Jump to content
Welcome to our new Citrix community!
  • Smart Access Basic Setup with ICA Proxy Enabled


    raydavis22rnd-1.jpg by Ray Davis

    One thing I've learned is that the Gateway vServer doesn’t really need ICA Proxy unchecked for what I am trying to do. I am not using EPA scans or anything advanced yet. But, you could do it to save a step later. Now I understand this may not be the best way, but sometimes you have to do what you need to do to secure things.

    0. Check the Trust Request on the Brokers and enable it if it’s not already enabled.


    1. Open POSH and add asnp citrix* and Run Get-brokersite. If it’s set to false, then run #3 command

    2. Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true


    3. Create a NetScaler gateway Dummy VIP (Some organizations don’t allow SF to talk back to the DMZ NetScaler’s vServer. If yours does, then use the current Gateway and ignore the dummy VIP/vServer.)


    Added IP and Port


    Add STA Brokers


    Added DNS Record.


    Go to StoreFront Servers > click on Manage Citrix Gateways


    Click edit


    Add the Call Back URL ( For me is the Dummy VIP I created)  Which resolved to a layer 2 IP address on the same Subnet as my Citrix Environment.


    Propagate changes on Storefront


    Go to the DDC, and create a policy. For me, I used the baked in one from Citrix called ” Security Control”

    • Remember the Allow or Deny mode is a bit confusing. "Allow" means that the settings in the policy are to be applied to the NetScaler Gateway connection.
    • "Deny" means the settings prohibiting something will not be applied to users connecting via Citrix Gateway.


    My bandwidth went up some when I applied more Security settings, Red is applying the filter, and green is off.






    Testing with it off (Deny the Policy


    Here are my local machine printers


    Now log into the VDA


    Now lets set the Filter to Allow (Allow the policy)


    Now log into the VDA – No printers from my local machine were able to come in.

    1. Remember this is a very basic setup, and it’s just to show what it can do. There is much more than what I am showing here.

    Then my research and questions on Slack (If you’re not on this, you’re missing out). A lot of really sharp guys on here.



    Just wanted to thank the Slack community for all the help along my way. So many talented people, and it's an amazing adventure.

    User Feedback

    Recommended Comments

    There are no comments to display.

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...