Citrix Gateway

Configure the Citrix Gateway appliance by using wizards

Citrix Gateway has the following six wizards that you can use to configure settings on the appliance:

  • The first-time setup wizard appears when you log on to the Citrix Gateway appliance for the first time.
  • The quick configuration wizard helps you configure the correct policies, expressions, and settings for connections to Citrix Endpoint Management, StoreFront, and the Web Interface.
  • The Citrix Gateway wizard helps you configure Citrix Gateway-specific settings.
  • The setup wizard helps you configure basic Citrix Gateway settings for the first time.
  • Citrix Endpoint Management Integrated Configuration helps you configure your Citrix Gateway and Citrix Endpoint Management environment.
  • The Published Applications wizard helps you configure settings for user connections by using Citrix Workspace app.

First-time setup wizard

When you finish installing and configuring the initial settings on the Citrix Gateway appliance, when you log on to the configuration utility for the first time, the First-time Setup wizard appears if the following conditions are not met:

  • You did not install a license on the appliance.
  • You did not configure a subnet or mapped IP address.
  • If the default IP address of the appliances is 192.168.100.1.

Configure Citrix Gateway with the first-time setup wizard

To configure the Citrix Gateway (the physical appliance or the VPX virtual appliance) for the first time, you need an administrative computer configured on the same network as the appliance.

Assign a Citrix Gateway IP (NSIP) address as the management IP address of your appliance and a subnet IP (SNIP) address to which your servers can connect. You assign a subnet mask that applies to both Citrix Gateway and SNIP addresses. Also configure a time zone. If you assign a host name, you can access the appliance by specifying its name instead of the NSIP address.

There are two sections in the First-time Setup Wizard. In the first section, you configure the basic system settings for the Citrix Gateway appliance including:

NSIP address, SNIP address, and subnet mask Appliance host name DNS servers Time zone Administrator password In the second section, you install licenses. If you specify the address of a DNS server, you can use the hardware serial number (HSN) or license key to allocate your licenses, instead of uploading your licenses from a local computer to the appliance.

Note: Citrix recommends saving your licenses to your local computer.

When you finish configuring these settings, Citrix Gateway prompts you to restart the appliance. When you log on to the appliance again, you can use other wizards and the configuration utility to configure other settings.

Quick Configuration wizard

The Quick Configuration wizard allows you to configure multiple virtual servers on Citrix Gateway. You can add, edit, and remove virtual servers.

The Quick Configuration wizard allows for seamless configuration for the following deployments:

  • Web Interface connections to Citrix Virtual Apps and Desktops, with the ability to configure multiple instances of the Secure Ticket Authority (STA)
  • Citrix Endpoint Management only
  • StoreFront only
  • Citrix Endpoint Management and StoreFront together

The Quick Configuration wizard allows you to configure the following settings on the appliance:

  • Virtual server name, IP address, and port
  • Redirection from an unsecure to a secure port
  • LDAP server
  • RADIUS server
  • Certificates
  • DNS server
  • Citrix Endpoint Management and Citrix Virtual Apps and Desktops

    Note: To enable SSO, you have to manually enable the Single Sign-on to web applications option in the Create Citrix Gateway Session Profile > Client Experience tab for the session action.

Citrix Gateway supports user connections directly to Citrix Endpoint Management, which gives users access to their web, SaaS, and mobile apps, along with access to ShareFile. You can also configure settings to StoreFront which gives users access to their Windows-based applications and virtual desktops.

When you run the Quick Configuration wizard, the following policies are created based on your Citrix Endpoint Management, StoreFront, and Web Interface settings:

  • Session policies, including policies and profiles for Receiver, Receiver for Web, Citrix Gateway plug-in, and Program Neighborhood Agent
  • Clientless access
  • LDAP and RADIUS authentication

Configure settings with the quick configuration wizard

You can configure settings in Citrix Gateway to enable communication with Citrix Endpoint Management, StoreFront, or Web Interface by using the Quick Configuration wizard. When you complete the configuration, the wizard creates the correct policies for communication between Citrix Gateway, Endpoint Management, StoreFront, or the Web Interface. These policies include authentication, session, and clientless access policies. When the wizard completes, the policies are bound to the virtual server.

When you complete the Quick Configuration wizard, Citrix Gateway can communicate with Endpoint Management or StoreFront, and users can access their Windows-based applications and virtual desktops and web, SaaS, and mobile apps. Users can then connect directly to Endpoint Management.

During the wizard, you configure the following settings:

  • Virtual server name, IP address, and port
  • Redirection from an unsecure to a secure port
  • Certificates
  • LDAP server
  • RADIUS server
  • Client certificate for authentication (only for two-factor authentication)
  • Endpoint Management, StoreFront, or Web Interface

The Quick Configuration wizard supports LDAP, RADIUS, and client certificate authentication. You can configure two-factor authentication in the wizard by following these guidelines:

  • If you select LDAP as your primary authentication type, you can configure RADIUS as the secondary authentication type.
  • If you select RADIUS as your primary authentication type, you can configure LDAP as the secondary authentication type.
  • If you select client certificates as your primary authentication type, you can configure LDAP or RADIUS as the secondary authentication type.

You cannot create multiple LDAP authentication policies by using the Quick Configuration wizard. For example, you want to configure one policy that uses sAMAccountName in the Server Logon Name Attribute field and a second LDAP policy that uses the User Principal Name (UPN) in the Server Logon Name Attribute field. To configure these separate policies, use the Citrix Gateway configuration utility to create the authentication policies. For more information, see Configuring LDAP Authentication.

You can configure certificates for Citrix Gateway in the Quick Configuration wizard by using the following methods:

  • Select a certificate that is installed on the appliance.
  • Install a certificate and private key.
  • Select a test certificate. Note: If you use a test certificate, you must add the fully qualified domain name (FQDN) that is in the certificate.

You can open the Quick Configuration wizard in one of the following two ways:

  • When you are on the Citrix Gateway logon page and select Citrix Gateway in Deployment Type, the Home tab appears. If you select any other option in Deployment Type, the Home tab does not appear.
  • From the link Create/Monitor Citrix Gateway in the Citrix Gateway details pane. The link appears if you install a license that enables Citrix ADC features. If you license the appliance for Citrix Gateway only, the link does not appear.

After you initially run the wizard, you can run the wizard again to create more virtual servers and settings.

Important: If you use the Quick Configuration wizard to configure an extra Citrix Gateway virtual server, you must use a unique IP address. You cannot use the same IP address that is used on an existing virtual server. For example, you have a virtual server with the IP address 192.168.10.5 with a port number of 80. You run the Quick Configuration wizard to create a second virtual server with the IP address 192.168.10.5 with port number 443. When you try to save the configuration, an error occurs.

To configure settings with the Quick Configuration wizard

  1. In the configuration utility, do one of the following:
    1. If the appliance is licensed for Citrix Gateway only, click the Home tab.
    2. If the appliance is licensed to include Citrix ADC features, on the Configuration tab, in the navigation pane, click Citrix Gateway and then in the details pane, under Getting Started, click Configure Citrix Gateway for Enterprise Store.
  2. In the dashboard, click Create New Citrix Gateway.
  3. In Citrix Gateway Settings, configure the following:
    1. In Name, type a name for the virtual server.
    2. In IP address, type the IP address for the virtual server.
    3. In Port, type the port number. The default port number is 443.
    4. Select Redirect requests from port 80 to secure port to allow user connections from port 80 to go to port 443.
  4. Click Continue.
  5. On the Certificate page, do one of the following:
    1. Click Choose Certificate and then in Certificate, select the certificate.
    2. Click Install Certificate, and then in Choose Certificate and in Choose Key, click Browse to navigate to the certificate and private key.
    3. Click Use Test Certificate and then in Certificate FQDN enter the fully qualified domain name (FQDN) contained in the test certificate.
  6. Click Continue.
  7. In Authentication Settings, do the following:
    1. In Primary Authentication, select LDAP, RADIUS, or Cert.
    2. Select an authentication server or configure the settings for the authentication type you selected in the previous step. If you select Cert, either select the client certificate or install a new client certificate.
    3. In Secondary Authentication, select the authentication type and then configure the authentication server settings.
  8. Click Continue.

When you finish configuring the network and authentication settings, you can then configure Citrix Endpoint Management or Citrix Virtual Apps and Desktops (StoreFront or Web Interface) settings.

Configure enterprise store settings

Citrix Gateway supports user access to web, SaaS, and mobile apps and ShareFile only through Endpoint Management. If you also deploy StoreFront or the Web Interface, users have access to Windows-based apps and virtual desktops. You can configure settings for the following options:

  • Endpoint Management only
  • StoreFront only
  • Endpoint Management and StoreFront together
  • Web Interface only

When you click Continue from the preceding procedure, you can then configure the settings for your deployment scenario. The following procedures start on the Citrix Integration Settings page.

After you create the virtual server, editing the virtual server in the Quick Configuration wizard does not allow you to change Citrix Endpoint Management or Citrix Virtual Apps and Desktops settings.

For example, if you cancel the configuration of a virtual server at any stage before configuring the Citrix Enterprise Store settings, the wizard automatically selects the Web interface without configuring any settings. When this situation occurs, you can edit the virtual server details for configuring the Web Interface, but you cannot switch to Citrix Endpoint Management. To switch, you must create a new virtual server and must not cancel the wizard at any time during the configuration. If you do not need the Web Interface virtual server, you can delete it by using the Quick Configuration wizard.

To configure settings for StoreFront only

  1. Click Citrix Virtual Apps and Desktops.
  2. In Deployment Type, select StoreFront.
  3. In StoreFront FQDN, enter the fully qualified domain name (FQDN) of the StoreFront server.
  4. In Receiver for Web Path, leave the default path or enter your own path.
  5. Select HTTPS for secure user connections.
  6. In Single Sign-on Domain, enter the domain for StoreFront.
  7. In STA URL, enter the complete IP address or FQDN of the server running the Secure Ticket Authority (STA) if you deploy StoreFront and provide access to published applications from Citrix Virtual Apps or virtual desktops from Citrix Virtual Desktops.
  8. Click Done.

When users connect through Citrix Gateway to StoreFront, users can start their apps and desktops from either Receiver for Web or Receiver.

To configure settings for Endpoint Management only

  1. Click Citrix Endpoint Management.
  2. In App Controller FQDN, enter the FQDN for Endpoint Management.
  3. Click Done.

To configure Web Interface settings

  1. In the Quick Configuration wizard, click Citrix Virtual Apps and Desktops.
  2. In Deployment Type, select Web Interface, and then configure the following:
    1. In Citrix Virtual Apps Site URL, type the complete IP address or FQDN of the Web Interface.
    2. In Citrix Virtual Apps Services Site URL, type the complete IP address or FQDN of the Web Interface with the Citrix Workspace app Path. You can enter the default path or enter your own path.
    3. In Single Sign-on Domain, enter the domain to use.
    4. In STA URL, type the complete IP address or FQDN of the server running the STA.
  3. Click Done.

Citrix Gateway wizard

You use the Citrix Gateway wizard to configure the following settings on the appliance:

  • Virtual servers
  • Certificates
  • Name service providers
  • Authentication
  • Authorization
  • Port redirection
  • Clientless access
  • Clientless access for SharePoint

Configure Settings by using the Citrix Gateway wizard

After you run the Setup Wizard, you can run the Citrix Gateway wizard to configure other settings on Citrix Gateway. You run the Citrix Gateway wizard from the configuration utility.

Citrix Gateway comes with a test certificate. If you do not have a signed certificate from a Certificate Authority (CA), you can use the test certificate when using the Citrix Gateway wizard. When you receive the signed certificate, you can remove the test certificate and install the signed certificate. Citrix recommends obtaining the signed certificate before making Citrix Gateway publicly available for users.

Note: You can create a Certificate Signing Request (CSR) from within the Citrix Gateway wizard. If you use the Citrix Gateway wizard to create the CSR, you must exit from the wizard and then start the wizard again when you receive the signed certificate from the Certificate Authority. For more information about certificates, see Installing and Managing Certificates.

You can configure user connections for Internet Protocol version 6 (IPv6) in the Citrix Gateway wizard when you configure a virtual server. For more information about using IPv6 for user connections, see Configuring IPv6 for User Connections.

To start the Citrix Gateway wizard

  1. In the configuration utility, click the Configuration tab and then in the navigation pane, click Citrix Gateway.
  2. In the details pane, under Getting Started, click Citrix Gateway wizard.
  3. Click Next and then follow the directions in the wizard.

Setup Wizard

You use the Setup Wizard to configure the following initial settings on the appliance:

  • System IP address and subnet mask
  • Mapped IP address and subnet mask
  • Host name
  • Default gateway
  • Licenses

Note: Before running the Setup Wizard, download your licenses from the Citrix website. For more information, see Licensing Citrix Gateway

Published Applications wizard

You use the Published Applications wizard to configure Citrix Gateway to connect to servers running Citrix Virtual Apps and Desktops in the internal network. With the Published Applications wizard, you can:

  • Select a virtual server for connections to the server farm.
  • Configure the settings for user connections for the Web Interface or StoreFront, single sign-on, and the Secure Ticket Authority.
  • Create or select session policies for SmartAccess.

Within the wizard, you can also create session policy expressions for user connections. For more information about configuring Citrix Gateway to connect to a server farm, see Providing Access to Published Applications and Virtual Desktops Through the Web Interface.

Integrated Citrix Endpoint Management configuration

You can deploy Citrix Gateway with Citrix Endpoint Management MDM that provides the ability to scale, ensure high availability for apps, and maintain security. To use the Citrix Endpoint Management configuration, you need to install Version 10.1, Build 120.1316.e.

The Integrated Citrix Endpoint Management Configuration creates the following:

  • Load balancing servers for Device Manager.
  • Load balancing servers for Microsoft Exchange with email filtering.
  • Load balancing servers for ShareFile.

For more information about creating settings with the Integrated Citrix Endpoint Management Configuration, see Configuring Settings for Your Citrix Endpoint Management Environment

Configure the Citrix Gateway appliance by using wizards