Product Documentation

English

Citrix Gateway
NetScaler Gateway 11.1

NetScaler Gateway Release Notes
About NetScaler Gateway
- NetScaler Gateway Architecture
- How User Connections Work
Common Deployments
- Deploying in the DMZ
- Deploying in the Secure Network
What's New
Known Issues
Client Software Requirements
- NetScaler Gateway Plug-in System Requirements
- Endpoint Analysis Requirements
Compatibility with Citrix Products
Licensing
- NetScaler Gateway License Types
- Obtaining Your Platform or Universal License Files
- To install a license on NetScaler Gateway
- Verifying Installation of the Universal License
FAQ
Before Getting Started
- Planning for Security
- Prerequisites
- Pre-Installation Checklist
Upgrading
Installing the System
- Configuring NetScaler Gateway
- Using the Configuration Utility
- Policies and Profiles on NetScaler Gateway
- Viewing NetScaler Gateway Configuration Settings
  - Saving the NetScaler Gateway Configuration
  - Clearing the NetScaler Gateway Configuration
- Configuring the NetScaler Gateway by Using Wizards
- Configuring the Host Name and FQDN on NetScaler Gateway
- Installing and Managing Certificates
- Testing Your NetScaler Gateway Configuration
- Creating Virtual Servers
- Configuring IP Addresses on NetScaler Gateway
- Resolving DNS Servers Located in the Secure Network
- Configuring DNS Virtual Servers
- Configuring Name Service Providers
- Configuring Server-Initiated Connections
- Configuring Routing on NetScaler Gateway
- Configuring Auto Negotiation
Authentication and Authorization
- Configuring Default Global Authentication Types
- Configuring Authentication Without Authorization
- Configuring Authorization
  - Configuring Authorization Policies
  - Setting Default Global Authorization
- Disabling Authentication
- Configuring Authentication for Specific Times
- How Authentication Policies Work
- Configuring Local Users
- Configuring Groups
  - Adding Users to Groups
  - Configuring Policies with Groups
- Configuring LDAP Authentication
- Configuring Client Certificate Authentication
- Configuring RADIUS Authentication
- Configuring SAML Authentication
  - To configure SAML authentication
  - Auth Improvements for SAML Authentication
- Configuring TACACS+ Authentication
  - Clear Config Basic Should Not Clear TACACS Config
- Configuring Multifactor Authentication
  - Configuring Cascading Authentication
  - Configuring Two-Factor Authentication
- Configuring Single Sign-On
- Configuring One-Time Password Use
- nFactor for Gateway Authentication
- Unified Gateway Visualizer
Configuring the VPN User Experience
- How User Connections Work with the NetScaler Gateway Plug-in
- Choosing the User Access Method
- Deploying NetScaler Gateway Plug-ins for User Access
- Selecting the NetScaler Gateway Plug-in for Users
- Integrating the NetScaler Gateway Plug-in with Citrix Receiver
- Customizing the User Portal
- Configuring Clientless Access
- Configuring the Client Choices Page
  - Showing the Client Choices Page at Logon
  - Configuring Client Choices Options
- Configuring Access Scenario Fallback
  - Creating Policies for Access Scenario Fallback
- Configuring Connections for the NetScaler Gateway Plug-in
- How a Traffic Policy Works
  - Creating a Traffic Policy
  - Removing Traffic Policies
- Configuring Session Policies
  - Creating a Session Profile
  - Binding Session Policies
- Configuring Endpoint Polices
- Advanced Endpoint Analysis Scans
- Managing User Sessions
- AlwaysON
Configuring Unified Gateway
- Unified Gateway FAQ
Deploying in a Double-Hop DMZ
- Deploying NetScaler Gateway in a Double-Hop DMZ
- How a Double-Hop Deployment Works
- Communication Flow in a Double-Hop DMZ Deployment
- Preparing for a Double-Hop DMZ Deployment
- Installing and Configuring Netscaler Gateway in a Double-Hop DMZ
Using High Availability
- How High Availability Works
- Configuring Settings for High Availability
  - Creating or Changing an RPC Node Password
  - Configuring the Primary and Secondary Appliances for High Availability
- Configuring Communication Intervals
- Synchronizing NetScaler Gateway Appliances
- Synchronizing Configuration Files in a High Availability Setup
- Configuring Command Propagation
  - Troubleshooting Command Propagation
- Configuring Fail-Safe Mode
- Configuring the Virtual MAC Address
  - Configuring IPv4 Virtual MAC Addresses
  - Configuring IPv6 virtual MAC addresses
- Configuring High Availability Pairs in Different Subnets
  - Adding a Remote Node
- Configuring Route Monitors
  - Adding or Removing Route Monitors
- Configuring Link Redundancy
- Understanding the Causes of Failover
- Forcing Failover from a Node
Using Clustering
- Configuring Clustering
Maintaining and Monitoring the System
- Configuring Delegated Administrators
  - Configuring Command Policies for Delegated Administrators
  - Configuring Custom Command Policies for Delegated Administrators
- Configuring Auditing on NetScaler Gateway
  - Configuring Logs on NetScaler Gateway
  - Configuring ACL Logging
- Enabling NetScaler Gateway Plug-in Logging
- To monitor ICA connections
Integrating with Citrix Products
How Users Connect to Applications, Desktops, and ShareFile
Deploying with XenMobile App Edition, XenApp, and XenDesktop
Accessing XenApp and XenDesktop Resources with the Web Interface
- Integrating NetScaler Gateway with XenApp or XenDesktop
- Establishing a Secure Connection to the Server Farm
- Deploying with the Web Interface
- Setting Up a Web Interface Site to Work
- Configuring Communication with the Web Interface
- Configuring Additional Web Interface Settings on NetScaler Gateway
  - Configuring Web Interface Failover
  - Configuring Smart Card Access with the Web Interface
- Configuring Access to Applications and Virtual Desktops in the Web Interface
- Configuring SmartAccess
- Configuring SmartControl
- Configuring Single Sign-On to the Web Interface
- Allowing File Type Association
  - Creating a Web Interface Site
  - Configuring NetScaler Gateway for File Type Association
Integrating with App Controller or StoreFront
- How NetScaler Gateway and App Controller Integrate
- Creating Policies with the Quick Configuration Wizard
- Configuring NetScaler Gateway and App Controller
- Configuring Session Policies and Profiles for App Controller and StoreFront
- Configuring Custom Clientless Access Policies for Receiver
- Configuring Custom Clientless Access Policies for Receiver for Web
- Using WebFront to Integrate with StoreFront
Integrate NetScaler Gateway with StoreFront
Configuring Settings for Your XenMobile Environment
- Configuring Load Balancing Servers for XenMobile
- Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering
- Configuring XenMobile NetScaler Connector (XNC) ActiveSync Filtering
- Allowing Access from Mobile Devices with XenMobile Apps
- Configuring Domain and Security Token Authentication for XenMobile
- Configuring Client Certificate or Client Certificate and Domain Authentication
Optimizing Network Traffic with CloudBridge
RfWebUI Persona on Gateway UX Configuration
RDP Proxy
- Stateless RDP Proxy
HDX Enlightened Data Transport Support
- When to Use Enlightened Data Transport Support
- Configuring NetScaler Gateway to Support Enlightened Data Transport
Microsoft Intune Integration
- When to Use the Integrated Intune MDM Solution
- Understanding the NetScaler Gateway-Intune MDM Integration
- Configuring Network Access Control device check for NetScaler Gateway virtual server for single factor authentication deployment

This content has been machine translated dynamically.

Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)

Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)

Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)

This content has been machine translated dynamically.

Switch to english Auf Englisch anzeigen Lire en anglais Leer en inglés Switch to english Switch to english Switch to english

Translation failed!

Deploying in the DMZ

January 29, 2019

| Contributed by:

Many organizations protect their internal network with a DMZ. A DMZ is a subnet that lies between an organization’s secure internal network and the Internet (or any external network). When you deploy NetScaler Gateway in the DMZ, users connect with the NetScaler Gateway Plug-in or Citrix Receiver.

Figure 1. NetScaler Gateway deployed in the DMZ

NetScaler Gateway deployed in the DMZ

In the configuration shown in the preceding figure, you install NetScaler Gateway in the DMZ and configure it to connect to both the Internet and the internal network.

NetScaler Gateway Connectivity in the DMZ

When you deploy NetScaler Gateway in the DMZ, user connections must traverse the first firewall to connect to NetScaler Gateway. By default, user connections use SSL on port 443 to establish this connection. To allow user connections to reach the internal network, you must allow SSL on port 443 through the first firewall.

NetScaler Gateway decrypts the SSL connections from the user device and establishes a connection on behalf of the user to the network resources behind the second firewall. The ports that must be open through the second firewall are dependent on the network resources that you authorize external users to access.

For example, if you authorize external users to access a web server in the internal network, and this server listens for HTTP connections on port 80, you must allow HTTP on port 80 through the second firewall. NetScaler Gateway establishes the connection through the second firewall to the HTTP server on the internal network on behalf of the external user devices.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

Send us your feedback about this article

Support: https://www.citrix.com/support

Feedback and forums: https://discussions.citrix.com

Version

Deploying in the DMZ

NetScaler Gateway Connectivity in the DMZ

Deploying in the DMZ

In this article