Configure client interception 编辑

Configure client interception

You configure interception rules for user connections on Citrix Gateway by using Intranet Applications. By default, when you configure the system IP address, a mapped IP address, or a subnet IP address on the appliance, subnet routes are created based on these IP addresses. Intranet applications are created automatically based on these routes and can be bound to a virtual server. If you enable split tunneling, you must define intranet applications for client interception to occur.

You can configure intranet applications by using the configuration utility. You can bind intranet applications to users, groups, or virtual servers.

If you enable split tunneling and users connect by using WorxWeb or WorxMail, when you configure client interception, you must add the IP addresses for Citrix Endpoint Management and your Exchange server. If you do not enable split tunneling, you do not need to configure the Endpoint Management and Exchange IP addresses in Intranet Applications.

Configure intranet applications for the Citrix Gateway plug-in

You create intranet applications for user access to resources by defining the following:

  • One IP address
  • A range of IP addresses
  • A host name

When you define an intranet application on Citrix Gateway, the Citrix Secure Access agent for Windows intercepts user traffic that is destined to the resource and sends the traffic through Citrix Gateway.

When configuring intranet applications, consider the following:

  • When Split Tunnel is ON
    • Configure the intranet applications.
    • Assign intranet applications to each authentication, authorization, and auditing group.
  • When Split Tunnel is OFF
    • All traffic intercepts through the VPN tunnel.
    • Intranet applications need not be configured.

    Important:

    Interception must be set to TRANSPARENT irrespective of the split tunnel configuration.

  • If users connect to Citrix Gateway by using the Citrix Secure Access agent for Java, you must define intranet applications. The Citrix Secure Access agent for Java intercepts traffic only to network resources defined by intranet applications. If users connect with this plug-in, set the interception mode to proxy.

Note:

  • When configuring an intranet application, you must select an interception mode that corresponds to the type of plug-in software used to make connections.
  • You cannot configure an intranet application for both proxy and transparent interception. To configure a network resource to be used by both the Citrix Secure Access agent for Windows and the Citrix Secure Access agent for Java, configure two intranet application policies and bind the policies to the user, group, virtual server, or Citrix Gateway global.

To create an intranet application for one IP address

  1. On the Configuration tab, in the navigation pane, expand Citrix Gateway Resources and then click Intranet Applications.
  2. In the details pane, click Add.
  3. In Name, type a name for the profile.
  4. In the Create Intranet Application dialog box, select TRANSPARENT.
  5. In Destination Type, select IP Address and Netmask.
  6. In Protocol, select the protocol that applies to the network resource.
  7. In IP Address, type the IP address.
  8. In Netmask, type subnet mask, click Create and then click Close.

To configure an IP address range

If you have multiple servers in your network, such as web, email, and file shares, you can configure a network resource that includes the IP range for network resources. This setting allows users access to the network resources contained in the IP address range.

  1. On the Configuration tab, in the navigation pane, expand Citrix Gateway Resources and then click Intranet Applications.
  2. In the details pane, click Add.
  3. In Name, type a name for the profile.
  4. In Protocol, select the protocol that applies to the network resource.
  5. In the Create Intranet Application dialog box, select TRANSPARENT.
  6. In Destination Type, select IP Address Range.
  7. In IP Start, type the starting IP address and in IP End, type the ending IP address, click Create and then click Close.

To create an intranet application for a host name

  1. On the Configuration tab, in the navigation pane, expand Citrix Gateway Resources and then click Intranet Applications.
  2. In the details pane, click Add.
  3. In Name, type a name for the profile.
  4. In the Create Intranet Application dialog box, select TRANSPARENT.
  5. In Destination Type, select hostname.
  6. In Protocol, select ANY, click Create, and then click Close.

Important:

  • From release 13.0 build 36.27 and later, the Windows VPN plug-in supports host name (FQDN) based rules for split tunneling. You must upgrade both the Citrix ADC appliance and the Windows VPN plug-in to release 13.0 build 36.27 or later.
  • Wildcard host names are also supported. For example, if intranet application with host name “*.example.com” is configured, a1.example.com, b2.example.com, and so on gets tunneled.
  • Host name based intranet application works only when you have split tunneling set to ON.
  • Host name based rules are not supported for reverse split tunneling.

Configure intranet applications for the Citrix Gateway plug-in for Java

If users connect with the Citrix Gateway plug-in for Java, you must configure an intranet application and set the interception mode to proxy. The Citrix Gateway plug-in for Java intercepts traffic by using the user device loopback IP address and port number specified in the profile.

If users are connecting from a Windows-based device, the Citrix Gateway plug-in for Java attempts to modify the host file by setting the application host name to access the loopback IP address and port specified in the profile. Users must have administrative privileges on the user device for the HOST file modification.

If users are connecting from a non-Windows device, you must configure applications manually by using the source IP address and port values specified in the intranet application profile.

To configure an intranet application for the Citrix Gateway plug-in for Java

  1. On the Configuration tab, in the navigation pane, expand Citrix Gateway Resources and then click Intranet Applications.
  2. In the details pane, click Add.
  3. In Name, type a name for the profile.
  4. Click Proxy.
  5. In Destination IP Address and Destination Port, type the destination IP address and port.
  6. Under Source IP Address and Source Port, type the source IP address and port.

    Note:

    Set the source IP address to the loopback IP address of 127.0.0.1. If you do not specify an IP address, the loopback IP address is used. If you do not enter a port value, the destination port value is used.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:83 次

字数:9187

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文