Citrix SD-WAN WANOP

CIFS and MAPI

What pre-requisites are required to before configuring MAPI and Signed SMB on a Citrix SD-WAN WANOP appliance?

You must satisfy the following conditions before you configure MAPI and Signed SMB on a Citrix SD-WAN WANOP appliance:

  • The Secure Peer option should be set to True on client as well as server side appliance.

  • A delegate user must be added to the data center side appliance and its status should be marked as “Success.”

  • The data center side appliance must successfully join the domain.

  • The DNS IP addressed configured on the server side appliance must be reachable.

    For more information, see Configure a Citrix SD-WAN WANOP appliance to optimize secure Windows traffic.

What do I need to configure on domain controller for a delegate user?

You must create a user on the domain controller before configuring delegation for the user on a Citrix SD-WAN WANOP appliance.

Do I need to configure anything on DNS server?

Yes. On the DNS server, you must configure forward and reverse lookups for all IP address of the domain controllers.

What do I need to verify before making the Citrix SD-WAN WANOP appliance to join the domain?

Before making the appliance to join the domain, verify the following:

  • IP addresses configured to primary or secondary DNS servers should be reachable.

  • Domain should be reachable.

  • Resolved domain IP addresses should be reachable.

  • Optionally, the status of the Pre Domain Join Check utility should pass.

How can I verify if the Citrix SD-WAN WANOP appliance is ready to add a user as a delegate user?

You can verify the user by using the Check delegate user utility on the Windows domain page. If the status for all the parameters does not have any error messages, the appliance is ready to add the user as a delegate user.

If the utility displays any failures, you must address these before you add a user as a delegate user. You can refer to the log to understand the test results.

Are there any requirements for hostname and hostname length of the server side Citrix SD-WAN WANOP appliance?

On the server side Citrix SD-WAN WANOP appliance, make sure that the host name is unique within the network. Additionally, the length of the host name must not be more than 15 characters.

Can I configure one-way trust in the domain?

No. the client and the server must be the members of a domain that has two-way trust with the domain of the server side Citrix SD-WAN WANOP appliance. The appliance does not support one-way trust.

Can I use Macintosh Outlook client and get acceleration benefits of the Citrix SD-WAN WANOP appliance?

No. Macintosh Outlook does not use MAPI as the communication protocol. Therefore, you cannot use Macintosh Outlook in this setup.

Do I need make the branch side Citrix SD-WAN WANOP appliance join the domain for accelerating encrypted MAPI?

No. You do not need to make the make the branch side Citrix SD-WAN WANOP appliance join the domain for accelerating encrypted MAPI.

Can I configure a Citrix SD-WAN WANOP 2000 appliance with Windows-Server on a data center side for encrypted MAPI?

Yes. You can configure a Citrix SD-WAN WANOP 2000 appliance with Windows-Server on a data center side for encrypted MAPI.

When I make a Citrix SD-WAN WANOP appliance to join a domain and an NTP server configured with a different time zone exists on the network, does the appliance synchronize time with the domain controller or the NTP server?

When you make the Citrix SD-WAN WANOP appliance join a domain, the appliance always synchronized its time with the domain controller and not the NTP server.

On the Citrix SD-WAN WANOP appliance, what is the default duration to clear the black listed connection?

By default, the black listed connections are cleared in 900 seconds.

Which Outlook authentication mechanisms are supported on a Citrix SD-WAN WANOP appliance?

Starting with release 6.2.4, the appliance supports Negotiate (default) and NTLM v2 Outlook authentication, but Kerberos authentication is not supported. However, release 6.2.3 and earlier releases support only Negotiate Outlook authentication.

Does Citrix SD-WAN WANOP support Outlook Anywhere, RPC over HTTPS?

Yes, starting with release 7.3.

CIFS and MAPI