as https://NetScalerGatewayFQDN.

Optionally, you can configure the following settings:

  • A logon type, such as domain only, security token only, both domain and security token.
  • No password requirement regardless of the logon type you choose.
  • An option to connect to StoreFront through a connection that first routes through App Controller and NetScaler Gateway which proxies the connection.

You can select the web applications that require remote user connections through NetScaler Gateway. When you configure an application in App Controller, you select a check box that identifies that the web application is hosted in the internal network. This adds the VPN keyword to the application and allows the connection request through NetScaler Gateway.