Forum Discussion

SimonS_84965's avatar
SimonS_84965
Icon for Nimbostratus rankNimbostratus
Apr 16, 2013

Replacing Citrix Secure Gateway with LTM/APM?

Currently we have a number of sites that have downstream Citrix Secure Gateways that sit infront of the Citrix Web Servers and inturn infront of the various downstream delivery controllers. As it sta...
citrix
partner
SimonS_84965's avatar
SimonS_84965
Icon for Nimbostratus rankNimbostratus
Apr 29, 2013
Thanks Andrey, yes i have the whole thing working now we are just about to go into a test phase with one of our sites.

 

Ill post the full config here for anyone else wanting to do the same shortly.

 

I think the F5 documentation is really good, but one thing that's often missing are slightly less invasive integration guides.. i.e in this instance whereby i don't want to offset (well cant) auth yet.. and really just want to terminate the SSL (more of a service provider approach) for things like Citrix (taking into account all of the little complexities like capturing logouts to clean up APM sessions)

 

 

Thanks all that helped, and a big thanks to my F5 SE who helped get the attention on my original ticket to help me push past the tricky stuff with moving the route domain selection and snat OUT of the VS and into APM.
  • SimonS_84965's avatar
    SimonS_84965
    Icon for Nimbostratus rankNimbostratus
    Sep 08, 2013
    Just as a further update on this, we now have a number of sites whereby this is working and we are looking to roll this out further. The Windows Metro receiver App is expected to introduce a little complexity.. so ill let you know how we go about resolving that
  • SimonS_84965's avatar
    SimonS_84965
    Icon for Nimbostratus rankNimbostratus
    Sep 27, 2013
    It appears that the Metro App and XenApp functionality on iOS (vs Desktop) appears to break... looking further at this via way of the AuthManSvrTrace receiver logs you notice something interesting just before it bombs out Working via a Netscaller { 10/27/13 01:52:45 (GMT) T:00001E4C . . . m_ServerInfo=m_ServerType: AG m_GatewayInfo: LogonPointUrl='https://remote.xxxx.catholic.edu.au/', Edition=2, } Yet if we use our BigIP LTM/APM proxy { 10/27/13 00:54:48 (GMT) T:00001F5C . . . m_ServerInfo=m_ServerType: Unknown } Not sure if this is simply a case of Citrix being jerks and saying <> Citrix then GOTO :END Will post more as i continue to research
  • SimonS_84965's avatar
    SimonS_84965
    Icon for Nimbostratus rankNimbostratus
    Oct 31, 2013
    It appears this has now been resolved by Citrix for the RT version of the receiver. 1.3.0.154 and below does not work when using APM when using the ICA proxying functionality 1.4.0.220 <> has been confirmed working.