Gateway

Select the Citrix Gateway plug-in for users

When you configure Citrix Gateway, you can choose how users log on. Users can log on with one of the following plug-ins:

  • Citrix Gateway plug-in for Windows
  • Citrix Gateway plug-in for macOS
  • Citrix Gateway plug-in for Java

You complete the configuration by creating a session policy and then binding the policy to users, groups, or virtual servers. You can also enable plug-ins by configuring global settings. Within the global or session profile, you select either Windows/macOS X or Java as the plug-in type. When users log on, they receive the plug-in as defined globally or in the session profile and policy. Create separate profiles for the plug-in type. You can only choose either Windows/macOS X or Java in the session profile. To configure the Citrix Gateway plug-in for Java, see Connecting with the Citrix Gateway plug-in for Java.

Configure the plug-in globally

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway and then click Global Settings.
  2. In the details pane, under Settings, click Change global settings.
  3. On the Client Experience tab, next to plug-in Type, select Windows/macOS X and then click OK.

Configure the plug-in type for Windows or macOS in a session profile

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Policies and then click Session.
  2. Do one of the following:
    • If you are creating a new session policy, in the details pane, click Add.
    • If you are changing an existing policy, select a policy, and then click Open.
  3. Create a profile or modify an existing profile. To do so, do one of the following:
    • Next to Request Profile, click New.
    • Next to Request Profile, click Modify.
  4. On the Client Experience tab, next to plug-in Type, click Override Global and then select Windows/macOS X.
  5. Do one of the following:
    • If you are creating a new profile, click Create, set the expression in the policy dialog box, click Create, and then click Close.
    • If you are modifying an existing profile, after making the selection, click OK twice.

Citrix Gateway plug-in for Windows

When users log on to Citrix Gateway, they download and install the Citrix Gateway plug-in on the user device.

To install the plug-in, users must be a local administrator or a member of the Administrators group. This restriction applies for first-time installation only. Plug-in upgrades do not require administrator level access.

To enable users to connect to and use Citrix Gateway, you need to provide them with the following information:

  • Citrix Gateway web address, such as https://NetScalerGatewayFQDN/
  • Any system requirements for running the Citrix Gateway plug-in if you configured endpoint resources and policies

Depending on the configuration of the user device, you might also need to provide the following information:

  • If users run a firewall on their computer, they might must change the firewall settings so that the firewall does not block traffic to or from the IP addresses corresponding to the resources for which you granted access. The Citrix Gateway plug-in automatically handles Internet Connection Firewall in Windows XP and Windows Firewall in Windows XP Service Pack 2, Windows Vista, Windows 7, Windows 8, or Windows 8.1.
  • Users who want to send traffic to FTP over a Citrix Gateway connection must set their FTP application to perform passive transfers. A passive transfer means that the remote computer establishes the data connection to your FTP server, rather than the establishment of the data connection by the FTP server to the remote computer.
  • Users who want to run X client applications across the connection must run an X server, such as XManager, on their computers.
  • Users who install Receiver for Windows or Receiver for Mac can start the Citrix Gateway plug-in from Receiver or by using a web browser. Provide instructions to users about how to log on with the Citrix Gateway plug-in through Receiver or a web browser.

Because users work on files and applications as if they are local to the organization’s network, you do not need to retrain users or configure applications.

To establish a secure connection for the first time, log on to Citrix Gateway by using the web logon page. The typical format of a web address is https://companyname.com. When users log on, they can download and install the Citrix Gateway plug-in on their computer.

Install the Citrix Gateway plug-in for Windows

  1. In a web browser, type the web address of Citrix Gateway.
  2. Type the user name and password and then click Logon.
  3. Select Network Access and then click Download.
  4. Follow the instructions to install the plug-in.

When the download is complete, the Citrix Gateway plug-in connects and displays a message in the notification area on a Windows-based computer.

If you want users to connect with the Citrix Gateway plug-in without using a web browser, you can configure the plug-in to display the logon dialog box when users right-click the Citrix Gateway icon in the notification area on a Windows-based computer or start the plug-in from the Start menu.

Configure the logon dialog box for the Citrix Gateway plug-in for Windows

To configure the Citrix Gateway plug-in to use the logon dialog box, users must be logged on to complete this procedure.

  1. On a Windows-based computer, in the notification area, right-click the Citrix Gateway icon and then click Configure Citrix Gateway.
  2. Click the Profile tab and then click Change Profile.
  3. On the Options tab, click Use the Citrix Gateway plug-in for logon. Note: If users open the Configure Citrix Gateway dialog box from within Receiver, the Options tab is not available.

Set the interception mode for the Citrix Gateway plug-in for Windows

If you are configuring the Citrix Gateway plug-in for Windows, you also need to configure the interception mode and set it to transparent.

  1. In the configuration utility, click the Configuration tab, expand Citrix Gateway > Resources, and then click Intranet Applications.
  2. In the details pane, click Add.
  3. In Name, type a name for the policy.
  4. Click Transparent.
  5. In Protocol, select ANY.
  6. In Destination Type, select IP Address and Netmask.
  7. In IP address type the IP address.
  8. In Netmask, type the subnet mask, click Create, and then click Close.

Enforce local LAN access to end users based on ADC configuration

Starting from Citrix ADC release 13.0, build 85.15, admins can restrict the end users from disabling the local LAN access option on their client machines. A new option, FORCED is added to the existing Local LAN Access parameter values. When the Local LAN Access value is set to FORCED, the local LAN access is always enabled for end users on the client machines. End users cannot disable the local LAN settings on the Citrix Secure Access client UI. If admins want to provide an option to enable or disable local LAN access to the end user, they must re-configure the Local LAN access parameter to ON.

To enable the Forced option by using the GUI:

  1. Navigate to Citrix Gateway > Global Settings > Change Global Settings.
  2. Click the Client Experience tab and then click Advanced Settings.
  3. In Local LAN Access, select FORCED.

Enable local LAN access

To enable the Forced option by using the CLI, run the following command:

set vpn parameter -localLanAccess FORCED
<!--NeedCopy-->

Citrix Gateway plug-in for Java

The Citrix Gateway plug-in for Java can be used on any user device that supports Java.

Note:

Java Runtime Environment (JRE) Version 1.4.2 up to the most recent version of JRE is required for the following operating systems and web browsers.

  • macOS X
  • Linux
  • Windows XP (all versions), Windows Vista, Windows 7, and Windows 8
  • Internet Explorer
  • Firefox
  • Safari 1.2 up to the most recent version of the web browser

The Citrix Gateway plug-in for Java supports most TCP-based applications, but provides only some of the features of the Citrix Gateway plug-in for Windows or Citrix Gateway plug-in for macOS X.

Users do not require administrative privileges on the user device to use the Citrix Gateway plug-in for Java. For security reasons, you might want to require using this plug-in version for a particular virtual server, group, or user, regardless of which user device is used.

To configure Citrix Gateway to install the Citrix Gateway plug-in for Java on user devices, configure a session policy and then bind it to the virtual server, group, or user.

If users log on from a computer running Windows 7, the proxy server information is not set automatically in Internet Explorer. Users must manually configure the proxy server on the computer running Windows 7.

Configure Citrix Gateway plug-in for Java

  1. Navigate to Citrix Gateway > Policies and then click Session.
  2. In the details pane, click the Profiles tab.
  3. Select a session profile and then click Open.
  4. On the Client Experience tab, next to plug-in Type, click Override Global, select Java, and then click OK.

To set the interception mode

After creating the session policy, create an intranet application to define the interception mode for users who log on with the Citrix Gateway plug-in for Java.

  1. Navigate to Citrix Gateway > Resources and then click Intranet Applications.
  2. In the details pane, click Add.
  3. In Name, type a name.
  4. Click Proxy.
  5. In Destination IP Address, type the IP address.
  6. In Destination Port, type the port number.
  7. In Source IP Address, type the IP address.
  8. In Source Port, type the port number, click Create, and then click Close.

If you do not specify a source IP address and port number, Citrix Gateway automatically uses 127.0.0.1 for the IP address and 0 for the port.

Update the HOSTS file on Windows-based computers

When users log on using the Citrix Gateway plug-in for Java on a computer running Windows Vista, Windows 7, or Windows 8, network traffic for TCP intranet applications is not tunneled. The HOSTS file is not updated automatically on computers running Vista and Windows 7. Add the intranet applications manually to the HOSTS file.

On a Windows-based computer, you can edit the HOSTS file in Notepad or another text editor. If you edit the HOSTS file in Notepad, you must run Notepad as an administrator. Add the mapping entries for the intranet application for the Citrix Gateway plug-in for Java and then save the file.

Select the Citrix Gateway plug-in for users