Configure TCP/UDP - server to client apps

Starting from 2408, Secure Private Access supports a new app type (TCP/UDP server to client). This app type can be used for supporting features such as the following:

  • Software distribution using Microsoft Endpoint Configuration Manager or similar solutions
  • Remote policy updates on managed devices using GPO Push
  • Remote assistance to troubleshoot and debug user workstations.

Prerequisites:

  • Secure Private Access setup is complete.
  • Client versions meet the following requirements:
    • Windows - 24.6.1.18 and later
    • macOS - 24.06.2 and later
  • The intranet IP address is configured on NetScaler Gateway and is bound to the respective VPN virtual server. Use the following sample commands for reference:

    set vpn sessionAction AC_AG_PLGspaonprem -useMIP NS -useIIP NOSPILLOVER

    bind vpn vserver spaonprem -intranetIP <IP address>

Perform the following steps to configure TCP/UDP apps from the admin console:

  1. In the admin console, click Applications and then click Add an app.
  2. Select the location Inside my corporate network.

    TCP-UDP app

  3. Enter the following details:

    • App type – Select TCP/UDP - server to client.
    • App name– Name of the application.
    • App description – Description of the app you are adding. This field is optional.
    • Server - Details of the application servers that are authorized to establish connection with the client. You can enter the IP address, IP address range, or the CIDR.
    • Port – The client port number.
    • Protocol – TCP/UDP.
  4. Click Add to add additional servers.
  5. Click Save. The app is added to the App Configuration page. You can edit or delete an app from the Applications page after you have configured the application. To do so, click the ellipsis button in line with the app and select the actions accordingly.

    • Edit Application
    • Delete

Important:

After you add an app for server-client communication, to enable server-client and client-client communication, intranet IP address ranges configured on NetScaler Gateway must be added as a TCP/UDP app.

Intranet IP address

Configure access policies for TCP/UDP server-client apps

To enable access to the apps for the users, admins are required to create access policies. For details, see Configure access policies.

References

Citrix Secure Access client.

Configure TCP/UDP - server to client apps