The deployment of the Secure Gateway depends on several factors, including which Citrix components you have in your enterprise network. The Secure Gateway is designed to work with Citrix XenApp.
If your enterprise network contains a server farm, you can deploy the Secure Gateway to provide secure Internet access to published resources. In such deployments, the Secure Gateway works with the Web Interface to provide authentication, authorization, and redirection to published resources hosted on a Citrix XenApp server.
To ensure that the security of the Secure Gateway is not compromised, Citrix recommends reserving servers for the exclusive use of the Secure Gateway.
Note: Citrix recommends setting up the Secure Gateway in a test environment before implementation to your production environment to make sure all of the features work correctly.
Place the Secure Gateway in the DMZ between two firewalls for maximum protection. In addition, physically secure the DMZ to prevent access to the firewalls and servers within the DMZ. A breach of your DMZ servers may, at best, create an annoyance in the form of downtime while you recover from the security breach.
Important: Citrix recommends that you configure your firewalls to restrict access to specific TCP ports only. If you configure your firewalls to allow access to TCP ports other than those used for HTTP, ICA, SSL, and XML data, you may allow users to gain access to unauthorized ports on the server.