Forum Discussion

Nimbostratus

Jul 10, 2012

F5 LTM and Citrix Secure Gateway

I have a couple of CSG/WI servers that I need to load balance through the F5 LTM. I've been told I'm not able to place the SSL certificate for the CSGs on the LTM, even if its configured to perform ...

citrix

partner

Kevin_Stewart

Employee

Feb 26, 2014

Your assessment is correct. It's not that you technically cannot offload the SSL, but that CSG will break if you don't do it exactly right. The standard mechanism is to just create a layer 4 load balancing VIP for CSG (no client or server SSL profiles). What wasn't mentioned in this post, however, is that you can actually use SSL sessionid persistence with CSG. SSL persistence usually doesn't work for things like browser sessions, because browsers will randomly renegotiate SSL. The Citrix agent, however, does not renegotiate by default. Many years ago I managed a pretty big Citrix farm with CSGs, and this was the standard and problem-free method we used.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 LTM and Citrix Secure Gateway

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Whats new in NGINX Gateway Fabric 1.2?

Citrix Application Delivery Controller (ADC) and Gateway– Remote Code Execution (CVE-2019-19781)

Centralizing Cloud Security with F5 and AWS Transit Gateway

F5 Security Podcasts

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS