Configure server-initiated connections

For each user logged on to Citrix Gateway with IP addresses enabled, the DNS suffix is appended to the user name and a DNS address record is added to the appliance’s DNS cache. This technique helps in providing users with a DNS name rather than the IP addresses of the users.

When an IP address is assigned to a user’s session, it is possible to connect to the user’s device from the internal network. For example, users connecting with the Remote Desktop or a virtual network computing (VNC) client can access the user device for diagnosing a problem application. It is also possible for two Citrix Gateway users with internal network IP addresses who are remotely logged on to communicate with each other through Citrix Gateway. Allowing discovery of the internal network IP addresses of the logged-on users on the appliance aids in this communication.

A remote user can use the following ping command to discover the internal network IP address of a user who can be logged on to Citrix Gateway then:

ping \<username.domainname\>

A server can initiate a connection to a user device in the following different ways:

  • TCP or UDP connections. The connections can originate from an external system in the internal network or from another computer logged on to Citrix Gateway. The internal network IP address that is assigned to each user device logged on to Citrix Gateway is used for these connections. The different types of server-initiated connections that Citrix Gateway supports are described. For TCP or UDP server-initiated connections, the server has prior knowledge about the user device’s IP address and port and makes a connection to it. Citrix Gateway intercepts this connection.

    Then, the user device makes an initial connection to the server and the server connects to the user device on a port that is known or derived from the first configured port.

    In this scenario, the user device makes an initial connection to the server and then exchanges ports and IP addresses with the server by using an application-specific protocol where this information is embedded. This enables the Citrix Gateway to support applications, such as active FTP connections.

  • Port command. This is used in an active FTP and in certain Voice over IP protocols.

  • Connections between plug-ins. Citrix Gateway supports connections between plug-ins by using the internal network IP addresses.

    With this type of connection, two Citrix Gateway user devices that use the same Citrix Gateway can initiate connections with each other. An example of this type is using instant messaging applications, such as Office Communicator or Yahoo! Messenger.

If a user logs off Citrix Gateway and the logoff request did not reach the appliance, the user can log on again by using any device and replace the previous session with a new session. This feature might be beneficial in deployments where one IP address is assigned per user.

When a user logs on to Citrix Gateway for the first time, a session is created and an IP address is assigned to the user. If the user logs off but the logoff request is lost or the user device fails to perform a clean logoff, the session is maintained on the system. If the user tries to log on again from the same device or another device, after successful authentication, a transfer logon dialog box appears. If the user chooses to transfer the logon, the previous session on Citrix Gateway is closed and a new session is created. The transfer of logon is active for only two minutes after logoff, and if logon is attempted from multiple devices simultaneously, the last logon attempt replaces the original session.

Configure server-initiated connections