-
Install and configure the Citrix Gateway appliance
-
VPN configuration on a Citrix Gateway appliance
-
Integrate the Citrix Gateway plug-in with Citrix Workspace app
-
Endpoint polices
-
Maintaining and Monitoring the System
-
Integrate Citrix Gateway with Citrix products
-
Integrate Citrix Gateway with Citrix Virtual Apps and Desktops
-
Configure settings for your Citrix Endpoint Management Environment
-
Configure load balancing servers for Citrix Endpoint Management
-
Configure load balancing servers for Microsoft Exchange with Email Security Filtering
-
Configure Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering
-
Allow Access from mobile devices with Citrix Mobile Productivity Apps
-
Configure domain and security token authentication for Citrix Endpoint Management
-
Configure client certificate or client certificate and domain authentication
-
-
Access Citrix Virtual Apps and Desktops resources with the Web Interface
-
Configuring Additional Web Interface Settings on Citrix Gateway
-
Configuring Access to Applications and Virtual Desktops in the Web Interface
-
Integrate Citrix Gateway with Citrix Virtual Apps and Desktops
-
Configuring Settings for Your Citrix Endpoint Management Environment
-
Configuring Load Balancing Servers for Citrix Endpoint Management
-
Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering
-
Configuring Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering
-
Allowing Access from Mobile Devices with Citrix Mobile Productivity Apps
-
Configuring Domain and Security Token Authentication for Citrix Endpoint Management
-
Configuring Client Certificate or Client Certificate and Domain Authentication
-
-
Citrix Gateway Enabled PCoIP Proxy Support for VMware Horizon View
-
Configure DTLS VPN virtual server using SSL VPN virtual server
-
Proxy Auto Configuration for Outbound Proxy support for Citrix Gateway
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Endpoint policies
Endpoint Analysis is a process that scans a user device and detects information, such as the presence and version level of an operating system, and of antivirus, firewall, or web browser software. You can use Endpoint Analysis to verify that the user device meets your requirements before allowing it to connect to your network or remain connected after users log on. You can monitor files, processes, and registry entries on the user device during the user session to ensure that the device continues to meet requirements.
How Endpoint policies work
You can configure Citrix Gateway to check if a user device meets certain security requirements before a user logs on. This is called a preauthentication policy. You can configure Citrix Gateway to check a user device for antivirus, firewall, antispam, processes, files, registry entries, Internet security, or operating systems that you specify within the policy. If the user device fails the preauthentication scan, users are not allowed to log on.
If you need to configure other security requirements that are not used in a preauthentication policy, you configure a session policy and bind it to a user or group. This type of policy is called a post-authentication policy, which runs during the user session to ensure the required items, such as antivirus software or a process, is still true.
When you configure a preauthentication or post-authentication policy, Citrix Gateway downloads the Endpoint Analysis plug-in and then runs the scan. Each time a user logs on, the Endpoint Analysis plug-in runs automatically.
You use the following three types of policies to configure endpoint policies:
- Preauthentication policy that uses a yes or no parameter. The scan determines if the user device meets the specified requirements. If the scan fails, the user cannot enter credentials on the logon page.
- Session policy that is conditional and can be used for SmartAccess.
- Client security expression within a session policy. If the user device fails to meet the requirements of the client security expression, you can configure users to be placed into a quarantine group. If the user device passes the scan, users can be placed into a different group that might require other checks.
You can incorporate detected information into policies, enabling you to grant different levels of access based on the user device. For example, you can provide full access with download permission to users who connect remotely from user devices that have current antivirus and firewall software requirements. For users connecting from untrusted computers, you can provide a more restricted level of access that allows users to edit documents on remote servers without downloading them.
Endpoint Analysis performs the following basic steps:
- Examines an initial set of information about the user device to determine which scans to apply.
- Runs all applicable scans. When users try to connect, the Endpoint Analysis plug-in checks the user device for the requirements specified within the preauthentication or session policy. If the user device passes the scan, users are allowed to log on. If the user device fails the scan, users are not allowed to log on. Note: Endpoint Analysis scans complete before the user session uses a license.
- Compares property values detected on the user device with desired property values listed in your configured scans.
-
Produces an output verifying whether desired property values are found.
Attention:
The instructions for creating Endpoint Analysis policies are general guidelines. You can have many settings within one session policy. Specific instructions for configuring session policies might contain directions for configuring a specific setting. However, that setting can be one of many settings that are contained within a session profile and policy.
Evaluate user logon options
When users log on, they can choose to skip the Endpoint Analysis scan. If users skip the scan, Citrix Gateway processes this action as a failed Endpoint Analysis. When users fail the scan, they can only have access to the Web Interface or through clientless access.
For example, you want to provide users access by using the Citrix Gateway plug-in. To log on to Citrix Gateway with the plug-in, users must be running an antivirus application, such as Norton Antivirus. If the user device is not running the application, users can log on with Receiver only and use published applications. You can also configure clientless access, which restricts access to specified applications, such as Outlook Web Access.
To configure Citrix Gateway to achieve this logon scenario, you assign a restrictive session policy as the default policy. You then configure the settings to upgrade users to a privileged session policy when the user device passes the Endpoint Analysis scan. At that point, users have network-layer access and can log on with the Citrix Gateway plug-in.
To configure Citrix Gateway to enforce the restrictive session policy first, perform the following steps:
-
Configure the global settings with ICA Proxy enabled and all other necessary settings if the specified application is not running on the user device.
-
Create a session policy and profile that enables the Citrix Gateway plug-in.
-
Create an expression within the rule portion of the session policy to specify the application, such as:
(client.application.process(symantec.exe) exists)
When users log on, the session policy is applied first. If Endpoint Analysis fails or the user skips the scan, Citrix Gateway ignores the settings in the session policy (the expression in the session policy is considered false). As a result, users have restricted access using the Web Interface or clientless access. If Endpoint Analysis passes, Citrix Gateway applies the session policy and users have full access with the Citrix Gateway plug-in.
Skip the EPA scan
You can skip the EPA scan for post-authentication and advance authentication only. Skip EPA is available on browsers of all supported operating systems. Users must click the Skip EPA button that appears when accessing the gateway. If users skip the scan, Citrix Gateway processes this action as a failed Endpoint Analysis. When users fail the scan, they can only have access to the Web Interface or through clientless access.
Also, see https://support.citrix.com/article/CTX200748.
Endpoint Analysis scans supported for Ubuntu
The following Endpoint Analysis (EPA) scans are supported for the EPA plug-in installed for the Ubuntu operating system.
- File
- Existence
- MD5 Checksum
- Text within a file (regular expression support)
- Process
- Existence
- MD5 Checksum
- Path
- File system device or Mountpoint name
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.