NetScaler Gateway Release Notes

About NetScaler Gateway

• NetScaler Gateway Architecture

• How User Connections Work

Common Deployments

• Deploying in the DMZ

• Deploying in the Secure Network

Client Software Requirements

• NetScaler Gateway Plug-in System Requirements

• Endpoint Analysis Requirements

Compatibility with Citrix Products

Licensing

• NetScaler Gateway License Types

• Obtaining Your Platform or Universal License Files

• To install a license on NetScaler Gateway

• Verifying Installation of the Universal License

FAQ

Before Getting Started

• Planning for Security

• Prerequisites

• Pre-Installation Checklist

Upgrading

Installing the System

• Configuring NetScaler Gateway

• Using the Configuration Utility

• Policies and Profiles on NetScaler Gateway

  • How Policies Work

  • Creating Policies on NetScaler Gateway

  • Configuring System Expressions

• Viewing NetScaler Gateway Configuration Settings

  • Saving the NetScaler Gateway Configuration

  • Clearing the NetScaler Gateway Configuration

• Configuring the NetScaler Gateway by Using Wizards

  • Configuring NetScaler Gateway with the First-time Setup Wizard

  • Configuring Settings with the Quick Configuration Wizard

  • Configuring Settings by Using the NetScaler Gateway Wizard

• Configuring the Host Name and FQDN on NetScaler Gateway

• Installing and Managing Certificates

  • Creating a Certificate Signing Request

  • Installing the Signed Certificate on NetScaler Gateway

  • Configuring Intermediate Certificates

  • Using Device Certificates for Authentication

  • Importing and Installing an Existing Certificate

  • Certificate Revocation Lists

• Testing Your NetScaler Gateway Configuration

• Creating Virtual Servers

  • To create additional virtual servers

  • Configuring Connection Types on the Virtual Server

  • Configuring a Listen Policy for Wildcard Virtual Servers

• Configuring IP Addresses on NetScaler Gateway

  • Changing or Deleting Mapped IP Addresses

  • Configuring Subnet IP Addresses

  • Configuring IPv6 for User Connections

• Resolving DNS Servers Located in the Secure Network

• Configuring DNS Virtual Servers

• Configuring Name Service Providers

• Configuring Server-Initiated Connections

• Configuring Routing on NetScaler Gateway

• Configuring Auto Negotiation

Authentication and Authorization

• Configuring Default Global Authentication Types

• Configuring Authentication Without Authorization

• Configuring Authorization

  • Configuring Authorization Policies

  • Setting Default Global Authorization

• Disabling Authentication

• Configuring Authentication for Specific Times

• How Authentication Policies Work

  • Configuring Authentication Profiles

  • Binding Authentication Policies

  • Setting Priorities for Authentication Policies

• Configuring Local Users

• Configuring Groups

  • Adding Users to Groups

  • Configuring Policies with Groups

• Configuring LDAP Authentication

  • To configure LDAP authentication by using the configuration utility

  • Determining Attributes in Your LDAP Directory

  • Configuring LDAP Group Extraction

  • Configuring LDAP Group Extraction for Multiple Domains

• Configuring Client Certificate Authentication

  • Configuring and Binding a Client Certificate Authentication Policy

  • Configuring Two-Factor Client Certificate Authentication

  • Configuring Smart Card Authentication

  • Configuring a Common Access Card

• Configuring RADIUS Authentication

  • To configure RADIUS authentication

  • Choosing RADIUS Authentication Protocols

  • Configuring IP Address Extraction

  • Configuring RADIUS Group Extraction

  • Configuring RADIUS user accounting

• Configuring SAML Authentication

  • To configure SAML authentication

  • Auth Improvements for SAML Authentication

• Configuring TACACS+ Authentication

  • Clear Config Basic Should Not Clear TACACS Config

• Configuring Multifactor Authentication

  • Configuring Cascading Authentication

  • Configuring Two-Factor Authentication

• Configuring Single Sign-On

  • Configuring Single Sign-On with Windows

  • Configuring Single Sign-On to Web Applications

  • Configuring Single Sign-On to a Domain

• Configuring One-Time Password Use

  • Configuring RSA SecurID Authentication

  • Configuring Password Return with RADIUS

  • Configuring SafeWord Authentication

  • Configuring Gemalto Protiva Authentication

• nFactor for Gateway Authentication

• Unified Gateway Visualizer

Configuring the VPN User Experience

• How User Connections Work with the NetScaler Gateway Plug-in

  • Establishing the Secure Tunnel

  • Operation Through Firewalls and Proxies

  • NetScaler Gateway Plug-in Upgrade Control

• Choosing the User Access Method

• Deploying NetScaler Gateway Plug-ins for User Access

• Selecting the NetScaler Gateway Plug-in for Users

  • Installing the NetScaler Gateway Plug-in for Windows

  • Deploying the NetScaler Gateway Plug-in from Active Directory

  • Connecting with the NetScaler Gateway Plug-in for Java

• Integrating the NetScaler Gateway Plug-in with Citrix Receiver

  • How User Connections Work with Citrix Receiver

  • Adding the NetScaler Gateway Plug-in to Citrix Receiver

  • Decoupling the Citrix Receiver Icon

  • Configuring IPv6 for ICA Connections

  • IConfiguring the Receiver Home Page on NetScaler Gateway

  • Applying the Receiver Theme to the Logon Page

  • Creating a Custom Theme for the Logon Page

• Customizing the User Portal

• Configuring Clientless Access

  • Enabling Clientless Access

  • How Clientless Access Policies Work

  • Configuring Domain Access for Users

  • Configuring Clientless Access for SharePoint 2003, SharePoint 2007, and SharePoint 2013

  • Enabling Clientless Access Persistent Cookies

  • Saving User Settings for Clientless Access Through Web Interface

• Configuring the Client Choices Page

  • Showing the Client Choices Page at Logon

  • Configuring Client Choices Options

• Configuring Access Scenario Fallback

  • Creating Policies for Access Scenario Fallback

• Configuring Connections for the NetScaler Gateway Plug-in

  • Configuring the Number of User Sessions

  • Configuring Time-Out Settings

  • Connecting to Internal Network Resources

  • Configuring Split Tunneling

  • Configuring Client Interception

  • Configuring Name Service Resolution

  • Enabling Proxy Support for User Connections

  • Configuring Address Pools

  • Supporting VoIP Phones

  • Configuring Application Access for the NetScaler Gateway Plug-in for Java

  • Configuring the Access Interface

• How a Traffic Policy Works

  • Creating a Traffic Policy

  • Removing Traffic Policies

• Configuring Session Policies

  • Creating a Session Profile

  • Binding Session Policies

• Configuring Endpoint Polices

  • How Endpoint Policies Work

  • Evaluating User Logon Options

  • Setting the Priority of Preauthentication Policies

  • Configuring Preauthentication Policies and Profiles

  • Configuring Post-Authentication Policies

  • Configuring Security Preauthentication Expressions for User Devices

  • Configuring Compound Client Security Expressions

• Advanced Endpoint Analysis Scans

  • Configuring Advanced Endpoint Analysis Scans

  • Advanced Endpoint Analysis Policy Expression Reference

  • Troubleshooting Advanced Endpoint Analysis scans

• Managing User Sessions

• AlwaysON

Configuring Unified Gateway

• Unified Gateway FAQ

Deploying in a Double-Hop DMZ

• Deploying NetScaler Gateway in a Double-Hop DMZ

• How a Double-Hop Deployment Works

• Communication Flow in a Double-Hop DMZ Deployment

  • Authenticating Users

  • Creating a Session Ticket

  • Starting Citrix Receiver

  • Completing the Connection

• Preparing for a Double-Hop DMZ Deployment

• Installing and Configuring Netscaler Gateway in a Double-Hop DMZ

  • Configuring Settings on the Virtual Servers on the NetScaler Gateway Proxy

  • Configuring the Appliance to Communicate with the Appliance Proxy

  • Configuring NetScaler Gateway to Handle the STA and ICA Traffic

  • Opening the Appropriate Ports on the Firewalls

  • Managing SSL Certificates in a Double-Hop DMZ Deployment

Using High Availability

• How High Availability Works

• Configuring Settings for High Availability

  • Creating or Changing an RPC Node Password

  • Configuring the Primary and Secondary Appliances for High Availability

• Configuring Communication Intervals

• Synchronizing NetScaler Gateway Appliances

• Synchronizing Configuration Files in a High Availability Setup

• Configuring Command Propagation

  • Troubleshooting Command Propagation

• Configuring Fail-Safe Mode

• Configuring the Virtual MAC Address

  • Configuring IPv4 Virtual MAC Addresses

  • Configuring IPv6 virtual MAC addresses

• Configuring High Availability Pairs in Different Subnets

  • Adding a Remote Node

• Configuring Route Monitors

  • Adding or Removing Route Monitors

• Configuring Link Redundancy

• Understanding the Causes of Failover

• Forcing Failover from a Node

  • Forcing Failover on the Primary or Secondary Node

  • Forcing the Primary Node to Stay Primary

  • Forcing the Secondary Node to Stay Secondary

Using Clustering

• Configuring Clustering

Maintaining and Monitoring the System

• Configuring Delegated Administrators

  • Configuring Command Policies for Delegated Administrators

  • Configuring Custom Command Policies for Delegated Administrators

• Configuring Auditing on NetScaler Gateway

  • Configuring Logs on NetScaler Gateway

  • Configuring ACL Logging

• Enabling NetScaler Gateway Plug-in Logging

• To monitor ICA connections

Integrating with Citrix Products

How Users Connect to Applications, Desktops, and ShareFile

Deploying with XenMobile App Edition, XenApp, and XenDesktop

Accessing XenApp and XenDesktop Resources with the Web Interface

• Integrating NetScaler Gateway with XenApp or XenDesktop

• Establishing a Secure Connection to the Server Farm

• Deploying with the Web Interface

  • Deploying the Web Interface in the Secure Network

  • Deploying the Web Interface Parallel to NetScaler Gateway in the DMZ

  • Deploying the Web Interface Behind NetScaler Gateway in the DMZ

• Setting Up a Web Interface Site to Work

  • Web Interface Features

  • Setting Up a Web Interface Site

  • Creating a Web Interface 5.4 Site

  • Creating a Web Interface 5.3 Site

  • Adding XenApp and XenDesktop to a Single Site

  • Routing User Connections Through NetScaler Gateway

• Configuring Communication with the Web Interface

  • Configuring Policies for Published Applications and Desktops

  • Configuring Settings with the Published Applications wizard

  • Configuring the Secure Ticket Authority on NetScaler Gateway

• Configuring Additional Web Interface Settings on NetScaler Gateway

  • Configuring Web Interface Failover

  • Configuring Smart Card Access with the Web Interface

• Configuring Access to Applications and Virtual Desktops in the Web Interface

• Configuring SmartAccess

  • How SmartAccess Works for XenApp and XenDesktop

  • Configuring XenApp Policies and Filters

  • Configuring User Device Mapping on XenApp

  • Enabling XenApp as a Quarantine Access Method

  • Configuring XenDesktop for SmartAccess

• Configuring SmartControl

• Configuring Single Sign-On to the Web Interface

  • To configure single sign-on to Web applications globally

  • To configure single sign-on to Web applications by using a session policy

  • To define the HTTP port for single sign-on to web applications

  • Additional Configuration Guidelines

  • To test the single sign-on connection to the Web Interface

  • Configuring Single Sign-On to the Web Interface by Using a Smart Card

  • To configure single sign-on for XenApp and file shares

• Allowing File Type Association

  • Creating a Web Interface Site

  • Configuring NetScaler Gateway for File Type Association

Integrating with App Controller or StoreFront

• How NetScaler Gateway and App Controller Integrate

• Creating Policies with the Quick Configuration Wizard

  • Examples of Session Policies Created by the Quick Configuration Wizard

  • Examples of the Session Profile Settings Created by the Quick Configuration Wizard

  • Examples of Clientless Access Policies Created by the Quick Configuration Wizard

• Configuring NetScaler Gateway and App Controller

• Configuring Session Policies and Profiles for App Controller and StoreFront

  • Configuring Access to App Controller Through NetScaler Gateway

  • Access to StoreFront Through NetScaler Gateway

  • Binding Session Policies and Setting the Priority

• Configuring Custom Clientless Access Policies for Receiver

• Configuring Custom Clientless Access Policies for Receiver for Web

• Using WebFront to Integrate with StoreFront

Integrate NetScaler Gateway with StoreFront

Configuring Settings for Your XenMobile Environment

• Configuring Load Balancing Servers for XenMobile

• Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering

• Configuring XenMobile NetScaler Connector (XNC) ActiveSync Filtering

• Allowing Access from Mobile Devices with XenMobile Apps

• Configuring Domain and Security Token Authentication for XenMobile

• Configuring Client Certificate or Client Certificate and Domain Authentication

Optimizing Network Traffic with CloudBridge

RfWebUI Persona on Gateway UX Configuration

RDP Proxy

• Stateless RDP Proxy

HDX Enlightened Data Transport Support

• When to Use Enlightened Data Transport Support

• Configuring NetScaler Gateway to Support Enlightened Data Transport

Microsoft Intune Integration

• When to Use the Integrated Intune MDM Solution

• Understanding the NetScaler Gateway-Intune MDM Integration

• Configuring Network Access Control device check for NetScaler Gateway virtual server for single factor authentication deployment