Jump to content
Welcome to our new Citrix community!

CS policy for RemoteApp/RDS gateway on the Citrix Gateway vserver


Recommended Posts

Good morning,


I wanted to know if it was possible to direct all traffic to an internal RDS gateway (for RemoteApps) using a content policy on the vpn (gateway) vserver. With my current config, I can reach the RemoteApp web page, but when I launch an application - I get an error "Your computer can't connect to the Remote Desktop Gateway server".


Everthing works as expected internally.

If I forward SSL (tcp 443) traffic from the firewall to the private IP of the RDS gateway, it works.

If I forward SSL traffic to the Citrix Gateway private IP, I'm unable to launch the RemoteAPP applications.


Here are my configuration commands:


add server RDSGATE

add serviceGroup RemoteAPP_SVCGRP SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

add lb vserver lbvs-RemoteAPP SSL 0 -persistenceType SOURCEIP -timeout 5 -cltTimeout 180

add cs action "Send to lbvs-RemoteAPP" -targetLBVserver lbvs-RemoteAPP

add cs policy cs_pol_ssl_RemoteAPP -rule "HTTP.REQ.HOSTNAME.CONTAINS(\"rd.mydomain.ca\")" -action "Send to lbvs-RemoteAPP"

bind lb vserver lbvs-RemoteAPP RemoteAPP_SVCGRP

bind vpn vserver _XD_myapps.mydomain.ca -policy cs_pol_ssl_RemoteAPP -priority 80

bind serviceGroup RemoteAPP_SVCGRP RDSGATE 443

set ssl vserver lbvs-RemoteAPP -SNIEnable ENABLED

bind ssl serviceGroup RemoteAPP_SVCGRP -certkeyName 2019-wildcard.mydoamin.ca

bind ssl vserver lbvs-RemoteAPP -certkeyName 2019-wildcard.mydoamin.ca

set ns httpProfile nshttp_default_strict_validation -webSocket ENABLED

save ns config

I have similar CS policies bound to the vpn vserver for sending traffic to other internal servers based on hostnames, and they're working. 

I only have 1 public IP so I can't created a separate CS vserver, and this is a fremium version of the VPX Netscaler version 12.1 build 52.15.


Any help would be appreciated.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...