Connectivity requirements for Citrix Cloud Government

Citrix Cloud Government provides administrative functions (through a web browser) and operational requests (from other installed components) that connect to resources within a customer’s deployment. This document defines the requirements and considerations for establishing connectivity between the customer’s resources and Citrix Cloud Government.

Connecting to the Internet from your data centers requires opening port 443 to outbound connections. However, to operate within environments containing an Internet proxy server or firewall restrictions, further configuration might be needed.

Transport Layer Security requirements

Citrix Cloud Government supports Transport Layer Security (TLS) 1.2 for TCP-based connections between components. Citrix Cloud doesn’t allow communication over TLS 1.0 or TLS 1.1.

To access Citrix Cloud Government, you must use a browser that supports TLS 1.2 and have accepted cipher suites configured. For more information, see Encryption and key management.

Citrix Cloud Government management console

The Citrix Cloud Government management console is a web-based console that you can access after signing in to https://citrix.cloud.us. The console’s webpages requires more Internet resources when signing in or performing specific operations.

Proxy configuration

If you’re connecting through a proxy server, the management console operates using the same configuration applied to your web browser. The console operates within the user context, enabling the configuration of proxy servers that require user authentication to work as expected.

Firewall configuration

For the management console to operate, you must have port 443 open for outbound connections. You can test general connectivity by navigating within the console.

Citrix Cloud Connector

The Citrix Cloud Connector is a software package that deploys a set of services that run on Microsoft Windows servers. The machine hosting the Cloud Connector resides within the network where the resources that you use with Citrix Cloud Government reside. The Cloud Connector connects to Citrix Cloud Government, allowing it to operate and manage your resources as needed.

For requirements for installing the Cloud Connector, see Citrix Cloud Connector requirements. To operate, the Cloud Connector requires outbound connectivity on port 443. After installation, the Cloud Connector might have more access requirements depending on the Citrix Cloud Government service with which it is being used.

Allowed FQDNs for Cloud Connector

For a complete list of the fully qualified domain names (FQDNs) that the Cloud Connector accesses, refer to the JSON file available at https://fqdnallowlistsa.blob.core.windows.net/fqdnallowlist-gov/allowlist.json. The list is categorized by the product and includes a change log for each group of FQDNs.

Some of these FQDNs are specific to a customer and include templated sections in angular brackets. These templated sections must be replaced with the actual values before use. For example, for <CUSTOMER_ID>.xendesktop.net, you replace <CUSTOMER_ID> with the actual customer ID for your Citrix Cloud account. You can find the customer ID at the top of the API Access tab in Identity and Access Management.

Citrix DaaS service connectivity

Citrix resource location / Cloud Connector:

  • https://*.citrixworkspacesapi.us
  • https://*.cloud.us
  • https://*.apps.cloud.us
  • https://*.blob.core.usgovcloudapi.net
  • https://*.servicebus.usgovcloudapi.net
  • https://*.xendesktop.us

Administration console:

  • https://*.citrixworkspacesapi.us
  • https://*.cloud.us
  • https://*.blob.core.usgovcloudapi.net
  • https://*.xendesktop.us
Connectivity requirements for Citrix Cloud Government