Install and Configure Citrix Secure Gateway

Overview

This is the eighth post in the Installing and Configuring Citrix XenApp 6.5 Series:

  1. Install and Configure Citrix XenApp Licensing
  2. Install and Configure Citrix XenApp 6.5
  3. Configure Web Interface for Citrix XenApp 6.5
  4. Publishing Applications with Citrix XenApp 6.5
  5. Install and Configure Profile Management for Citrix XenApp 6.5
  6. Add Servers to a XenApp 6.5 Farm
  7. Configure Pass-through Authentication for Citrix XenApp 6.5
  8. Install and Configure Citrix Secure Gateway (this post)

Contents

This post contains the following sections:

Prerequisites for Citrix Secure Gateway

  1. As this server (CTXGW01) will be in a DMZ and is not joined to the vilab.local domain, you will need to add entries for all other XenApp servers (CTXXA01 and CTXXA02) in the hosts file (c:\windows\System32\drivers\etc\hosts):
    Install-and-Configure-Citrix-Secure-Gateway_012
  2. Once you’ve made the changes to the hosts file (you may need to Run as Administrator when starting your favourite text editor to allow saving), it’s a good idea to test connectivity using ping:
    Install-and-Configure-Citrix-Secure-Gateway_013
  3. Import an SSL certificate into the Local Computer > Personal > Certificates folder (make sure corresponding Intermediate and Root certificates are present too): Install-and-Configure-Citrix-Secure-Gateway_016

Installing Citrix Secure Gateway

  1. Insert the XenApp DVD or attach the ISO file to start the installation.
  2. Select Manually install components:
    Install-and-Configure-Citrix-Secure-Gateway_001
  3. Select Common Components:
    Install-and-Configure-Citrix-Secure-Gateway_002
  4. Select Secure Gateway:
    Install-and-Configure-Citrix-Secure-Gateway_003
  5. Click Next at the Welcome Screen:
    Install-and-Configure-Citrix-Secure-Gateway_004
  6. Accept the License Agreement:
    Install-and-Configure-Citrix-Secure-Gateway_005
  7. Select Secure Gateway:
    Install-and-Configure-Citrix-Secure-Gateway_006
  8. Select Destination Folder:
    Install-and-Configure-Citrix-Secure-Gateway_007
  9. Select Network Service:
    Install-and-Configure-Citrix-Secure-Gateway_008
  10. Review your choices, then click Next to start installation:
    Install-and-Configure-Citrix-Secure-Gateway_009
  11. Once installation is complete, click Finish:
    Install-and-Configure-Citrix-Secure-Gateway_010
  12. Click OK to start the Secure Gateway Configuration Wizard:
    Install-and-Configure-Citrix-Secure-Gateway_011

Configuring Citrix Secure Gateway

  1. Click OK at the Welcome Screen:
    Install-and-Configure-Citrix-Secure-Gateway_014
  2. Select Advanced for the Configuration type:
    Install-and-Configure-Citrix-Secure-Gateway_015
  3. Select the SSL certificate you imported earlier:
    Install-and-Configure-Citrix-Secure-Gateway_017
  4. Configure the secure protocol settings:
    Install-and-Configure-Citrix-Secure-Gateway_018
  5. Choose the port and which IP addresses will listen for connections:
    Install-and-Configure-Citrix-Secure-Gateway_019
  6. Configure outbound connections:
    Install-and-Configure-Citrix-Secure-Gateway_020
  7. Click Add to select your STA server(s):
    Install-and-Configure-Citrix-Secure-Gateway_021
  8. As the first XenApp server we installed has IIS Port Sharing enabled, we can use the default port 80:
    Install-and-Configure-Citrix-Secure-Gateway_022
  9. The second XenApp server is using port 8080:
    Install-and-Configure-Citrix-Secure-Gateway_023
  10. Click Next once all your servers have been added:
    Install-and-Configure-Citrix-Secure-Gateway_024
  11. Configure the connection timeout and concurrent connection limits:
    Install-and-Configure-Citrix-Secure-Gateway_025
  12. Exclude devices from logging if needed:
    Install-and-Configure-Citrix-Secure-Gateway_026
  13. Enter the FQDN of your Web Interface server, and select Access options:
    Install-and-Configure-Citrix-Secure-Gateway_027
  14. Select a logging level. Default is best:
    Install-and-Configure-Citrix-Secure-Gateway_028
  15. Click Finish to Start the Secure Gateway:
    Install-and-Configure-Citrix-Secure-Gateway_029

Configuring Web Interface for Citrix Secure Gateway

  1. Open the Citrix Web Interface Management console.
  2. With your XenApp Web Site selected, select Secure Access in the Actions panel:
    Install-and-Configure-Citrix-Secure-Gateway_032
  3. We need to change the Access method from Direct to Gateway Direct, so select the Default entry, then click Edit:
    Install-and-Configure-Citrix-Secure-Gateway_033
  4. Select Gateway direct from the drop-down menu, then click OK:
    Install-and-Configure-Citrix-Secure-Gateway_034
  5. Click Next:
    Install-and-Configure-Citrix-Secure-Gateway_035
  6. Specify the external FQDN for your Secure Gateway server – this should be resolvable outside your internal network. Click Next:
    Install-and-Configure-Citrix-Secure-Gateway_036
  7. Click Add and add the same servers you entered when installing Secure Gateway. Make sure they’re added in the same order too:
    Install-and-Configure-Citrix-Secure-Gateway_037
  8. Once you’ve added your STA servers, click Finish:
    Install-and-Configure-Citrix-Secure-Gateway_038
  9. Do the same steps above for the XenApp Services Site:
    Install-and-Configure-Citrix-Secure-Gateway_039

Comments

  1. Hi, Where you import a certificate in, where did you get this certificate from? Was it a local CA or off the net?
    Regards
    TK

  2. Isn’t the STA for server ctxxa02 be running on port 8080? Then screen shot under #8 needs to be updated. (Step 7, 8 http://ctxxa02:8080/Scripts/CtxSTA.dll)

    That screenshot needs to get updated

  3. Marc W says:

    What about wild card certs? Is there a special way to apply them for Citrix?