System requirements and prerequisites

Ensure that your product meets the minimal version requirements.

Product Minimum version
Citrix Workspace app
Windows – 2403 and later
macOS – 2402 and later
StoreFront 2402, 2407 and later
NetScaler







13.1, 14.1, and later. It is recommended to use the latest builds of the NetScaler Gateway version 13.1 or 14.1 for optimized performance.
Note:


  • The NetScaler Gateway minimum version required for Web/SaaS apps is 13.1.

  • The TCP/UDP apps in hybrid deployments are supported from NetScaler Gateway version 14.1–34.42 and later.

  • Though support for TCP/UDP apps along with Web/SaaS apps is available starting from NetScaler Gateway version 14.1–25.56, the 14.1-34.42 version significantly streamlines the configuration process.
  • NetScaler FIPS 13.1-37.219 and later FIPS builds
    Citrix Secure Access client


    Windows client - 24.6.1.17 and later
    macOS client - 24.06.2 and later
    For details, see Citrix Secure Access client.
    Also, see Features and platforms supported by Citrix Secure Access client.
    Citrix Cloud Connector See Cloud Connector for hybrid deployment.
    Communication ports Ensure that you have opened the required ports for the Secure Private Access provider. For details, see Communication ports.

    Prerequisites

    • For the Secure Private Access admin console access, ensure that the following requirements are met:

    • Ensure to get the Secure Private Access service in Cloud Connector enabled.

      Once the Cloud Connector is updated, the Secure Private Access service is disabled. To enable the feature, customers must contact Citrix Support. Once enabled, the service status changes to Running and the Secure Private Access service automatically starts on the connector machine.

    • For creating or updating an existing NetScaler Gateway, ensure that you have the following details:

      • StoreFront store URLs to enter during the setup.
      • Store on StoreFront must have been configured and the Store service URL must be available. The format of the Store service URL is https://store.domain.com/Citrix/StoreSecureAccess.
      • NetScaler Gateway virtual IP address, FQDN, and NetScaler Gateway callback URL (optional) that are required for versions 13.0, 13.1.48.47 and later, 14.1.4.42 and later.
      • IP address and FQDN of the Secure Private Access provider host machine (or a load balancer if the Secure Private Access provider is deployed as a cluster).
      • Authentication profile name and authentication virtual server name configured on NetScaler.
      • SSL server certificate configured on NetScaler.
      • Domain name.
      • Certificate configurations are complete. Admins must ensure that the certificate configurations are complete and the certificates are trusted. The Secure Private Access provider configures a self-signed certificate if no certificate is found in the machine.

    Communication ports

    The following table lists the communication ports that are used by the Secure Private Access provider.

    Source Destination Type Port Details
    NetScaler Gateway

    Secure Private Access provider HTTPS 443 Application authorization validation
    StoreFront HTTPS 443 Authentication and Application enumeration
    Web applications HTTPS 443 NetScaler Gateway communication to configured Secure Private Access applications (Ports can differ based on the application requirements)
    StoreFront Cloud Connector TCP 443 Unless the customer is using custom ports
    Secure Private Access provider Cloud Connector TCP 8443 Unless the customer is using custom ports
    Cloud Connector Internet TCP 443 See Connectivity requirements
    User device NetScaler Gateway HTTPS 443 Communication between the end-user device and NetScaler Gateway

    Features and platforms supported by Citrix Secure Access client

    Unsupported features: The following features are not supported by the Citrix Secure Access client in the hybrid deployment.

    • Always On before Windows Logon (machine tunnel)
    • DNS-TCP
    • Intranet IP
    • Server initiated connections

    Unsupported platforms: The following platforms are not supported by the Citrix Secure Access client in the hybrid deployment.

    • Linux
    • iOS
    • Android
    System requirements and prerequisites