Create a single FQDN used internally and externally
You can create a single fully qualified domain name (FQDN) that can access a store directly from within your corporate network and remotely via a Citrix Gateway.
In the following document, it uses as examples:
https://storefront.example.comas the single URL used for users to access StoreFront. When inside the network it resolves to the StoreFront server or load balancer. When outside the network it resolves to the gateway.
https://storefrontcb.example.comas the callback url. This resolves internally to the gateway. This is only required for smart access or password-less authentication.
Server Group base URL
Change the base URL to be the single URL. See Change the base URL for a deployment.
StoreFront beacons for Citrix Workspace app
Locally installed Citrix Workspace app attempts to contact beacon points and uses the responses to determine whether users are connected to local or public networks.
By default, StoreFront uses the server group base URL as the internal beacon URL. In this configuration, the same URL is valid both internally and externally so cannot be used as a beacon. Therefore, you must set the internal beacon to a URL that you know is only accessible internally.
See Configure beacon.
- storefront.example.com resolves to the externally facing IP of the Citrix Gateway Virtual Server.
- storefront.example.com resolves to the storefront load balancer or single StoreFront server IP.
- storefrontcb.example.com resolves to the gateway vServer VIP. If a firewall exists between the DMZ and the enterprise local network, allow for this.