Citrix Gateway

Advanced policy support for enterprise bookmarks

March 3, 2023

Contributed by:

H C S

Enterprise bookmarks (VPN URLs) can be configured as an advanced policy.

Notes:

Citrix Gateway supports HTTP, HTTPs, and RDP protocols for the enterprise bookmarks.

Citrix Gateway supports only absolute URLs for the enterprise bookmarks.

Configure VPN URL as an advanced policy

To configure the VPN URL as an advanced policy:

Create a VPN URL action
Create VPN URL policy
Bind the policy to a bind point

Create a VPN URL action

At the command prompt, type the following:

add vpn urlAction <name> -linkName <string> -actualURL <string> [-vServerName <string>] [-clientlessAccess ( ON | OFF )] [-comment <string>] [-iconURL <URL>] [-ssotype <ssotype>] [-applicationtype <applicationtype>] [-samlSSOProfile <string>]

Following operations for VPN URL action are supported

add

 add vpn urlAction <name> -linkName <string> -actualURL <string> [-vServerName <string>] [-clientlessAccess ( ON | OFF )] [-comment <string>] [-iconURL <URL>] [-ssotype <ssotype>] [-applicationtype <applicationtype>] [-samlSSOProfile <string>]

set

  set vpn urlAction <name> [-vServerName <string>] [-clientlessAccess ( ON | OFF )] [-comment <string>] [-iconURL <URL>] [-ssotype <ssotype>] [-applicationtype <applicationtype>] [-samlSSOProfile <string>]

unset

  unset vpn urlAction <name> [-vServerName] [-clientlessAccess] [-comment] [-iconURL] [-ssotype] [-applicationtype] [-samlSSOProfile]

show
```
  show vpn urlAction [<name>]
```
remove
```
 remove vpn urlAction <name>
```

rename

 rename vpn urlAction <name>@ <newName>@

Following operations for VPN URL policy are supported

add

 add vpn urlPolicy <name> -rule <expression> -action <string> [-comment <string>] [-logAction <string>]

set

 set vpn urlPolicy <name> [-rule <expression>] [-action <string>] [-comment <string>] [-logAction <string>]

unset

 unset vpn urlPolicy <name> [-comment] [-logAction]

Note:

In Icon URL, the icons are supported for all themes except the default theme. Maximum recommended size is 70x70 pixels. We recommend that you use transparent images. This parameter is optional.

In Application type, select the type of application (VPN, clientless VPN, or SaaS) that the URL represents. This parameter is optional.

For the SSO Type parameter, select the SSO type that you want to configure for the bookmark. When SSO is configured, users can access the applications without having to enter their credentials in the subsequent logons. This parameter is optional.

The following SSO types are supported:

Unified Gateway: This SSO configuration allows secure remote access to multiple resources of an application through a single URL.

Self-authentication: In this SSO configuration, Citrix Gateway users are prompted to provide the login credentials to access the application.

SAML-based authentication: In this SSO configuration, Citrix Gateway uses an IdP to validate the user details, generates a SAML assertion, and sends it to the SP. If the validation passes, the SSO is successful.

If you set clientless access to ON, you can make sure that requests to websites go from the user device to Citrix Gateway and then to the website.

show
```
 show vpn urlPolicy [<name>]
```
remove
```
 remove vpn urlPolicy <name>
```

rename

 rename vpn urlpolicy <name>@ <newName>@

stat

 stat vpn urlpolicy [<name>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]

bind

 bind vpn vserver <vserver name> -policy <string> -priority <positive_integer> [-gotoPriorityExpression <expression>]
 bind vpn global -policyName <string> -priority <positive_integer> [-gotoPriorityExpression <expression>]
 bind aaa user <userName> -policy <string> [-priority <positive_integer>] [-type <type>] [-gotoPriorityExpression <expression>]
 bind aaa group <groupName> -policy <string> [-priority <positive_integer>] [-type <type>] [-gotoPriorityExpression <expression>]

unbind

 unbind vpn vserver <name> -policy <string>
 unbind vpn global -policyName <string>
 unbind aaa user <name> -policy <string>
 unbind aaa group <name> -policy <string>

Note: Bind Points are aaauser, aaagroup, vpnvserver, and vpnglobal.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Advanced policy support for enterprise bookmarks

March 3, 2023

Contributed by:

H C S

March 3, 2023

Contributed by:

H C S

Advanced policy support for enterprise bookmarks

Configure VPN URL as an advanced policy

Create a VPN URL action

Following operations for VPN URL action are supported

Following operations for VPN URL policy are supported

In this article