Product Documentation

Installing and Configuring Citrix Gateway in a Double-Hop DMZ

You need to complete several steps in order to deploy Citrix Gateway in a double-hop DMZ. The steps include installation of appliances in both DMZs and configuring the appliances for user device connections.

Installing Citrix Gateway in the First DMZ

To install Citrix Gateway in the first DMZ, follow the instructions in Installing the Model MPX 5500 Appliance.

If you are installing multiple Citrix Gateway appliances in the first DMZ, you can deploy the appliances behind a load balancer.

Configuring Citrix Gateway in the First DMZ

In a double-hop DMZ deployment, it is mandatory that you configure each Citrix Gateway in the first DMZ to redirect connections to either StoreFront or the Web Interface in the second DMZ.

Redirection to StoreFront or the Web Interface is performed at the Citrix Gateway Global or virtual server level. To connect to the Web Interface through Citrix Gateway, a user must be associated with an Citrix Gateway user group for which redirection to the Web Interface is enabled.

Installing Citrix Gateway in the Second DMZ

The Citrix Gateway appliance in the second DMZ is called the Citrix Gateway proxy because it proxies ICA and Secure Ticket Authority (STA) traffic across the second DMZ.

Follow the instructions in Installing the Model MPX 5500 Appliance to install each Citrix Gateway appliance in the second DMZ.

You can use this installation procedure to install additional appliances in the second DMZ.

After you install Citrix Gateway appliances in the second DMZ, you configure the following settings:

  • Configure a virtual server on the Citrix Gateway proxy.
  • Configure Citrix Gateway appliances in the first and second DMZ to communicate with each other.
  • Bind the Citrix Gateway in the second DMZ globally or to a virtual server.
  • Configure the STA on the appliance in the first DMZ.
  • Open ports in the firewalls separating the DMZ.
  • Install certificates on the appliances.

Installing and Configuring Citrix Gateway in a Double-Hop DMZ