Product Documentation

Configuring the Secure Mobile Gateway XML File

Sep 27, 2015

Secure Mobile Gateway uses an XML configuration file to guide its actions. Among other entries, the file specifies the group files and associated actions the filter will take when evaluating HTTP requests. By default, the file is named config.xml and can be found at the following location: ..\Program Files\Citrix\Secure Mobile Gateway\config\.

GroupRef Nodes

The GroupRef nodes define the logical group names - by default, the AllowGroup and the DenyGroup.
Note: The order of the GroupRef nodes as they appear in the GroupRefList node is significant.

The id value of a GroupRef node identifies a logical container or collection of members that are used for matching specific user accounts or devices. The action attributes specifies how the filter will treat a member that matches a rule in the collection. For example, a user account or device that matches a rule in the AllowGroup set will "pass" (be allowed to access the Exchange CAS), while a user account or device that matches a rule in the DenyGroup set will be "rejected" (not allowed to access the Exchange CAS).

When a particular user account/device or combination meets rules in both groups, a precedence convention is used to direct the request's outcome. Precedence is embodied in the order of the GroupRef nodes in the config.xml file from top to bottom. The GroupRef nodes are ranked in priority order. Thus, the nodes shown in the figure above (which depicts the default order) are such that rules for a given condition in the Allow group will always take precedence over rules for the same condition in the Deny group.

Group Nodes

Additionally, the config.xml defines Group nodes. These nodes link the logical containers AllowGroup and DenyGroup to external XML files. Entries stored in the external files form the basis of the filter rules.
Note: In this release, only external XML files are supported.

The default installation implements two XML file in the configuration - allow.xml and deny.xml.