Jump to content
Welcome to our new Citrix community!

F5 / ica proxy config & storefront

david brown1709155931

Recommended Posts



i am attempting to configure F5 as a ica proxy. are there any gotchas re storefront configuration. do i simply configure the gateway settings as if it was a Netscaler ?


the xenapp environment does not have internet access and the F5 are proxing connections across mpls what should i use as beacons ?






Link to comment
Share on other sites

  • 2 years later...
On 2/12/2018 at 10:20 AM, Carl Stalhood1709151912 said:

Configure StoreFront like F5 APM is a NetScaler Gateway.


Internal beacon should only be reachable internally. Note: some F5 builds mess with the Internal Beacon.

@Carl: What do you recall F5 APM doing with the Internal Beacon? I am seeing Storefront sending the manually configured Internal Beacon (as expected), but then APM is adding the Service URL as an additional Internal Beacon.  So Receiver/WorkSpace is getting 2 Internal Beacons to probe.  Is this similar to what you have eperienced?

Link to comment
Share on other sites

4 minutes ago, Carl Stalhood1709151912 said:

It was adding a suffix to my beacon that already had a suffix.

@Carl.....with the internal Beacon, if the URL is resolvable, does the Receiver client do a GET or HEAD to that URL, or is it only doing name resolution?

Link to comment
Share on other sites

1 hour ago, Carl Stalhood1709151912 said:

It's definitely doing a request. There used to be a problem with DNS resolution only due to DNS resolvers that resolve all non-existing names to advertisements or search pages.

Is there any reason that APM would add the Service URL as an additional Internal Beacon if StoreFront is explicitly configured for a custom user defined Internal Beacon?

Link to comment
Share on other sites

On 12/2/2020 at 1:37 PM, Carl Stalhood1709151912 said:

No idea. Make sure you're running a recent F5 build. Otherwise you'll have to talk to F5 Support.

Do you know what a successful Internal Beacon "probe response" is? 


Meaning a Citrix Workspace client will send "HEAD / USER-AGENT: CITRIXRECEIVER HOST:fqdn" to the IP of the resolved internal beacon name.

If the Internal Beacon is left as default (service URL) and accessible, SF then responds "302 Redirect /Citrix/STORE_NAMEweb". 

The client then sends "HEAD /Citrix/STORE_NAMEweb USER-AGENT: CITRIXRECEIVER and HOST:fqdn".

SF responds "200 OK"


But what if the internal beacon FQDN is changed to something else; what type of HTTP response is considered valid?  

200 OK

302 Redirect




Link to comment
Share on other sites

3 minutes ago, Carl Stalhood1709151912 said:

I assume anything less than 400 is OK but you'd have to test it. I'm not aware of any documentation for this.

That seems fairly accurate in my tests.  Different 2xx and 3xx seemed successful and the client continued conection to the internal Base url.  404 made the client connect externally.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...