F5 iApp Citrix XenApp and XenDesktop with APM Ica proxy (no direct nat)

Hello,

 

I am very new to this forum, since I couldn't find an answer for my question I decided to create a question.

 

The situation is as follows:

 

We have a XenApp 7.6 Environment with StoreFront 2.6.

 

Currently all citrix servers have a NAT translation with altipaddress configured to allow users from another network to connect to the citrix farm via storefront.

 

The NAT is not very transparent and flexible. If we add a Citrix server to the farm we need to add new NAT rules and things like that. It takes away the flexibility of our environment.

 

So we decided to buy the APM module for Citrix XenApp. We've updated to the last versions so everything is supported. The reason why we chose the APM module is that we need ICA Proxy'ing to get rid of the NAT translations for ALL of the Citrix servers.

 

Now while setting up the iApp we discovered that if we select the option to proxy the ICA traffic we also need Authentication on the F5. So users will be presented a logon page of the F5. Since it's a very though organisation the organisation wants to keep the logon page of the storefront servers.

 

If we disable the ica proxy then the users go directly to the storefront servers via the iApp and it works as designed, except the ICA Proxy.

 

If we enable the ica proxy the authentication starts on the F5 with SSO to the storefront servers.

 

Now the question:

 

Is it possible to have the ICA proxy without the authentication on the F5. So we will have the situation of the ICA proxy on the F5 and a logon page from the StoreFront Server.

 

I am not an F5 expert so forgive me if I made some mistakes regarding the iApp/APM.

 

Looking forward to your answers!

 

Regards, Neal