Forum Discussion

Allwyn_Mascaren's avatar
Oct 10, 2017

Need iRule to modify Citrix ICA enrollment IP address And Match AppNames in ICA File


When the users from outside open login on the citrix using the public natted ip, the address in the ica is the internal one.

[Enrollment Informat]

So obviously the external client cannot connect. 

I need to catch this .ica file and update this IP to our public IP:1494 for internet users and to an internal VS-IP:1494 for internal users.

The initial request goes to VS:443 on the LTM.

I think I'll need to use another VS and an iRule for the port 1494 which citrix needs. I am only using LTM to do this, appreciate guidance.

**UPDATE 12 OCT 2017**

Just to bump this up and give the current status.

I have this:

`PUBLIC-IP -> and -> Storefront:443 -> then based on application I get a different ICA file -> then based on the app it will choose any of these -> 192.168.x.85:1494,2958 or 192.168.x.86:1494,2958`

So after hitting the VIP:443 and authenticating with Storefront:443 the ICA which is sent back to the client contains the FQDN which would look like:

`[Enrollment Informat]

Then this ica when executed uses TCP:1494 to again go through the FW NAT and Hit the VIP:1494 which then should send it to the correct application server based on the application name in the ica file.

The issue is now matching the APP NAME in the ica file and send the traffic to the correct APP server. 

I cannot find a way to this matching. 

The appname in the ica file is as recorded as follows:



I have just obscured the appnames with ** but can I match them in the return TCP traffic?

Any ideas on how to go ahead would be great!

  • Got this working using APM and replaced the storefront with the LTM webtop.