About NetScaler Gateway

• NetScaler Gateway Architecture

• How User Connections Work

Common Deployments

• Deploying in the DMZ

• Deploying in the Secure Network

Client Software Requirements

• NetScaler Gateway Plug-in System Requirements

• Endpoint Analysis Requirements

Licensing

• NetScaler Gateway License Types

• Obtaining Your Platform or Universal License Files

• To install a license on NetScaler Gateway

• Verifying Installation of the Universal License

Before Getting Started

• Planning for Security

• Prerequisites

• Pre-Installation Checklist

Installing the System

• Configuring NetScaler Gateway

• Using the Configuration Utility

• Policies and Profiles on NetScaler Gateway

  • How Policies Work

  • Creating Policies on NetScaler Gateway

  • Configuring System Expressions

• Viewing NetScaler Gateway Configuration Settings

  • Saving the NetScaler Gateway Configuration

  • Clearing the NetScaler Gateway Configuration

• Configuring the NetScaler Gateway by Using Wizards

  • Configuring NetScaler Gateway with the First-time Setup Wizard

  • Configuring Settings with the Quick Configuration Wizard

  • Configuring Settings by Using the NetScaler Gateway Wizard

• Configuring the Host Name and FQDN on NetScaler Gateway

• Installing and Managing Certificates

  • Creating a Certificate Signing Request

  • Installing the Signed Certificate on NetScaler Gateway

  • Configuring Intermediate Certificates

  • Using Device Certificates for Authentication

  • Importing and Installing an Existing Certificate

  • Certificate Revocation Lists

• Testing Your NetScaler Gateway Configuration

• Creating Virtual Servers

  • To create additional virtual servers

  • Configuring Connection Types on the Virtual Server

  • Configuring a Listen Policy for Wildcard Virtual Servers

• Configuring IP Addresses on NetScaler Gateway

  • Changing or Deleting Mapped IP Addresses

  • Configuring Subnet IP Addresses

  • Configuring IPv6 for User Connections

• Resolving DNS Servers Located in the Secure Network

• Configuring DNS Virtual Servers

• Configuring Name Service Providers

• Configuring Server-Initiated Connections

• Configuring Routing on NetScaler Gateway

• Configuring Auto Negotiation

Authentication and Authorization

• Configuring Default Global Authentication Types

• Configuring Authentication Without Authorization

• Configuring Authorization

  • Configuring Authorization Policies

  • Setting Default Global Authorization

• Disabling Authentication

• Configuring Authentication for Specific Times

• How Authentication Policies Work

  • Configuring Authentication Profiles

  • Binding Authentication Policies

  • Setting Priorities for Authentication Policies

• Configuring Local Users

• Configuring Groups

  • Adding Users to Groups

  • Configuring Policies with Groups

• Configuring LDAP Authentication

  • To configure LDAP authentication by using the configuration utility

  • Determining Attributes in Your LDAP Directory

  • Configuring LDAP Group Extraction

  • Configuring LDAP Group Extraction for Multiple Domains

• Configuring Client Certificate Authentication

  • Configuring and Binding a Client Certificate Authentication Policy

  • Configuring Two-Factor Client Certificate Authentication

  • Configuring Smart Card Authentication

  • Configuring a Common Access Card

• Configuring RADIUS Authentication

  • To configure RADIUS authentication

  • Choosing RADIUS Authentication Protocols

  • Configuring IP Address Extraction

  • Configuring RADIUS Group Extraction

  • Configuring RADIUS user accounting

• Configuring SAML Authentication

  • To configure SAML authentication

  • Auth Improvements for SAML Authentication

• Configuring TACACS+ Authentication

  • Clear Config Basic Should Not Clear TACACS Config

• Configuring Multifactor Authentication

  • Configuring Cascading Authentication

  • Configuring Two-Factor Authentication

• Configuring Single Sign-On

  • Configuring Single Sign-On with Windows

  • Configuring Single Sign-On to Web Applications

  • Configuring Single Sign-On to a Domain

• Configuring One-Time Password Use

  • Configuring RSA SecurID Authentication

  • Configuring Password Return with RADIUS

  • Configuring SafeWord Authentication

  • Configuring Gemalto Protiva Authentication

• nFactor for NetScaler Gateway Authentication

• NetScaler Gateway Visualizer

• Configure Citrix Gateway to use RADIUS and LDAP Authentication with Mobile Devices

Configuring the VPN User Experience

• How User Connections Work with the NetScaler Gateway Plug-in

  • Establishing the Secure Tunnel

  • Operation Through Firewalls and Proxies

  • NetScaler Gateway Plug-in Upgrade Control

• Choosing the User Access Method

• Deploying NetScaler Gateway Plug-ins for User Access

• Selecting the NetScaler Gateway Plug-in for Users

  • Installing the NetScaler Gateway Plug-in for Windows

  • Deploying the NetScaler Gateway Plug-in from Active Directory

  • Connecting with the NetScaler Gateway Plug-in for Java

• Integrating the NetScaler Gateway Plug-in with Citrix Receiver

  • How User Connections Work with Citrix Receiver

  • Adding the NetScaler Gateway Plug-in to Citrix Receiver

  • Decoupling the Citrix Receiver Icon

  • Configuring IPv6 for ICA Connections

  • IConfiguring the Receiver Home Page on NetScaler Gateway

  • Applying the Receiver Theme to the Logon Page

  • Creating a Custom Theme for the Logon Page

• Customizing the User Portal

• Configuring Clientless Access

  • Enabling Clientless Access

  • How Clientless Access Policies Work

  • Configuring Domain Access for Users

  • Configuring Clientless Access for SharePoint 2003, SharePoint 2007, and SharePoint 2013

  • Enabling Clientless Access Persistent Cookies

  • Saving User Settings for Clientless Access Through Web Interface

• Configuring the Client Choices Page

  • Showing the Client Choices Page at Logon

  • Configuring Client Choices Options

• Configuring Access Scenario Fallback

  • Creating Policies for Access Scenario Fallback

• Configuring Connections for the NetScaler Gateway Plug-in

  • Configuring the Number of User Sessions

  • Configuring Time-Out Settings

  • Connecting to Internal Network Resources

  • Configuring Split Tunneling

  • Configuring Client Interception

  • Configuring Name Service Resolution

  • Enabling Proxy Support for User Connections

  • Configuring Address Pools

  • Supporting VoIP Phones

  • Configuring Application Access for the NetScaler Gateway Plug-in for Java

  • Configuring the Access Interface

• How a Traffic Policy Works

  • Creating a Traffic Policy

  • Removing Traffic Policies

• Configuring Session Policies

  • Creating a Session Profile

  • Binding Session Policies

• Configuring Endpoint Polices

  • How Endpoint Policies Work

  • Evaluating User Logon Options

  • Setting the Priority of Preauthentication Policies

  • Configuring Preauthentication Policies and Profiles

  • Configuring Post-Authentication Policies

  • Configuring Security Preauthentication Expressions for User Devices

  • Configuring Compound Client Security Expressions

• Advanced Endpoint Analysis Scans

  • Configuring Advanced Endpoint Analysis Scans

  • Advanced Endpoint Analysis Policy Expression Reference

  • Troubleshooting Advanced Endpoint Analysis scans

• Managing User Sessions

• AlwaysON

Configuring NetScaler Gateway

• NetScaler Gateway FAQ

Deploying in a Double-Hop DMZ

• Deploying NetScaler Gateway in a Double-Hop DMZ

• How a Double-Hop Deployment Works

• Communication Flow in a Double-Hop DMZ Deployment

  • Authenticating Users

  • Creating a Session Ticket

  • Starting Citrix Receiver

  • Completing the Connection

• Preparing for a Double-Hop DMZ Deployment

• Installing and Configuring NetScaler Gateway in a Double-Hop DMZ

  • Configuring Settings on the Virtual Servers on the NetScaler Gateway Proxy

  • Configuring the Appliance to Communicate with the Appliance Proxy

  • Configuring NetScaler Gateway to Handle the STA and ICA Traffic

  • Opening the Appropriate Ports on the Firewalls

  • Managing SSL Certificates in a Double-Hop DMZ Deployment

Using High Availability

• How High Availability Works

• Configuring Settings for High Availability

  • Creating or Changing an RPC Node Password

  • Configuring the Primary and Secondary Appliances for High Availability

• Configuring Communication Intervals

• Synchronizing NetScaler Gateway Appliances

• Synchronizing Configuration Files in a High Availability Setup

• Configuring Command Propagation

  • Troubleshooting Command Propagation

• Configuring Fail-Safe Mode

• Configuring the Virtual MAC Address

  • Configuring IPv4 Virtual MAC Addresses

  • Configuring IPv6 virtual MAC addresses

• Configuring High Availability Pairs in Different Subnets

  • Adding a Remote Node

• Configuring Route Monitors

  • Adding or Removing Route Monitors

• Configuring Link Redundancy

• Understanding the Causes of Failover

• Forcing Failover from a Node

  • Forcing Failover on the Primary or Secondary Node

  • Forcing the Primary Node to Stay Primary

  • Forcing the Secondary Node to Stay Secondary

Using Clustering

• Configuring Clustering

Maintaining and Monitoring the System

• Configuring Delegated Administrators

  • Configuring Command Policies for Delegated Administrators

  • Configuring Custom Command Policies for Delegated Administrators

• Configuring Auditing on NetScaler Gateway

  • Configuring Logs on NetScaler Gateway

  • Configuring ACL Logging

• Enabling NetScaler Gateway Plug-in Logging

• To monitor ICA connections

Accessing XenApp and XenDesktop Resources with the Web Interface

• Integrating NetScaler Gateway with XenApp or XenDesktop

• Establishing a Secure Connection to the Server Farm

• Deploying with the Web Interface

  • Deploying the Web Interface in the Secure Network

  • Deploying the Web Interface Parallel to NetScaler Gateway in the DMZ

  • Deploying the Web Interface Behind NetScaler Gateway in the DMZ

• Setting Up a Web Interface Site to Work

  • Web Interface Features

  • Setting Up a Web Interface Site

  • Creating a Web Interface 5.4 Site

  • Creating a Web Interface 5.3 Site

  • Adding XenApp and XenDesktop to a Single Site

  • Routing User Connections Through NetScaler Gateway

• Configuring Communication with the Web Interface

  • Configuring Policies for Published Applications and Desktops

  • Configuring Settings with the Published Applications wizard

  • Configuring the Secure Ticket Authority on NetScaler Gateway

• Configuring Additional Web Interface Settings on NetScaler Gateway

  • Configuring Web Interface Failover

  • Configuring Smart Card Access with the Web Interface

• Configuring Access to Applications and Virtual Desktops in the Web Interface

• Configuring SmartAccess

  • How SmartAccess Works for XenApp and XenDesktop

  • Configuring XenApp Policies and Filters

  • Configuring User Device Mapping on XenApp

  • Enabling XenApp as a Quarantine Access Method

  • Configuring XenDesktop for SmartAccess

• Configuring SmartControl

• Configuring Single Sign-On to the Web Interface

  • To configure single sign-on to Web applications globally

  • To configure single sign-on to Web applications by using a session policy

  • To define the HTTP port for single sign-on to web applications

  • Additional Configuration Guidelines

  • To test the single sign-on connection to the Web Interface

  • Configuring Single Sign-On to the Web Interface by Using a Smart Card

  • To configure single sign-on for XenApp and file shares

• Allowing File Type Association

  • Creating a Web Interface Site

  • Configuring NetScaler Gateway for File Type Association

Configuring Settings for Your XenMobile Environment

• Configuring Load Balancing Servers for XenMobile or Citrix Endpoint Management

• Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering

• Configuring XenMobile NetScaler Connector (XNC) ActiveSync Filtering

• Allowing Access from Mobile Devices with Citrix Mobile Productivity Apps

• Configuring Domain and Security Token Authentication for XenMobile

• Configuring Client Certificate or Client Certificate and Domain Authentication

RDP Proxy

• Stateless RDP Proxy

NetScaler Gateway Enabled PCoIP Proxy Support for VMware Horizon View

• Configuring NetScaler Gateway Enabled PCoIP proxy for VMWare Horizon View

• Configuring VMware Horizon View Connection Server

HDX Enlightened Data Transport Support

• When to Use Enlightened Data Transport Support

• Configuring NetScaler Gateway to Support Enlightened Data Transport

Microsoft Intune Integration

• When to Use the Integrated Intune MDM Solution

• Understanding the NetScaler Gateway-Intune MDM Integration

• Configuring Network Access Control device check for NetScaler Gateway virtual server for single factor authentication deployment

• Understanding Azure ADAL Token Authentication

• Configuring NetScaler Gateway Virtual Server for Microsoft ADAL Token Authentication

Outbound ICA Proxy support

• Configuring Outbound ICA Proxy