Product Documentation

Import a NetScaler Gateway

May 22, 2017

Remote access settings configured within the NetScaler administration console have to be identical to those configured in StoreFront. This article shows you how to import a NetScaler Gateway so that NetScaler and StoreFront are configured correctly to work together. 

Requirements

  • NetScaler 11.1.51.21 or higher is required to export multiple gateway vServers to a ZIP file. Note: NetScaler can only export gateway vServers created using the XenApp and XenDesktop wizard.
  • It must be possible for DNS to resolve, and for StoreFront to contact, all STA (Secure Ticket Authority) server URLs in the GatewayConfig.json file within the ZIP file generated by NetScaler.
  • The GatewayConfig.json file within the ZIP file generated by NetScaler has to contain the URL of an existing Citrix Receiver for Web site on the StoreFront server. NetScaler 11.1 and higher takes care of this by contacting the StoreFront server and enumerating all existing stores and Citrix Receiver for Web sites before generating the ZIP file for export.
  • StoreFront must be able to resolve the callback URL in DNS to the gateway VPN vServer IP address for authentication using the imported gateway to succeed.

The callback URL and port combination you use is usually the same as the gateway URL and port combination, as long as StoreFront can resolve this URL.

or

The callback URL and port combination may be different from the gateway URL and port combination if you use different external and internal DNS namespaces in your environment. If your gateway is located in a DMZ and uses a <example.com> URL and StoreFront is on your private corporate network and uses a <example.local> URL you may use a <example.local> callback URL to point back to the gateway vServer in the DMZ.

Import a NetScaler Gateway using the console

You can import one or multiple NetScaler Gateway appliances by importing a NetScaler configuration file.

Important

Citrix does not support manual editing of the configuration file exported from NetScaler.

  1. Select Stores in the left pane of the Citrix StoreFront management console, and in the Actions pane, click Manage NetScaler Gateways.
  2. On the Manage NetScaler Gateways screen, click the imported from file link.
localized image

3. Browse to the NetScaler Configuration ZIP file.

4. A list of gateway vServers from the selected ZIP file is displayed. Select the gateway vServer you want to import and click Import. If you are repeating an import of a vServer, the Import button displays as Update. If you choose Update, you will have the option later to overwrite or create a new gateway.

localized image

5. Review the logon type for the selected gateway and specify a callback URL if required. The logon type is the authentication method that you configured on the NetScaler Gateway appliance for Citrix Receiver users. Some logon types require callback URLs (see table).

  • Click Verify to check that the Callback URL is valid and reachable from the StoreFront server.
localized image

Logon type in console

LogonType in JSON file

Callback URL required

Domain

Domain

No

Domain and security token

DomainAndRSA

No

Security token

RSA

Yes

Smart card - no fallback

SmartCard

Yes

Smart card - domain

SmartCardDomain

Yes

Smart card - domain and security token

SmartCardDomainAndRSA

Yes

Smart card - security token

SmartCardRSA

Yes

Smart card - SMS authentication

SmartCardSMS

Yes

SMS authentication

SMS

Yes

If a callback URL is required, StoreFront will autofill Callback URL based on the gateway URL found in the ZIP file. You can change this to any valid URL that points back to the NetScaler Gateway vServer IP.

If you want to use Smart Access, a Callback URL is required.

6. Click Next.

7. StoreFront contacts all the STA (Secure Ticket Authorities) server URLs listed in the ZIP file using DNS, and validates that they are functional STA ticketing servers. The import will not continue if one or more of the STA URLs is invalid.

localized image

8. Click Next.

9. Review the details of the import. If a gateway with the same gateway URL and port combination (Gateway:port) already exists, use the drop-down to select a gateway to overwrite it, or create a new gateway.

localized image

StoreFront uses the GatewayURL:port combination to determine whether a gateway you are trying to import matches an existing gateway that you may wish to update. If a gateway has a different GatewayURL:port combination then StoreFront treats this as a new gateway. This table of gateway settings shows which settings you can update.

Gateway Setting

Can be updated

Gateway URL:Port Combination

No

GSLB URL

Yes

Netscaler Trust Certificate & Thumbprint

Yes

Callback URL

Yes

Receiver for Web Site URL

Yes

Gateway Address/VIP

Yes

STA URL and STA ID

Yes

All Logon Types

Yes

10. Click Import. If the StoreFront server is part of a server group, a message is displayed reminding you to propagate the imported gateway settings to the other servers in the group.

11. Click Finish.

To import another vServer configuration, repeat the steps above.

메모

The default gateway for a store is the gateway that native Citrix Receivers try to connect through unless they are configured to use a different gateway. If no gateways are configured for the store, the first gateway imported from the ZIP file will become the default gateway used by native Citrix Receivers. Importing subsequent gateways does not change the default gateway already set for the store.

Import multiple NetScaler Gateways using PowerShell

Read-STFNetScalerConfiguration

  • Copy the ZIP file to the desktop of the currently logged on StoreFront administrator.
  • Read the contents of the NetScaler ZIP file into memory and look at the three gateways it contains using their index values.
command 복사

$ImportedGateways = Read-STFNetScalerConfiguration -path "$env:USERPROFILE\desktop\GatewayConfig.zip"

View the three gateway objects in memory which were read in from the Netscaler ZIP import package using the Read-STFNetScalerConfiguration cmdlet.

command 복사

$ImportedGateways.Document.Gateways[0]

$ImportedGateways.Document.Gateways[1]

$ImportedGateways.Document.Gateways[2]

 

GatewayMode            : CVPN

CallbackUrl            :

GslbAddressUri         : https://gslb.example.com/

AddressUri             : https://emeagateway.example.com/

Address                : https://emeagateway.example.com:443

GslbAddress            : https://gslb.example.com:443

VipAddress             : 10.0.0.1

Stas                   : {STA298854503, STA909374257}

StaLoadBalance         : True

CertificateThumbprints : {F549AFAA29EBF61E8709F2316B3981AD503AF387}

GatewayAuthType        : Domain

GatewayEdition         : Enterprise

ReceiverForWebSites    : {Citrix.StoreFront.Model.Roaming.NetScalerConfiguration.ReceiverForWebSite}

 

GatewayMode            : CVPN

CallbackUrl            :

GslbAddressUri         : https://gslb.example.com/

AddressUri             : https://emeagateway.example.com/

Address                : https://emeagateway.example.com:444

GslbAddress            : https://gslb.example.com:443

VipAddress             : 10.0.0.2

Stas                   : {STA298854503, STA909374257}

StaLoadBalance         : True

CertificateThumbprints : {F549AFAA29EBF61E8709F2316B3981AD503AF387}

GatewayAuthType        : DomainAndRSA

GatewayEdition         : Enterprise

ReceiverForWebSites    : {Citrix.StoreFront.Model.Roaming.NetScalerConfiguration.ReceiverForWebSite}

 

GatewayMode            : CVPN

CallbackUrl            : https://emeagateway.example.com:445

GslbAddressUri         : https://gslb.example.com/

AddressUri             : https://emeagateway.example.com/

Address                : https://emeagateway.example.com:445

GslbAddress            : https://gslb.example.com:443

VipAddress             : 10.0.0.2

Stas                   : {STA298854503, STA909374257}

StaLoadBalance         : True

CertificateThumbprints : {F549AFAA29EBF61E8709F2316B3981AD503AF387}

GatewayAuthType        :SmartCard

GatewayEdition         : Enterprise

ReceiverForWebSites    : {Citrix.StoreFront.Model.Roaming.NetScalerConfiguration.ReceiverForWebSite}

Import-STFNetScalerConfiguration without specifying a CallbackURL

Copy the ZIP file to the desktop of the currently logged in StoreFront administrator.  Read in the NetScaler ZIP import package into memory and look at the three gateways it contains using their index values.

command 복사

$ImportedGateways = Read-STFNetScalerConfiguration -path "$env:USERPROFILE\desktop\GatewayConfig.zip"

Import three new gateways into StoreFront using the Import-STFNetScalerConfiguration cmdlet and specifying the gateway indexes you require.  Using the -Confirm:$False parameter prevents the Powershell GUI from prompting you to allow every gateway to be imported.  Remove this if you wish to carefully import one gateway at a time.

command 복사

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 0 -Confirm:$False

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 1 -Confirm:$False

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 2 -Confirm:$False

Import-STFNetScalerConfiguration specifying your own CallbackURL

Import three new gateways into StoreFront using the Import-STFNetScalerConfiguration cmdlet and specify a callback URL of your choice using the -callbackURL parameter.

command 복사

$ImportedGateways = Read-STFNetScalerConfiguration -path "$env:USERPROFILE\desktop\GatewayConfig.zip"

 

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 0 -CallbackUrl "https://emeagatewaycb.example.com:443 -Confirm:$False

 

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 1 -CallbackUrl "https://emeagatewaycb.example.com:444 -Confirm:$False

 

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 2 -CallbackUrl "https://emeagatewaycb.example.com:445 -Confirm:$False

Import-STFNetScalerConfiguration override the authentication method stored in the import file and specify your own CallbackURL

  • Import three new gateways into StoreFront using the Import-STFNetScalerConfiguration cmdlet and specify a callback URL of your choice using the -callbackURL parameter.
command 복사

$ImportedGateways = Read-STFNetScalerConfiguration -path "$env:USERPROFILE\desktop\GatewayConfig.zip"

 

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 0 -LogonType "SmartCard" -CallbackUrl "https://emeagatewaycb.example.com:443" -Confirm:$False

 

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 1 -LogonType "SmartCard" -CallbackUrl "https://emeagatewaycb.example.com:444" -Confirm:$False

 

Import-STFNetScalerConfiguration -Configuration $ImportedGateways -GatewayIndex 2 -LogonType "SmartCard" -CallbackUrl "https://emeagatewaycb.example.com:445" -Confirm:$False