- NetScaler Gateway Release Notes
- About NetScaler Gateway
- Common Deployments
- What's New
- Known Issues
- Client Software Requirements
- Compatibility with Citrix Products
- Before Getting Started
Installing the System
- Configuring NetScaler Gateway
- Using the Configuration Utility
- Policies and Profiles on NetScaler Gateway
- Viewing NetScaler Gateway Configuration Settings
- Configuring the NetScaler Gateway by Using Wizards
- Configuring the Host Name and FQDN on NetScaler Gateway
- Installing and Managing Certificates
- Testing Your NetScaler Gateway Configuration
- Creating Virtual Servers
- Configuring IP Addresses on NetScaler Gateway
- Resolving DNS Servers Located in the Secure Network
- Configuring DNS Virtual Servers
- Configuring Name Service Providers
- Configuring Server-Initiated Connections
- Configuring Routing on NetScaler Gateway
- Configuring Auto Negotiation
Authentication and Authorization
- Configuring Default Global Authentication Types
- Configuring Authentication Without Authorization
- Configuring Authorization
- Disabling Authentication
- Configuring Authentication for Specific Times
- How Authentication Policies Work
- Configuring Local Users
- Configuring Groups
- Configuring LDAP Authentication
- Configuring Client Certificate Authentication
- Configuring RADIUS Authentication
- Configuring SAML Authentication
- Configuring TACACS+ Authentication
- Configuring Multifactor Authentication
- Configuring Single Sign-On
- Configuring One-Time Password Use
- nFactor for Gateway Authentication
- Unified Gateway Visualizer
Configuring the VPN User Experience
- How User Connections Work with the NetScaler Gateway Plug-in
- Choosing the User Access Method
- Deploying NetScaler Gateway Plug-ins for User Access
- Selecting the NetScaler Gateway Plug-in for Users
Integrating the NetScaler Gateway Plug-in with Citrix Receiver
- How User Connections Work with Citrix Receiver
- Adding the NetScaler Gateway Plug-in to Citrix Receiver
- Decoupling the Citrix Receiver Icon
- Configuring IPv6 for ICA Connections
- IConfiguring the Receiver Home Page on NetScaler Gateway
- Applying the Receiver Theme to the Logon Page
- Creating a Custom Theme for the Logon Page
- Customizing the User Portal
- Configuring Clientless Access
- Configuring the Client Choices Page
- Configuring Access Scenario Fallback
Configuring Connections for the NetScaler Gateway Plug-in
- Configuring the Number of User Sessions
- Configuring Time-Out Settings
- Connecting to Internal Network Resources
- Configuring Split Tunneling
- Configuring Client Interception
- Configuring Name Service Resolution
- Enabling Proxy Support for User Connections
- Configuring Address Pools
- Supporting VoIP Phones
- Configuring Application Access for the NetScaler Gateway Plug-in for Java
- Configuring the Access Interface
- How a Traffic Policy Works
- Configuring Session Policies
Configuring Endpoint Polices
- How Endpoint Policies Work
- Evaluating User Logon Options
- Setting the Priority of Preauthentication Policies
- Configuring Preauthentication Policies and Profiles
- Configuring Post-Authentication Policies
- Configuring Security Preauthentication Expressions for User Devices
- Configuring Compound Client Security Expressions
- Advanced Endpoint Analysis Scans
- Managing User Sessions
- Configuring Unified Gateway
Deploying in a Double-Hop DMZ
- Deploying NetScaler Gateway in a Double-Hop DMZ
- How a Double-Hop Deployment Works
- Communication Flow in a Double-Hop DMZ Deployment
- Preparing for a Double-Hop DMZ Deployment
Installing and Configuring Netscaler Gateway in a Double-Hop DMZ
- Configuring Settings on the Virtual Servers on the NetScaler Gateway Proxy
- Configuring the Appliance to Communicate with the Appliance Proxy
- Configuring NetScaler Gateway to Handle the STA and ICA Traffic
- Opening the Appropriate Ports on the Firewalls
- Managing SSL Certificates in a Double-Hop DMZ Deployment
Using High Availability
- How High Availability Works
- Configuring Settings for High Availability
- Configuring Communication Intervals
- Synchronizing NetScaler Gateway Appliances
- Synchronizing Configuration Files in a High Availability Setup
- Configuring Command Propagation
- Configuring Fail-Safe Mode
- Configuring the Virtual MAC Address
- Configuring High Availability Pairs in Different Subnets
- Configuring Route Monitors
- Configuring Link Redundancy
- Understanding the Causes of Failover
- Forcing Failover from a Node
- Using Clustering
Maintaining and Monitoring the System
- Configuring Delegated Administrators
- Configuring Auditing on NetScaler Gateway
- Enabling NetScaler Gateway Plug-in Logging
- To monitor ICA connections
- Integrating with Citrix Products
- How Users Connect to Applications, Desktops, and ShareFile
- Deploying with XenMobile App Edition, XenApp, and XenDesktop
Accessing XenApp and XenDesktop Resources with the Web Interface
- Integrating NetScaler Gateway with XenApp or XenDesktop
- Establishing a Secure Connection to the Server Farm
- Deploying with the Web Interface
- Setting Up a Web Interface Site to Work
- Configuring Communication with the Web Interface
- Configuring Additional Web Interface Settings on NetScaler Gateway
- Configuring Access to Applications and Virtual Desktops in the Web Interface
- Configuring SmartAccess
- Configuring SmartControl
Configuring Single Sign-On to the Web Interface
- To configure single sign-on to Web applications globally
- To configure single sign-on to Web applications by using a session policy
- To define the HTTP port for single sign-on to web applications
- Additional Configuration Guidelines
- To test the single sign-on connection to the Web Interface
- Configuring Single Sign-On to the Web Interface by Using a Smart Card
- To configure single sign-on for XenApp and file shares
- Allowing File Type Association
Integrating with App Controller or StoreFront
- How NetScaler Gateway and App Controller Integrate
- Creating Policies with the Quick Configuration Wizard
- Configuring NetScaler Gateway and App Controller
- Configuring Session Policies and Profiles for App Controller and StoreFront
- Configuring Custom Clientless Access Policies for Receiver
- Configuring Custom Clientless Access Policies for Receiver for Web
- Using WebFront to Integrate with StoreFront
- Integrate NetScaler Gateway with StoreFront
Configuring Settings for Your XenMobile Environment
- Configuring Load Balancing Servers for XenMobile
- Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering
- Configuring XenMobile NetScaler Connector (XNC) ActiveSync Filtering
- Allowing Access from Mobile Devices with XenMobile Apps
- Configuring Domain and Security Token Authentication for XenMobile
- Configuring Client Certificate or Client Certificate and Domain Authentication
- Optimizing Network Traffic with CloudBridge
- RfWebUI Persona on Gateway UX Configuration
- RDP Proxy
- HDX Enlightened Data Transport Support
- Microsoft Intune Integration
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
Configuring Unified Gateway
NetScaler with Unified Gateway enables simplified secure access to any application through a single URL for desktop and mobile users. Behind this single URL, administrators have a single point for configuration, security, and control of remote access to applications. And remote users have an improved experience with seamless single sign-on to all the applications they need along with login/logout once ease of use.
To accomplish this, NetScaler with Unified Gateway, along with NetScaler’s Content Switching capacities and extensive authentication infrastructure, provides access to organizational sites and apps through this single URL. Additionally, remote users can use iOS or Android mobile devices and Linux, PC or Mac systems with the NetScaler Gateway client plug-ins for uniform access to the Unified Gateway URL, wherever they may be.
A Unified Gateway deployment allows single URL access to the following categories of applications:
- Intranet applications.
- Clientless applications
- Software as a Service applications
- Preconfigured applications served by NetScaler
- Citrix XenApp or XenDesktop published applications
Intranet applications may be any web-based application that resides inside the secure enterprise network. These are internal resources such as an organizational intranet site, a bug tracking application, or a wiki.
Typically also residing inside the secure enterprise network, the clientless applications Unified Gateway provides single URL access to are Outlook Web Access and SharePoint. These applications provide access to Exchange email and team resources without dedicated client software which need to be available to remote users.
SaaS applications, also commonly know as Cloud Apps, are external, cloud-based applications that organizations depend on such as Sharefile, SalesForce, or NetSuite. SAML based single sign-on is supported with those SaaS applications that offer it.
Some organizations may have preconfigured NetScaler served applications deployed in an NetScaler ADC load balanced configuration; often times this is also referred as a ‘reverse-proxy’ application. Unified Gateway supports these applications when a virtual server for the deployment resides on the same NetScaler Unified Gateway instance or appliance. These applications may have their own authentication configuration which is independent of that for the Unified Gateway configuration.
Any published Citrix XenApp and XenDesktop published applications can be made available through a Unified Gateway URL. SmartAccess and SmartControl policies can optionally be applied to granular policy and access control to these resources.
The Unified Gateway Configuration Wizard
The recommended method to configuring a NetScaler with Unified Gateway deployment is to use the Unified Gateway configuration wizard. The wizard walks you through configuration and creates all the necessary virtual servers, policies, and expressions, and applies settings based on the details provided. After initial setup, the wizard can be used to manage your deployment and monitor its operation.
Note The Unified Gateway configuration wizard does not perform an initial systems configuration. Your NetScaler Gateway appliance or VPX instance must have basic installation completed before configuring Unified Gateway. Refer to the installation instructions for Configuring NetScaler Gateway with the First-time Setup Wizard to complete basic configuration.
The Unified Gateway elements configured by the wizard are:
- The Unified Gateway primary virtual server
- An SSL Server Certificate for the Unified Gateway virtual server
- A primary and any optional secondary authentication configuration
- A portal theme selection and optional customization
- The user applications that are to be accessed through the Unified Gateway portal
For each of these elements, you need to provide configuration information. For a basic Unified Gateway deployment, the following information is needed.
- For the primary Unified Gateway virtual server, the public IP address and IP port number for the deployment. This will be the IP address that resolves in DNS to the Unified Gateway URL’s hostname. For example, if your Unified Gateway deployment’s URL is
https://mycompany.com/, the IP address must to resolve to mycompany.com.
- The signed SSL Server Certificate for the deployment. NetScaler Gateway supports PEM or PFX formatted certificates.
- Primary authentication server information. The authentication systems supported for this authentication configuration are LDAP/Active Directory, RADIUS, and Certificate based. A secondary LDAP or RADIUS authentication configuration may be created as well. The authentication server IP address(es) must be provided along with any relevant administrator credentials or directory attributes. For Certificate authentication, the device certificate attributes and a CA certificate must be provided.
- A portal theme may be selected. If a customized or branded portal design is desired, custom graphics may be uploaded to the system with the wizard.
- For web-based user applications, the URLs for the individual applications must be specified. For web applications that are to utilize SAML single sign-on authentication, the utility collects the Assertion Consumer Service URL along with other optional SAML parameters. Gather the configuration details in advance for the applications that use a SAML authentication system.
- For XenDesktop and XenApp published resources to be made available through the Unified Gateway deployment, you need to specify the integration point (StoreFront, the Web Interface, or Web Interface on NetScaler). The utility requires the integration point’s fully qualified domain name, the site path, the single sign-on domain, the Secure Ticket Authority (STA) server URL, and others depending on the type of integration point.
Additional Configuration Management
For site specific settings not available in the Unified Gateway configuration utility, such as alternative SSL settings or session policies, you can manage the needed settings in the NetScaler Gateway configuration utility. You can modify these settings on the Content Switching or VPN virtual servers once they are created by the Unified Gateway configuration utility.
This is the NetScaler configuration entity behind the deployment’s main IP address and URL. The SSL Server Certificates and parameters are managed on this virtual server. As this virtual server is the responding network host for the deployment, the ICMP server response and RHI state can be modified on this virtual server, if necessary. The Content Switching virtual server can be found under the Configuration tab at Traffic Management > Content Switching > Virtual Servers.
VPN Virtual Server
All of the other VPN parameters, profiles, and policy bindings for the Unified Gateway configuration are managed on this virtual server, including the main authentication configuration. This entity is managed under the Configuration tab at NetScaler Gateway > Virtual Servers. The relevant VPN virtual server’s name will include the name given to the Content Switching virtual server during initial Unified Gateway configuration.
Note The VPN virtual servers created for a Unified Gateway deployment are non-addressable and assigned the 0.0.0.0 IP address.