Jump to content
Welcome to our new Citrix community!

Citrix Gateway license and advanced authentication policies


Recommended Posts

Hi all:

 

One of my customer has deployed a Citrix Gateway VPX 50. no ADC license. All the authentication policies are configured in classic expressions. If my customer want to upgrade to 13.1 OS version, is it a requirement to change the classic authentication policies to advanced policies? if advanced authentication policies is a must, is n-factor supported in a Citrix Gateway with no ADC license? Currently Citrix Gateway OS version is 12.1 57.18.

 

Thank you for your support.

Link to comment
Share on other sites

The old gateway only "gateway express" edition license doesn't exist anymore.

Gateway isn't supported in freemium edition at all - basically it is standard edition minus gateway.  To use gateway a standard edition or higher license is required.

 

Gateway is included in standard edition. Typically standard edition used to not include AAA authentication vserver capabilities which was a limiting factor for migrating to advanced authentication policies BUT the ability to integrate gateway with authentication vserver is possible (though not all nfactor feature are supported in standard edition):  See https://docs.citrix.com/en-us/citrix-gateway/current-release/authentication-authorization/nfactor-for-gateway-authentication.html  for more info. Specifically, this note:

Starting from release 13.0 build 67.x, nFactor authentication is supported with Standard license only for Gateway/VPN virtual server. In Standard license, the nFactor visualizer GUI cannot be used to create EPA in nFactor flow. Also, you cannot edit the login schema, but must use the out-of-the-box login schema as-is.

 

Finally, can you upgrade to 13.1 while still using classic policies on some of the gateway features (at least on 13.1.82.x)... I'm having trouble finding the article that lists exactly what is and isn't supported; but it really is just until you can migrate off.  Not sure on which build it is gone completely.

But any other questions about licensing options, will likely have to be between customer and customer care.

 

 

To use gateway you will need standard or higher licensing.  The ADC Express license does not include gateway/vpn vserver capabilities.

This will give you limited access to aaa authentication vservers to help with the transition to advanced policies but without all the capabilities of nfactor.

And while you might be able to use some classic policies still on 13.1; if you can go to a 13.0 release, finish your migration to advanced and then upgrade, you would likely have less issues.

 

Finally, I have no idea of your gateway express will be able to upgrade that would be a support question.

 

 

 

Link to comment
Share on other sites

3 hours ago, Nicolas Bautista Correa said:

Hi all:

 

One of my customer has deployed a Citrix Gateway VPX 50. no ADC license. All the authentication policies are configured in classic expressions. If my customer want to upgrade to 13.1 OS version, is it a requirement to change the classic authentication policies to advanced policies? if advanced authentication policies is a must, is n-factor supported in a Citrix Gateway with no ADC license? Currently Citrix Gateway OS version is 12.1 57.18.

 

Thank you for your support.

 

 

nFactor isn't working on VPX 50 Gateway License. In my Lab, I've uploaded an old VPX Express license additional to the VPX 50 license, than I was able to use the restricted nFactor for ADC Standard - but that's only for Lab-usage as it's not supported.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...