Jump to content
Welcome to our new Citrix community!

Pre-installation of Netscaler Gateway Plugin and End Point Analysis Plugin

Recommended Posts

Looking at the setup of the Netscaler Gateway on Netscaler VPX I see you can be 
presented with a menu to either download a plugin or to enter via SSL without

a client. My question is: can you push the NS Gateway plugin and Endpoint plugin

to users' PC's as opposed to their downloading via their browser? The users

generally do not have permission to install software on their laptops. 

Thank you for any insight.

Link to comment
Share on other sites

Unfortunately I didn't fully get what you want to do. So I explain all possible scenarioa.


Gateway has several methods of deployment (they may get mixed on the same gateway):

  1. ICA/HDX proxy with/without endpoint analysis
  2. clientless access to HTTP(s) based applications, also referred as myroVPN
  3. full VPN access via Citrix gateway plugin
  4. "full" VPN access via client for Java

Number 1 and 2 do not need a VPN client, so no need to install a plug-in. However, number 1 either needs the Workspace App (so the ICA client, online-plugin, ...) installed, or you may use the HTML 5 client (with restrictions about mapping client devices like printers or drives). Number 2 allows connections to applications like OWA, SharePoint or any other web-application hosted inside your save LAN. If you add endpoint analysis, you have to install the EPA plugin. The EPA plugin does not require administrative privileges.


Number 3 requires Citrix Gateway Plug-in for your operating system (Windows, Mac, Linux, clients for Android and iOS are available on the respective stores). It may be rolled out via website, or via any other software deployment, see https://docs.citrix.com/en-us/citrix-gateway/current-release/vpn-user-config/users-deploy-strategy.html

Number 4 is not a full VPN, as it does not allow any UDP traffic, needs completely different policies as number 3. I would generally avoid it (as I hate Java, the answer to all problems we never had, but brings malware and Oracle into the picture)

Greetings from Austria


Johannes Norz



  • Like 2
Link to comment
Share on other sites

Yes:  https://docs.citrix.com/en-us/citrix-gateway/current-release/vpn-user-config/ng-plugin-select-type/ng-connect-ng-plugin-deploy-from-active-directory-tsk.html

This article while dated, may also have some information, though some paths may have changed:  https://support.citrix.com/article/CTX124649

And while this article is about a specific error, it does not the vpn client paths (for MAC) for 12.1 and 13 (which might be useful if any of the paths have changed:  https://support.citrix.com/article/CTX263458  (The issue isn't relevant, but the paths referenced may be.)


Here's an example in the admin guide.

You can grab the gateway plugin install file and use AD or other tools to deploy the client to endpoints with the appropriate admin rights.


clientless access only no vpn client needed.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...