Jump to content
Welcome to our new Citrix community!
  • 0

XenMobile 10.09 SecureWeb with Proxy


Question

Hi all,

 

we have some issues with secureweb an our proxy.

We have set up a LoadBalancer for our proxy on our NetScaler. Background we have two Proxy Forwarder (Linux Server) in the internal DMZ. They should forward the traffic to the internal proxy.

To use the proxy, traffic policys are used. These point to the loadbalancer.

We get the message "HTTP/1.1 Gateway Timeout" in SecureWeb.

In the old XenMobile/SecureWeb versions there was the possibility of complete vpn tunnel and secure browse.  Which mode must be used to talk about a traffic policy with the proxy ?

Greetings
Alex

 

 

UPDATE

 

We had an issue in traffic policy profile configuration. The Destination port was incorrect, after editing that everything works.

 

Now we have another issue... we want to allow only https sites... 

 

We solved that by limiting the traffic policy to 443.

no distinction should be made here between internal and external pages. The problem is if you type for example google.de into the address bar you get an error message, because secureweb is set to http by default and that will be blocked. 

Is there a possibility that entries in the address line are automatically searched at https://googel.de ?

 

 

best regards

Alex

 

Link to comment

7 answers to this question

Recommended Posts

  • 0
On 26.4.2019 at 11:39 PM, Alessandro Miotto Marques1709152314 said:

Thanks to share.

We're planning to set traffic policies to proxy Secure Web in a customer here.

 

They are using Full VPN on MDX settings now, do you have any refer that explain how to create traffic policies to this scenario?

 

Thanks!

Hi Alessandro,

 

here is a guide for setting up traffic policys for secureweb.

 

https://www.citrix.com/blogs/2015/07/29/mobility-experts-xenmobile-worxweb-traffic-through-proxy-server-in-securebrowse-mode/

 

best regards

Alex

Link to comment
  • 0
1 hour ago, Alexander Koch1709157616 said:

Hi Alessandro,

 

here is a guide for setting up traffic policys for secureweb.

 

https://www.citrix.com/blogs/2015/07/29/mobility-experts-xenmobile-worxweb-traffic-through-proxy-server-in-securebrowse-mode/

 

best regards

Alex

Hi Alex.

 

Did you use names like WorxMail and WorxWeb or the newer names when did you create the policy expressions in NS?

 

 

Thank you

Alessandro

Link to comment
  • 0
8 minutes ago, Alessandro Miotto Marques1709152314 said:

Hi Alex.

 

Did you use names like WorxMail and WorxWeb or the newer names when did you create the policy expressions in NS?

 

 

Thank you

Alessandro

 

Hi Alessandro,

 

please use the names WorxMail and WorxWeb like in the guide.

I think with other Names the Policys doesnt work.

 

The guide is a little bit older, but works fine. We have also policys with WorxMail and WorxWeb in it.

 

best regards

Alex

 

 

 

Link to comment
  • 0
4 hours ago, Alexander Koch1709157616 said:

 

Hi Alessandro,

 

please use the names WorxMail and WorxWeb like in the guide.

I think with other Names the Policys doesnt work.

 

The guide is a little bit older, but works fine. We have also policys with WorxMail and WorxWeb in it.

 

best regards

Alex

 

 

 

Hi Alexander.

 

Thank you!

It worked, but I did need to add the policies expressions above to proxy Android devices:

 

add vpn trafficPolicy policy_ProxyHttp "(REQ.HTTP.HEADER User-Agent CONTAINS Mozilla || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser.droid || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser || REQ.HTTP.HEADER User-Agent CONTAINS WorxWeb) && REQ.TCP.DESTPORT == 80" Traffic_Profile_Http_Https

 

add vpn trafficPolicy policy_ProxyHttps "(REQ.HTTP.HEADER User-Agent CONTAINS Mozilla || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser.droid || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser || REQ.HTTP.HEADER User-Agent CONTAINS WorxWeb) && REQ.TCP.DESTPORT == 443" Traffic_Profile_Http_Https

Link to comment
  • 0
15 hours ago, Alessandro Miotto Marques1709152314 said:

Hi Alexander.

 

Thank you!

It worked, but I did need to add the policies expressions above to proxy Android devices:

 

add vpn trafficPolicy policy_ProxyHttp "(REQ.HTTP.HEADER User-Agent CONTAINS Mozilla || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser.droid || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser || REQ.HTTP.HEADER User-Agent CONTAINS WorxWeb) && REQ.TCP.DESTPORT == 80" Traffic_Profile_Http_Https

 

add vpn trafficPolicy policy_ProxyHttps "(REQ.HTTP.HEADER User-Agent CONTAINS Mozilla || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser.droid || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser || REQ.HTTP.HEADER User-Agent CONTAINS WorxWeb) && REQ.TCP.DESTPORT == 443" Traffic_Profile_Http_Https

 

Hi Alessandro,

 

I'm glad to hear the guide was helpful.
do you have an article about the two steps you had to set up for Android ?

This was not known to me yet.
Before you set it up SecureWeb only worked properly on iOS and Android failed ?

 

best regards

Alex

 

Link to comment
  • 0
7 hours ago, Alexander Koch1709157616 said:

 

Hi Alessandro,

 

I'm glad to hear the guide was helpful.
do you have an article about the two steps you had to set up for Android ?

This was not known to me yet.
Before you set it up SecureWeb only worked properly on iOS and Android failed ?

 

best regards

Alex

 

Hi Alex,

 

We just tested with Android, and without "REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser.droid" it didn't work.

 

Thank you!

 

Alessandro Marques

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...