Netscaler: Gateway priority or QoS available? ICA before VPN traffic?

Rowen Gunn

Recommended Posts



Is there a way to priorities packets or a gateway on the Netscaler? We have a very active VPN with over 1k users and an ICA gateway with about 200 users. When our desktop team uses SCCM to patch VPN users we noticed the Citrix gateway CRAWLS the next few days.


So... is there a way to tell the Netscaler to prioritize a specific gateway or packets over others? I want the ICA traffic to always have priority over the VPN traffic if possible.

The vpn vserver/gateway itself doesn't have a traffic prioritization feature in this context.  Also, its not clear in your original scenario if the ADC is delivering both the vpn and the ICA Proxy/gateway config or if there is a separate vpn system (reads like latter; but wasn't sure).  IF these are two separate solutions, then the prioritzation at the ADC/gateway wouldn't do you any good.  


The only traffic prioritization feature on the ADC is the App QOE feature (advanced engine).  It would normally be applied to lb and cs vservers and doesn't apply to the vpn vserver directly (or traffic going through the vpn vserver) - that I'm aware of. 


The best way to implement prioritization or traffic throttling for ICA vs. non-ica traffic via the vpn tunnel would be  to use an external traffic prioritization/packet shaping system that would throttle the non-ica traffic/update traffic regardless of whether it goes via tunnel or not.  An SD-WAN WanOp or Enterprise could do this; but without an sd-wan, other packet priortization systems should work.   Traffic prioritization just isn't something the ADC does in the vpn context.  Ensuring proper gateway sizing, ssl resources, and bandwidth will help avoid issues.


If i'm wrong about the applicability of AppQOE, hopefully someone will clarify.



