Product Documentation

Configuring Connections to Applications Through NetScaler Gateway

Mar 25, 2014

If your users connect from a remote location, you can route the connection through NetScaler Gateway. Users can connect to mobile and enterprise web applications by using Worx Home or the NetScaler Gateway Plug-in. Some web applications require the use of the NetScaler Gateway Plug-in to establish the full VPN tunnel in order to access applications in the secure network.

If users connect with Worx Home and you also deploy Device Manager, when users start Worx Home for the first time, the devices is enrolled with Device Manager. When that occurs, Device Manager sends the NetScaler Gateway web address to Worx Home. After enrollment, connections from Worx Home route to NetScaler Gateway and then to the internal network.

To allow connections from iOS devices, you configure Secure Browse in NetScaler Gateway to allow VPN connections from these mobile devices. Users can connect with Worx Home. For more information about Secure Browse, see Allowing Access from Mobile Devices.

There are two steps for allowing connections to applications in the secure network through NetScaler Gateway:

  • Configuring NetScaler Gateway settings.
  • Specifying the application to accept connections from remote users.

To route user connections through NetScaler Gateway, you provide the following information:

  • Specify that NetScaler Gateway authenticates users. When you configure the first instance of NetScaler Gateway, this setting changes to Yes automatically. If you configure additional appliances, you manually configure the setting.
  • Alias for the appliance. This can be any name you choose. The alias validates the NetScaler Gateway certificate during callback to NetScaler Gateway. App Controller validates the NetScaler Gateway server certificate by using the callback fully qualified domain name (FQDN). This is an optional field.
  • Name for the appliance. This can be any name you choose.
  • FQDN for the callback URL that verifies that the request came from NetScaler Gateway. You use the same FQDN to which users connect. App Controller appends the FQDN automatically with the authentication service URL. For example, the URL appears as https://NetScalerGatewayFQDN/CitrixAuthService/AuthService.asmx. Configuring the callback URL is optional. If you do not add the callback URL, App Controller will not call back to NetScaler Gateway to verify the NetScaler Gateway session ID.
  • FQDN to which users connect, such as https://NetScalerGatewayFQDN.

You can specify multiple NetScaler Gateway appliances or different virtual servers configured on one appliance in App Controller.

Optionally, you can configure the following settings:

  • A logon type, that includes:
    • Domain only
    • Security token only
    • Domain and security token
    • Client certificate
    • Client certificate and domain
    • Client certificate and security token
  • No password requirement regardless of the logon type you choose.
  • An option to connect to StoreFront through a connection that first routes through App Controller and NetScaler Gateway, which proxies the connection. In this configuration, StoreFront resides behind App Controller.

You can select the mobile and web applications that require remote user connections through NetScaler Gateway. When you configure an application in App Controller, you select a check box that identifies that the mobile or web application is hosted in the internal network. This adds the VPN keyword to the application and allows the connection request through NetScaler Gateway.