Jump to content
Welcome to our new Citrix community!

Block access to Citrix Cloud resource to people outside of client's environment?


Gordon McWilliams

Recommended Posts

One of my clients hosts their Citrix/Azure environment in Citrix Cloud - so they use all kinds of Citrix resources for production.

 

They access their VDIs through clientname.cloud.com. Without the client hosting their own Netscalers, is there any way we can block outside access to the storefront, clientname.cloud.com?

 

It sounds like we can't - because the client does not actually own this resource, and currently every time they use it is technically from the same kind of "outside access" they refer to.

Link to comment
Share on other sites

  • 2 weeks later...

I don't think this is possible, without the use of an actual ADC appliance every connection to the Workspace URL (i.e. clientname.cloud.com) is treated as external by Workspace and the Gateway Service hosted in Citrix Cloud (the only exception to this statement is the Network Location Service), and the Gateway Service does not allow you to create any type of access policies.

 

Now, when you say "block outside access to the ...", do you mean you want to allow only internal users to be able to access and launch resources and therefore block external access for EVERYBODY? If this is the case, you can go through your Workspace Configuration -> Access -> Your Resource Location -> Configure Connectivity -> Internal Only

  • Like 1
Link to comment
Share on other sites

7 hours ago, Diego Acuna1709157179 said:

Now, when you say "block outside access to the ...", do you mean you want to allow only internal users to be able to access and launch resources and therefore block external access for EVERYBODY? If this is the case, you can go through your Workspace Configuration -> Access -> Your Resource Location -> Configure Connectivity -> Internal Only

 

This is exactly what I was looking for, thank you. What I'm wondering is how this will affect various stores we own. If I configure connectivity to be internal only, will it still allow those stores to connect to their VDAs? They are on various subnets across the USA.

Link to comment
Share on other sites

Mmm so just to make sure I understand, you currently manage multiple stores belonging to different subnets although they are all considered to be internal connections rights? are those subnets interconnected using L3 routing?

 

Let me go ahead and find out what exactly do we use to determine who is internal when configuring Workspace's connectivity as "internal only"

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...