Citrix Gateway VPN clients and supported features 编辑
Citrix Gateway VPN clients and supported features
Important:
The legacy Citrix VPN client was built using Apple’s private VPN APIs that is now deprecated. VPN support in the Citrix SSO app for iOS and Citrix Secure Access agent for macOS is rewritten using Apple’s public Network Extension framework. Citrix Gateway plug-in and Citrix VPN for iOS and macOS are no longer supported. Citrix SSO app for iOS and Citrix Secure Access agent for macOS is the recommended VPN app to be used.
General availability of nFactor authentication support for Android devices would be available in one of the upcoming releases.
The following table lists some of the commonly used features supported for each VPN client.
| Feature | Citrix Secure Access for Windows | Mac plug-in | Linux | Citrix Secure Access for macOS | SSO for iOS | SSO for Android |
|---|---|---|---|---|---|---|
| Always On (user mode) | Yes (11.1 and later) | No | No | No | No | Yes (via MDM) Android 7.0+ |
| PAC file push | Yes (12.0 and later) | Yes | No | Yes | Yes | No |
| Client proxy support | Yes | Yes | Yes | No | No | Yes. See note 1 |
| Max limit of Intranet Applications | 512 | 128 | 128 | No limit | No limit | No limit |
| Intranet IP (IIP) support | Yes | Yes | Yes | Yes | Yes | Yes |
| Split tunnel ON | Yes | Yes | Yes | Yes | Yes | Yes |
| Split tunnel reverse | Yes | Yes | Yes | Yes | Yes | Yes. See note 5 |
| Split DNS REMOTE | No | Yes | Yes | Yes | Yes | Yes. See note 6 |
| Split DNS BOTH | Yes | Yes | No | Yes | Yes | Yes. See note 6 |
| FQDN based split tunnel | Yes-Only ON (13.0 and later) | No | No | Yes | Yes | Yes. See note 5 |
| Client idle timeout | Yes | Yes | Yes | No | No | No |
| Endpoint analysis | Yes | Yes | Yes | Yes | No | No |
| Device certificate (classic) | Yes | Yes | No | Yes | No | No |
| nFactor authentication | Yes (12.1 and later) | No | No | Yes | Yes | Yes. See note 3 |
| EPA (nFactor) | Yes (12.1 and later) | No | No | Yes | No | No |
| Device certificate (nFactor) | Yes (12.1 and later) | No | No | Yes | No | No |
| Push notification | Yes (12.1 and later) | No | No | No | Yes | Yes (device registration only) |
| OTP token autofill support. See note 2 | No | No | No | No | Yes | Yes |
| DTLS support. See note 4 | Yes (13.0 and later) | No | No | No | No | No |
Note:
- Setting a proxy in the client configuration on the VPN virtual server in the gateway configuration for Android 10 and later is supported. Only basic HTTP proxy configuration with IP address and port is supported.
- Only QR code scanned tokens are eligible for auto filling. Auto filling is not supported in the nFactor authentication flow.
- nFactor authentication support for Android devices is under preview and the feature is disabled, by default. Contact Citrix Support for enabling this feature. Customers must provide their Citrix Gateway’s FQDN to the support team for enabling nFactor authentication for Android devices.
- For details, see Configure DTLS VPN virtual server using SSL VPN virtual server.
- FQDN based split tunnel support and reverse split tunnel for Android devices is under preview and the feature is disabled, by default. Contact Citrix Support for enabling this feature. Customers must provide their Citrix Gateway’s FQDN to the support team for enabling it for Android devices.
- For Split DNS BOTH mode, DNS suffixes must be configured on the gateway and only DNS A record queries ending in those suffixes are sent to the gateway. Rest of the queries are resolved locally. Android Citrix SSO app also supports Split DNS LOCAL mode.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论