Forum Discussion
F5 LTM and Citrix Secure Gateway
Your assessment is correct. It's not that you technically cannot offload the SSL, but that CSG will break if you don't do it exactly right. The standard mechanism is to just create a layer 4 load balancing VIP for CSG (no client or server SSL profiles). What wasn't mentioned in this post, however, is that you can actually use SSL sessionid persistence with CSG. SSL persistence usually doesn't work for things like browser sessions, because browsers will randomly renegotiate SSL. The Citrix agent, however, does not renegotiate by default. Many years ago I managed a pretty big Citrix farm with CSGs, and this was the standard and problem-free method we used.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com