Product Documentation

Secure communications

Jun 19, 2017

To secure the communication between XenDesktop Sites or XenApp server farms and Citrix Receiver for Windows, you can integrate your Citrix Receiver for Windows connections using security technologies such as the following:

  • Citrix NetScaler Gateway. For information, refer to topics in this section as well as the NetScaler Gateway, and StoreFront documentation.
    Note: Citrix recommends using NetScaler Gateway to secure communications between StoreFront servers and user devices.
  • A firewall. Network firewalls can allow or block packets based on the destination address and port. If you are using Citrix Receiver for Windows through a network firewall that maps the server's internal network IP address to an external Internet address (that is, network address translation, or NAT), configure the external address.
  • Trusted server configuration.
  • For XenApp or Web Interface deployments only; not applicable to XenDesktop 7: A SOCKS proxy server or secure proxy server (also known as security proxy server, HTTPS proxy server). You can use proxy servers to limit access to and from your network and to handle connections between Receiver and servers. Receiver supports SOCKS and secure proxy protocols.
  • For XenApp or Web Interface deployments only; not applicable to XenDesktop 7, XenDesktop 7.1, XenDesktop 7.5, or XenApp 7.5: SSL Relay solutions with Transport Layer Security (TLS) protocols.
  • For XenApp 7.6 and XenDesktop 7.6, you can enable an SSL connection directly between users and VDAs.

Citrix Receiver for Windows is compatible with and functions in environments where the Microsoft Specialized Security - Limited Functionality (SSLF) desktop security templates are used. These templates are supported on various Windows platforms. Refer to the Windows security guides available at for more information about the templates and related settings.