Product Documentation

Applying Policies to Access Gateway Connections

Oct 09, 2015

You can create a policy that is applied to Access Gateway connections or to Access Gateway connections with certain properties.

You can create Citrix policies to accommodate different access scenarios based on factors such as authentication strength, logon point, and client device information such as endpoint analysis. You can selectively enable client-side drive mapping, cut and paste functionality, and local printing based on the logon point used to access the published application.

Prerequisites for Filtering on Access Gateway Connections

For Citrix XenApp to filter on Access Gateway connections, you must complete all of the following:
  • Create one or more filters within Access Gateway. See the Access Gateway section of Citrix eDocs for more information about creating filters.
    Note: You must be using Access Gateway Advanced Edition (Version 4.0 or later) or Access Gateway Enterprise Edition (Version 9.1 or later) to create filters that work with XenApp.
  • For published applications, select Allow connections made through Access Gateway Advanced Edition in the application properties.
  • Ensure that your farm is configured to allow Access Gateway connections, which it is by default.
  • Create a Computer policy within XenApp that has the Trust XML requests policy setting enabled.
  • Create a User policy within XenApp that includes a filter referencing Access Gateway filters.

To apply a policy filter based on Access Gateway connections

  1. Depending on the console you use to manage Citrix policies:
    • From the Delivery Services Console, select the Policies node in the left pane and then select the User tab in the middle pane.

    • From the Group Policy Editor, under User Configuration in the left pane, select the Citrix Policies node.

  2. Select an existing User policy or create a new User policy.
  3. Follow the policy wizard to the filters page or click the Filters tab in the middle pane of the console.
  4. Select Access Control and then click Add.
  5. Click Add to configure the filter.
  6. Select With Access Gateway.
  7. To apply the policy to connections made through Citrix Access Gateway without considering Access Gateway policies, accept the default entries in the AG farm name and Access condition fields.
  8. To apply the policy to connections made through Citrix Access Gateway based on existing Access Gateway policies, perform the following actions:
    1. In AG farm name, enter one of the following items:
      • If using Access Gateway Advanced Edition, enter the name of the Access Gateway farm.
      • If using Access Gateway Enterprise Edition, enter the virtual server name of the Access Gateway appliance.
    2. In Access condition, enter one of the following items:
      • If using Access Gateway Advanced Edition, enter the name of the Access Gateway filter for XenApp to use.
      • If using Access Gateway Enterprise Edition, enter the name of the endpoint session policy for XenApp to use.
      Important: XenApp does not validate Access Gateway farm, server, and filter names, so always verify this information with the Access Gateway administrator.
  9. To apply the policy to every connection except those made through Access Gateway, in the Mode list box, select Deny. The filter's mode tells XenApp whether or not to apply the policy to connections that match the filter criteria. Selecting Deny tells XenApp to apply the policy to connections that do not match the filter criteria.