APM and Citrix secure gateway

Question

Hi, &nbsp;
I've an LTM and doing APM with http profil.&nbsp;
All work fine for authentication, but If I want to use an ica application ssl embedded by the CSG it break because it wasn't http.&nbsp;
This is work if I want to make working citrix application in the portal : &nbsp;
when CLIENTSSL_HANDSHAKE {&nbsp;
  SSL::collect 4&nbsp;
  HTTP::disable&nbsp;
  }  &nbsp;
when CLIENTSSL_DATA {&nbsp;
     if { ([SSL::payload 4] equals  "GET" )} {&nbsp;
      HTTP::enable&nbsp;
      }  else {&nbsp;
  HTTP::disable&nbsp;
   }&nbsp;
  }&nbsp;
But I lose APM first ? How can I force my VS or my irules to first use the APM and then disable http profil?&nbsp;
Best regards
Emmanuel&nbsp;

kevin_stewart · Answer

Not sure if this will help, but the following worked for me on a recent project:
when CLIENTSSL_HANDSHAKE {
    SSL::collect
}
when CLIENTSSL_DATA {
     disable the HTTP profile for ICA/CGP traffic
    if { [SSL::payload] contains "CGP/" } {
        HTTP::disable
    }
    SSL::release
}

Forum Discussion

APM and Citrix secure gateway

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Related Content

Solution for Citrix Optimal Gateway Routing

Modern Deployment and Security Strategies for Kubernetes with NGINX Gateway Fabric

Quarterly Security Notification October 2025

Resolve Citrix Secure Ticket Authority (STA)

Extract Citrix Secure Ticket Authority (STA)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS