Citrix Gateway

Unified Gateway Visualizer

The Unified Gateway Visualizer provides a visual representation of the configurations using the Unified Gateway Wizard. The Unified Gateway Visualizer is used to add and edit configuration, and diagnose a back-end issue.

The Unified Gateway Visualizer shows the following:

Configuration Configuration
Pre-authentication policies Authentication policies
CS virtual servers VPN virtual servers
LB virtual servers XA/XD apps
Web apps SaaS apps

Unified Gateway deployment enables secure remote access through one URL to your Enterprise or SaaS applications, clientless access applications, Citrix Virtual Apps, and Desktops resources.

Configure Unified Gateway

  1. Select Unified Gateway from the menu.

  2. At the next screen, verify that you have the following information, then click Get Started:

    • Public IP address for the Unified Gateway.
    • Server certificate chain (.PFX or.PEM) with optional Root-CA certificate.
    • LDAP/RADIUS/Client Certificate based authentication details.
    • Application details (URLs for SaaS applications or Citrix Virtual Apps and Desktops server details).
  3. Click the Continue button.

Visualizer single access point

Create a Unified Gateway Configuration virtual server.

  1. Enter the configuration Name for the virtual server.
  2. Enter the public facing Unified Gateway IP address for the Unified Gateway deployment.
  3. Enter the Port number. The port number range is 1–65535.
  4. Click Continue.

Complete the following information to specify the Server Certificate.

  1. Select either the Use existing certificate or Install Certificate radio buttons.
  2. Select a Server Certificate from the menu.
  3. Click the Continue button.

Server Certificate details

Complete the following information to specify Authentication.

  1. Select a Primary authentication method from the menu.
  2. Select either the Use existing server or Add new server radio buttons.
  3. Click the Continue button.
  4. Select the Portal Theme from the menu.
  5. Click Continue.
  6. Select either the Web Application or Citrix Virtual Apps Desktops radio buttons.
  7. Click Continue.

Select portal theme

Select application

Complete the following information to specify Web Application.

  1. Enter the Name of the bookmark link.
  2. Select the type of application the VPN URL represents. The possible values are:

    • Intranet Application
    • Clientless Access
    • SaaS
    • PreConfigured application on this Citrix ADC
  3. Check this box to make this application accessible through the Unified Gateway URL.
  4. Enter the URL for the bookmark link.
  5. From the Icon URL choose a file to fetch an icon file. The MaxLength = 255
  6. Click the Continue button.

  7. Click Done.
  8. Click Continue.
  9. Click Done.

GUI Configuration

  1. Select Unified Gateway from the menu.

  2. Click the Unified Gateway Visualizer icon to access configured Gateway instances.

    Click to access instances

    The Unified Gateway Visualizer looks like a flow diagram as shown in the following image:

    Unified Gateway Visualizer

    The Unified Gateway Visualizer has PreAuth, Auth, and an Apps section. If the VPN virtual server has pre-authentication policy, only then the pre-auth is shown in the Unified Gateway Visualizer.

    Details of Unified Gateway Visualizer

    The Unified Gateway Visualizer uses a color coding scheme for the load balancing and VPN virtual servers to indicate their state.

Color Description
Red means the server is down.
Gray means webapps/Citrix Virtual Apps have not been configured.
Green means everything is fine with the virtual server.
Orange means one of the load balancing virtual server services. is down, but still it is functioning properly.

Details of VPN Virtual Servers

To get the details of the VPN virtual servers, click the VPN virtual servers node. The popup renders details like the C/S rule and all policies.

  1. Add Policies to the VPN entity by clicking the (+) icon.

    Click + to add policies to visualizer

  2. Click the desired node for details of policies already configured.

    Select node

    For VPN virtual server information, the VPN title in the popup is a clickable entity that goes to a slider that details the VPN virtual server.

    Node information

    The details of the VPN server are shown here.

    VPN server details

The Pre Auth Block

If a VPN virtual server has preauthentication policies associated with it, the Unified Gateway Visualizer shows a Pre Auth block. The Pre Auth block shows the policies, and provides an option to add preauthentication policies to the VPN.

  1. Click the + to add a preauth policy.

Click + to add

In a case where no preauthentication policies are associated, this block would be hidden from the view.

The Auth Block

The Auth block lists the primary and secondary policies. The Auth block provides an option to add policies.

  1. Click + in the Primary list to add a Primary Authentication Binding or Click + in the Secondary list to add a Secondary Authentication Binding.

    Click + to add authentication binding

  2. Select an option from the Primary authentication method menu.
  3. Specify if it is an existing server or Add new server by selecting the radio button.
  4. Select an option from the LDAP Policy Name menu.
  5. Select RADIUS from the Secondary authentication method menu.
  6. Specify if you want to use existing server or Add new server by selecting the radio button.
  7. Click Continue.

    authentication page

Adding StoreFront

  1. Click + near the XA/XD, and it takes you to adding “XA/XD” apps.

Click + to add StoreFront

You can choose your integration point. The options are StoreFront, WI, or WionNS. Click Continue.

  1. Complete the following fields to configure StoreFront. The fields that require mandatory information are noted with the *.

    Field Description
    StoreFront FQDN* Enter the FQDN of the StoreFront server. Max length: 255 char.Example://storefront.xendt.net
    Site Path* Enter the path to Receiver for the website already configured on the StoreFront.
    Single Sign-on Domain* Enter the default domain for user authentication
    Store Name* Enter the name for the StoreFront monitors.
    The STORENAME is an argument defining the StoreFront service store name to probe the health of StoreFront servers. Applicable to StoreFront monitors. Maximum Length: 31  
    Secure Ticket Authority Server* Enter the Secure Ticket Authority URL, typically present on the delivery controller.
    Example: http://sta  
    StoreFront Server* Enter the IP Address of the StoreFront Server
    Protocol* Enter the protocol used by the server.
    Port* Enter the port used by the server.
    Load Balancing Enter the load balancing configuration for the StoreFront servers.
    Virtual Server* Enter the public facing IP address for the Unified Gateway deployment.
  2. Click Continue.

Adding SaaS

  1. Click + to add SaaS apps, it takes you to the Add SaaS page. Complete the following fields to configure SaaS. The fields that require mandatory information are noted with a*.
Field Description
Name* Enter the name of the bookmark link.
Application Type Enter the type of application this VPN URL represents. Possible values are: Intranet Application/Clientless Access/SaaS/PreConfigured application on this Citrix ADC
Enter URL* Enter URL of the Intranet application.
Choose File Enter the URL to fetch the icon file for displaying this resource. MaxLength = 255

Adding WebApps

  1. Click + to add Web apps, it takes you to the Add Web apps page. Complete the following fields to configure a Web Application. The fields that require mandatory information are noted with a *.
Field Description
Name* Enter the name of the bookmark link.
Application Type Enter the type of application this VPN URL represents. Possible values are: Intranet Application/Clientless Access/SaaS/PreConfigured application on this Citrix ADC
Enter URL* Enter URL of the Intranet application.
Choose File Enter the URL to fetch the icon file for displaying this resource.MaxLength = 255

If an application is accessible through the Unified Gateway URL, the details of the Load Balancing server can be accessed by clicking the app:

Load balancing server in visualizer

New policies can be added by clicking (+) and all the bound policies can be viewed by clicking the node that displays policy information.

The number of services bound to the load balancer are also shown, along with the overall state information. Further click lists all the services. New services can be added to the load balancer.

For further details of the load balancer, the title of the popup is clickable that lands to the load balancing virtual server details page.

Unified Gateway Visualizer