Create a single FQDN used internally and externally

You can create a single fully qualified domain name (FQDN) that can access a store directly from within your corporate network and remotely via a Citrix Gateway.

In the following document, it uses as examples:

  • as the single URL used for users to access StoreFront. When inside the network it resolves to the StoreFront server or load balancer. When outside the network it resolves to the gateway.
  • as the callback url. This resolves internally to the gateway. This is only required for smart access or password-less authentication. You must ensure that the certificate on the gateway includes this address as a SAN, use a wildcard certificate.

Server Group base URL

Change the base URL to be the single URL. See Change the base URL for a deployment.

StoreFront beacons for locally installed Citrix Workspace app

Locally installed Citrix Workspace app attempts to contact beacon points and uses the responses to determine whether users are connected to local or public networks.

By default, StoreFront uses the server group base URL as the internal beacon URL. In this configuration, the same URL is valid both internally and externally so cannot be used as a beacon. Therefore, you must set the internal beacon to a URL that you know is only accessible internally.

See Configure beacon.

External DNS

  • resolves to the externally facing IP of the Citrix Gateway Virtual Server.

Internal DNS

  • resolves to the storefront load balancer or single StoreFront server IP.
  • resolves to the gateway vServer VIP. If a firewall exists between the DMZ and the enterprise local network, allow for this.
Create a single FQDN used internally and externally