Product Documentation

Installing the Secure Gateway and Secure Gateway Proxy

Oct 09, 2015

In addition to describing the Secure Gateway and Secure Gateway Proxy installation and configuration processes, this section also explains how to move to the current version of Secure Gateway from an installed earlier version. It also presents how to use a firewall with Secure Gateway and Secure Gateway Proxy.

When Secure Gateway or Secure Gateway Proxy is installed on a supported 64-bit Windows operating systems, it installs in the 32-bit application location by default.

Important: You must have access to administrative privileges to install and configure the Secure Gateway and use the management tools. If User Account Control (UAC) is enabled, you must run the installer program in elevated mode; that is, with administrative privileges enabled.

Upgrading Secure Gateway or Secure Gateway Proxy

Upgrading from earlier versions of Secure Gateway or Secure Gateway Proxy is not supported. You must perform a fresh installation:

  1. Remove any installed Secure Gateway hotfix software packages.
  2. Remove the Secure Gateway or Secure Gateway Proxy software.
  3. Perform a fresh installation of Secure Gateway or Secure Gateway Proxy.

Using Firewall Software with the Secure Gateway or Secure Gateway Proxy

The firewall software included in your Microsoft Windows server operating system (such as Windows Firewall with Advanced Security) where the Secure Gateway or Secure Gateway Proxy is used might not automatically allow access to required ports. Non-Microsoft firewall software might also disallow port access by default.

Also, the Secure Gateway or Secure Gateway Proxy does not automatically create an exception to allow access to the default SSL port 443, the default Secure Gateway Proxy port 1080, or any port number you select when configuring the software.

Manually add or allow access to these ports to any firewall software you are using in your environment.

Installing the Secure Gateway or Secure Gateway Proxy

The Secure Gateway installer installs the Secure Gateway or the Secure Gateway Proxy. When installation is complete, the Secure Gateway Configuration wizard automatically starts so you can configure Secure Gateway.

The following steps outline the installation sequence of the Secure Gateway:
  • Install Citrix XenApp.
  • Install root and server certificates on the appropriate computers.
  • If using a double-hop DMZ, install the Secure Gateway Proxy in the second DMZ.
  • If you are securing communications between the Secure Gateway and the Secure Gateway Proxy, ensure you install a server certificate on the server running the Secure Gateway Proxy.
  • Install the Secure Gateway in the first, or only, DMZ.
Important: The Secure Gateway is designed to discover and verify the existence of the other Citrix components during configuration. For example, during configuration the Secure Gateway verifies that servers running the Web Interface and the Secure Ticket Authority (STA), if used, are functional. If a required component is not found, the Secure Gateway may fail to start. Ensure that you follow the recommended installation sequence.

The installation sequence must be in this order:

  1. Always install components within the secure network first.
  2. Optional. If your network contains a double-hop DMZ, install components in the second DMZ segment next.
  3. Install components in the first DMZ segment last.

To install the Secure Gateway or Secure Gateway Proxy

  1. On the installation media, click autorun.exe. The Autorun menu launches..
  2. Select Manually install components > Server Components > Secure Gateway.
  3. On the Welcome screen, click Next.
  4. Read and accept the license agreement, and then click Next.
  5. In Installation Mode, select Secure Gateway or Secure Gateway Proxy.
  6. To install the Secure Gateway components in the default destination path, click Next. To install these components in a different location, click Browse and then navigate to the folder you want to use.
  7. In Service Account, select the user account to determine credentials and privileges. Citrix recommends that you select an account that restricts privileges.
  8. Click Next and follow the instructions in the wizard to complete installation.
  9. After installing the Secure Gateway, configure it as described in Configuring Firewalls for the Secure Gateway.

To uninstall the Secure Gateway

  1. Exit any applications running on the server.
  2. Open the Control Panel and click Programs and Features.
  3. Select Secure Gateway and click Uninstall.