Product Documentation

Configuring Citrix Gateway to Support Enlightened Data Transport

If you use Enlightened Data Transport (EDT), Datagram Transport Layer Security (DTLS) must be enabled to encrypt the UDP connection used by EDT. The DTLS parameter must be enabled at the Gateway VPN virtual-server level, and Citrix XenApp and Citrix XenDesktop components must be correctly upgraded and configured to achieve encrypted traffic between the Gateway VPN virtual server and the user device.

The following scenarios are supported:

Scenario EDT support
Citrix Gateway Yes
Citrix Gateway with High Availability (HA) Yes
Citrix Gateway with High Availability (HA) optimization Yes
Citrix ADC with Unified Gateway Yes
Citrix Gateway with GSLB Yes
Citrix Gateway with Cluster Yes
Citrix Receiver to Citrix Gateway DTLS encryption Yes
Dual Secure Ticket Authority (STA) on Citrix Gateway Yes
Citrix Gateway ICA session timeout Yes
Citrix Gateway Multi-Stream ICA Yes
Citrix Gateway session reliability (Port 2598) Yes
Citrix Gateway Double-Hop Yes
Citrix ADC to VDA DTLS encryption No
HDX Insight No
Citrix Gateway in IPv6 mode No
Citrix Gateway SOCKS (Port 1494) No
Citrix ADC pure LAN proxy No

Note: EDT support for Citrix Gateway is available for port 2598 and not for port 1494.

To configure Citrix Gateway to support EDT:

  1. Deploy and configure Citrix Gateway to communicate with StoreFront and authenticate users for Citrix XenApp and Citrix XenDesktop.

  2. On the Configuration tab in the Citrix ADC GUI, expand Citrix Gateway and select Virtual Servers.

    localized image

  3. Click Edit to display Basic Settings for the VPN Virtual Server, and then verify the state of the DTLS setting.

    localized image

  4. Click More to display additional configuration option.

    localized image

  5. Select DTLS to provide communications security for datagram protocols. Click OK. The Basic Settings area for the VPN Virtual Server shows that the DTLS flag is set to True.

    localized image

  6. Reopen the Server Certificate Binding screen and click the plus icon (+) to bind the certificate-key pair.

    localized image

  7. Next to the certificate-key pair that you just bound, click Select.

    localized image

  8. Save the changes to the server-certificate binding.

  9. When the certificate key pair appears, click Bind.

Configuring Citrix Gateway to Support Enlightened Data Transport

In this article