Product Documentation

How Clientless Access Policies Work

Feb 05, 2014

You configure clientless access to web applications by creating policies. You can configure the settings for a clientless access policy in the configuration utility. A clientless access policy is composed of a rule and a profile. You can use the preconfigured clientless access policies that come with NetScaler Gateway. You can also create your own custom clientless access policies.

NetScaler Gateway provides preconfigured policies for the following:

  • Outlook Web Access and Outlook Web App
  • SharePoint 2007
  • All other Web applications

Keep in mind the following characteristics of the preconfigured clientless access policies:

  • They are configured automatically and cannot be changed.
  • Each policy is bound at the global level.
  • Each policy is not enforced unless you enable clientless access either globally or by creating a session policy.
  • You cannot remove or modify global bindings, even if you do not enable clientless access.

Support for other web applications depends on the level of rewrite policies you configure on NetScaler Gateway. Citrix recommends testing any custom policies that you create to ensure that all components of the application rewrite successfully.

If you allow connections from Receiver for Android, Receiver for iOS, or WorxHome, you must enable clientless access. For WorxHome that runs on an iOS device, you must also enable Secure Browse within the session profile. Secure Browse and clientless access work together to allow connections from iOS devices. You do not have to enable Secure Browse if users do not connect with iOS devices.

The Quick Configuration wizard configures the correct clientless access policies and settings for mobile devices. Citrix recommends running the Quick Configuration wizard to configure the correct policies for connections to StoreFront and App Controller.

You can bind custom clientless access policies either globally or to a virtual server. If you want to bind clientless access policies to a virtual server, you need to create a new custom policy and then bind it. To enforce different policies for clientless access either globally or for a virtual server, change the priority number of the custom policy so it has a lower number than the preconfigured policies, thereby giving the custom policy higher priority. If no other clientless access policies are bound to the virtual server, the preconfigured global policies take precedence.

Note: You cannot change the priority numbers of the preconfigured clientless access policies.