Citrix Gateway

Select the Citrix Secure Access agent for users

When you configure Citrix Gateway, you can choose how users log on. Users can log on with one of the following plug-ins:

  • Citrix Secure Access agent for Windows
  • Citrix Secure Access agent for macOS

You complete the configuration by creating a session policy and then binding the policy to users, groups, or virtual servers. You can also enable plug-ins by configuring global settings. Within the global or session profile, you select either Windows or macOS X as the plug-in type. When users log on, they receive the plug-in as defined globally or in the session profile and policy. Create separate profiles for the plug-in type.

Configure the plug-in globally

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway and then click Global Settings.
  2. In the details pane, under Settings, click Change global settings.
  3. On the Client Experience tab, next to plug-in Type, select Windows/macOS X and then click OK.

Configure the plug-in type for Windows or macOS in a session profile

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Policies and then click Session.
  2. Do one of the following:
    • If you are creating a new session policy, in the details pane, click Add.
    • If you are changing an existing policy, select a policy, and then click Open.
  3. Create a profile or modify an existing profile. To do so, do one of the following:
    • Next to Request Profile, click New.
    • Next to Request Profile, click Modify.
  4. On the Client Experience tab, next to plug-in Type, click Override Global and then select Windows/macOS X.
  5. Do one of the following:
    • If you are creating a new profile, click Create, set the expression in the policy dialog box, click Create, and then click Close.
    • If you are modifying an existing profile, after making the selection, click OK twice.

Citrix Secure Access agent for Windows

When users log on to Citrix Gateway, they download and install the Citrix Secure Access agent on the user device.

To install the plug-in, users must be a local administrator or a member of the Administrators group. This restriction applies for first-time installation only. Plug-in upgrades do not require administrator level access.

To enable users to connect to and use Citrix Gateway, you need to provide them with the following information:

  • Citrix Gateway web address, such as https://NetScalerGatewayFQDN/
  • Any system requirements for running the Citrix Secure Access agent if you configured endpoint resources and policies

Depending on the configuration of the user device, you might also need to provide the following information:

  • If users run a firewall on their computer, they might must change the firewall settings so that the firewall does not block traffic to or from the IP addresses corresponding to the resources for which you granted access. The Citrix Secure Access agent automatically handles Internet Connection Firewall in Windows XP and Windows Firewall in Windows XP Service Pack 2, Windows Vista, Windows 7, Windows 8, or Windows 8.1.
  • Users who want to send traffic to FTP over a Citrix Gateway connection must set their FTP application to perform passive transfers. A passive transfer means that the remote computer establishes the data connection to your FTP server, rather than the establishment of the data connection by the FTP server to the remote computer.
  • Users who want to run X client applications across the connection must run an X server, such as XManager, on their computers.
  • Users who install Receiver for Windows or Receiver for Mac can start the Citrix Secure Access agent from Receiver or by using a web browser. Provide instructions to users about how to log on with the Citrix Secure Access agent through Receiver or a web browser.

Because users work on files and applications as if they are local to the organization’s network, you do not need to retrain users or configure applications.

To establish a secure connection for the first time, log on to Citrix Gateway by using the web logon page. The typical format of a web address is https://companyname.com. When users log on, they can download and install the Citrix Secure Access agent on their computer.

Install the Citrix Secure Access agent for Windows

  1. In a web browser, type the web address of Citrix Gateway.
  2. Type the user name and password and then click Logon.
  3. Select Network Access and then click Download.
  4. Follow the instructions to install the plug-in.

When the download is complete, the Citrix Secure Access agent connects and displays a message in the notification area on a Windows-based computer.

If you want users to connect with the Citrix Secure Access agent without using a web browser, you can configure the plug-in to display the logon dialog box when users right-click the Citrix Gateway icon in the notification area on a Windows-based computer or start the plug-in from the Start menu.

Configure the logon dialog box for the Citrix Secure Access agent for Windows

To configure the Citrix Secure Access agent to use the logon dialog box, users must be logged on to complete this procedure.

  1. On a Windows-based computer, in the notification area, right-click the Citrix Gateway icon and then click Configure Citrix Gateway.
  2. Click the Profile tab and then click Change Profile.
  3. On the Options tab, click Use the Citrix Secure Access agent for logon. Note: If users open the Configure Citrix Gateway dialog box from within Receiver, the Options tab is not available.

Set the interception mode for the Citrix Secure Access agent for Windows

If you are configuring the Citrix Secure Access agent for Windows, you also need to configure the interception mode and set it to transparent.

  1. In the configuration utility, click the Configuration tab, expand Citrix Gateway > Resources, and then click Intranet Applications.
  2. In the details pane, click Add.
  3. In Name, type a name for the policy.
  4. Click Transparent.
  5. In Protocol, select ANY.
  6. In Destination Type, select IP Address and Netmask.
  7. In IP address type the IP address.
  8. In Netmask, type the subnet mask, click Create, and then click Close.
Select the Citrix Secure Access agent for users