Product documentation
Citrix Cloud
View PDF

Network locations

April 28, 2025
Contributed by: 
C

Within Citrix Cloud, you can configure network locations according to their public IP addresses. These network locations can be used for the following:

Typically you create a Network Location for each of your office locations.

View network locations

To view the configured network locations:

  1. Log in to Citrix Cloud.
  2. Open the main menu.

  3. From the main menu choose Network locations.

    menu with Network Locations highlighted

  4. The Network location screen loads.

    Network Locations screen

Add network location

  1. On the Network locations screen, press Add network location

    Add network location

    The Location tags and connectivity type options are only available if Adaptive Access is enabled .

  2. Enter a Location name.

  3. Enter the Public IP address range in CIDR format.

  4. If Adaptive Access is enabled, you can optionally enter the name of one or more Location tags. Use commas to separate multiple tags. The smart access tag is generated by adding the suffix LOCATION_TAG_. For instance if you enter a location tag BranchOffice then a smart access tag is generated called LOCATION_TAG_BranchOffice that you can use in Studio.

  5. If Adaptive Access is enabled, you can choose whether the location is Internal or External. For all internal locations, a smart access tag is generated called LOCATION_internal. For all external locations, a smart access tag is generated called LOCATION_external. If the client’s IP address does not match a network location then the network location is considered to be Undefined.

    If Adaptive Access is disabled then this option is hidden. All configured network locations are considered internal and it does not create any smart access tags.

  6. Press Save.

Edit network location

  1. Navigate to the open the Network locations screen
  2. On the row you wish to edit, press to open the menu, then select Edit.
  3. Make the required changes.
  4. Press Save.

Delete network location

  1. Navigate to the open the Network locations screen
  2. On the row you wish to edit, press to open the menu, then select Delete.
  3. On the confirmation screen, press Yes, delete.

Manage network locations with PowerShell

Instead of using the Citrix Cloud management console interface, you can use a PowerShell script to configure Direct Workload Connection. Direct Workload Connection configuration with PowerShell involves the following:

  1. Download the PowerShell module.
  2. Create a secure API client in Citrix Cloud and make a note of the Client ID and secret.
  3. Import the PowerShell module and connect to the Network Location Service (NLS) with your API client details.
  4. Use the PowerShell cmdlets to create network locations for each of your locations.

Download the PowerShell module

Before you set up your network locations, download the Citrix-provided PowerShell module (nls.psm1) from the Citrix GitHub repository. Using this module, you can set up as many network locations as needed for your VDAs.

  1. In a web browser, go to https://github.com/citrix/sample-scripts/blob/master/workspace/NLS2.psm1.
  2. Press Raw. GitHub file view with Raw button highlighted
  3. Press Ctrl+S and select a location to save the file.

Create a secure client

  1. Sign in to Citrix Cloud at https://citrix.cloud.com.
  2. From the Citrix Cloud menu, select Identity and Access Management and then select API Access.

  3. On the Secure Clients tab, note your customer ID.

    Secure Client console with Customer ID highlighted

  4. Enter a name for the client and then select Create Client.

  5. Copy the client ID and client secret.

    Secure Client ID and Secret dialog

Configure network locations

  1. Open a PowerShell command window and navigate to the same directory where you saved the PowerShell module.
  2. Import the module: Import-Module .\nls.psm1 -Force
  3. Set the required variables with your secure client information from Create a secure client:
    • $clientId = "YourSecureClientID"
    • $customer = "YourCustomerID"
    • $clientSecret = "YourSecureClientSecret"

  4. Connect to the Network Location Service with your secure client credentials:

    Connect-NLS -clientId $clientId -clientSecret $clientSecret -customer $customer
<!--NeedCopy-->

  5. Create a network location, replacing the parameter values with the values that correspond to the internal network where your internal users are directly connecting from:

    New-NLSSite -name "YourSiteName" -tags @("YourTags") -ipv4Ranges @("PublicIpsOfYourNetworkSites") -longitude 12.3456 -latitude 12.3456 -internal $True
<!--NeedCopy-->

    To specify a single IP address instead of a range, add /32 to the end of the IP address. For example:

    New-NLSSite -name "YourSiteName" -tags @("YourTags") -ipv4Ranges @("PublicIpOfYourNetworkSite/32") -longitude 12.3456 -latitude 12.3456 -internal $True
<!--NeedCopy-->

    Important:

    When using the New-NLSSite command, include at least one value for each parameter. If you run this command without any command-line arguments, PowerShell prompts you to enter the appropriate values for each parameter, one at a time. The internal property is a mandatory Boolean property with possible values: $True or $False that maps to the UI via PowerShell. For example, (UI) Network Internal -> (PowerShell) –internal=$True.

    When the network location is created successfully, the command window displays the details of the network location.

  6. Repeat Step 5 for all your network locations where users are connecting from.
  7. Run the command Get-NLSSite to return a list of all the sites you’ve configured with NLS and verify that their details are correct.

Modify network locations

To change an existing network location:

  1. From a PowerShell command window, list all existing network locations: Get-NLSSite

  2. To modify the IP range for a specific network location, type

    (Get-NLSSite)[N] | Set-NLSSite -ipv4Ranges @("1.2.3.4/32","4.3.2.1/32")
<!--NeedCopy-->

    where [N] is the number corresponding to the location in the list (starting with zero) and "1.2.3.4/32","4.3.2.1/32" are the comma-separated IP ranges you want to use. For example, to modify the first listed location, you type the following command:

    (Get-NLSSite)[0] | Set-NLSSite -ipv4Ranges @("98.0.0.1/32","141.43.0.0/24")
<!--NeedCopy-->

Remove network locations

To remove network locations that you no longer want to use:

  1. From a PowerShell command window, list all existing network locations: Get-NLSSite
  2. To remove all network locations, type Get-NLSSite | Remove-NLSSite
  3. To remove specific network locations, type (Get-NLSSite)[N] | Remove-NLSSite, where [N] is the number corresponding to the location in the list. For example, to remove the first listed location, you type (Get-NLSSite)[0] | Remove-NLSSite.

Example script

The example script includes all commands that you might need to add, modify, and remove the public IP address ranges for your branch locations. However, you don’t need to run all commands to perform any single function. For the script to run, always include the first 10 lines, from Import-Module through Connect-NLS. Afterward, you can include only the commands for the functions you want to perform.

Import-Module .\nls.psm1 -Force

$clientId = "XXXX" #Replace with your clientId
$clientSecret = "YYY"    #Replace with your clientSecret
$customer = "CCCCCC"  #Replace with your customerid

# Connect to Network Location Service
Connect-NLS -clientId $clientId -clientSecret $clientSecret -customer $customer

# Create a new Network Location Service Site (Replace with details corresponding to your branch locations)
New-NLSSite -name "New York" -tags @("EastCoast") -ipv4Ranges @("1.2.3.0/24") -longitude 40.7128 -latitude -74.0060 -internal $True

# Get the existing Network Location Service Sites (optional)
Get-NLSSite

# Update the IP Address ranges of your first Network Location Service Site (optional)
$s = (Get-NLSSite)[0]
$s.ipv4Ranges = @("1.2.3.4/32","4.3.2.1/32")
$s | Set-NLSSite

# Remove all Network Location Service Sites (optional)
Get-NLSSite | Remove-NLSSite

# Remove your third site (optional)
(Get-NLSSite)[2] | Remove-NLSSite
<!--NeedCopy-->
Network locations
April 28, 2025
Contributed by: 
C
April 28, 2025
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.