Citrix storefront
We are trying to replace a Netscaler Gateway with F5 APM/LTM using the latest iApp but are experiencing some issues.
Current setup Client --> Firewall --> Netscaler GW --> Storefront --> Delivery Cont.
New Setup Client --> Firewall --> F5 --> Storefront --> deliver cont.
The original Netscaler setup works fine, however when we amend the firewall NAT rule to swing the connection to the F5 the clients get the new logon page (we've customised it to be different) served up by F5 APM and they login but then receive a 404 error (connection timed out).
On the internal LAN we can login fine and looking at the ICA file the F5 is re-writing it so the SSLProxy setting is to itself but I believe the issue is further downstream with the Storefront or Delivery cont.
When we did a packet trace on the firewall it seems the Storefront is trying to communicate back to the firewall itself rather than talking to the F5 but this traffic is not seen when we are using the Netscaler.
On the Storefront server in the Citrix Delivery Services log we see these two errors. The remote address is the F5. The X-forwarded address is the Firewall internal interface.
EXAMPLE 1 A request was sent to service 'Authentication Service' that was detected as passing through a gateway. This service is configured with the gateways [cc4bdb0c-3ebb-4144-99cd-685bc0ba5f5e,bb906ec6-6e96-44b6-8fd7-d8007204073f,f8f8c49b-6861-4517-873b-1f727f555bf9], but none of these matched the request. Request details: X-Citrix-Gateway: X-Citrix-Via: XenDesktop.domain.com:443 X-Citrix-Via-VIP: Remote Address: 10.0.0.10 X-Forwarded-For: 172.0.0.10
EXAMPLE2 Gateway data from the request and the authentication token are not matching. Request was made to store NCCXD7.
Request data: Remote Address: 10.0.0.10 X-Citrix-Via: X-Citrix-Gateway: X-Forwarded-For: 172.0.0.10 X-Citrix-TrustCertRef:
Token data: Remote Address: X-Citrix-Via: 10.0.0.10 X-Citrix-Gateway: XenDesktop.domain.com X-Forwarded-For: X-Citrix-TrustCertRef: 172.0.0.10, 172.0.0.10
Gateway configuration: System.String[]
I did notice that on the iApp the Citrix STA servers had not been defined? Could this be the issue? Anybody got any advice/pointers on what I can check or try please?
Thanks in advance