Route tables to resolve conflicts if the related domains in both SaaS and web apps are the same 编辑

October 31, 2022 Contributed by:  C

Route tables to resolve conflicts if the related domains in both SaaS and web apps are the same

The application domains feature of the Citrix Secure Private Access service enables customers to make routing decisions that allow related domains of applications to be routed externally or internally through the Connector Appliance.

Consider that the customer has configured the same related domains within both a SaaS app and an internal web app.For example, if Okta is the SAML IdP for both Salesforce (SaaS app) and Jira (internal web app), then the admin might configure *.okta.com as a related domain in both apps’ configuration. This leads to a conflict and the end user experiences inconsistent behavior. In this scenario, the admin can define rules to route these applications either externally or internally through the Connector Appliance, as per the requirement.

Application Domains feature also enables admins to configure the Citrix Connector Appliances to bypass the customer’s web proxy servers to reach the internal web servers. These bypass policies were previously configured manually by running the NSCLI commands on the Citrix Gateway Connector.


How the route table works

The admins can define the route type for the apps as External, Internal, or External via Connector Appliance depending on how they want to define the traffic flow.

  • External – The traffic flows directly to the internet.
  • Internal – The traffic flows via the Connector Appliance.
    • For a web app, the traffic flows within the data center.
    • For a SaaS app, the traffic is routed outside the network through the Citrix Connector Appliance.
  • Internal – bypass proxy - The domain traffic is routed through the Citrix Cloud Connector Appliances, bypassing the customer’s web proxy configured on the Connector Appliance.
  • External - via Connector - The apps are external but the traffic must flow through the Citrix Connector Appliance to the outside network.

Note:

  • Route entries do not impact the security policies that are configured on the apps.
  • If admins do not intend to use an entry in the route table or if the corresponding apps are not working as intended, admins can simply disable the entry instead of deleting it.
  • All Citrix Connector Appliances for a particular customer, irrespective of the app type, get the SSO settings. Previously, the SSO setting for a particular app was tied to a resource location.


Main route table

The main route table is accessible from the Secure Private Access tile.

  1. Log on to Citrix Cloud account.
  2. On the Secure Private Access tile, click Manage.
  3. In the navigation pane, click Settings. The Application Domains page appears.

Main route table

The main route table displays the following columns.

  • FQDN/IP: FQDN or the IP address for which the type of traffic routing is desired to be configured.
  • Type: App type. Internal, External, or External - via Connector as selected when adding the app.

    Important:

    If there are conflicts, then an alert icon is displayed for the respective row in the table. To resolve the conflict, admins must click the triangular icon and change the app type from the main table.

  • Resource location: Resource location for routing of type Internal. If a resource location is not allocated, a triangular icon appears in the Resource location column for the respective app. When you hover on the icon, the following message is displayed.

    Missing resource location. Ensure that a resource location is associated with this FQDN.

  • Status: The toggle switch in the Status column can be used to disable the route for a route entry without deleting the app. When the toggle switch is turned OFF, the route entry does not take effect. Also, if FQDNs of exact match exist, admins can select the route to be enabled or disabled.
  • Comments: Displays comments, if any.
  • Actions: The edit icon is used to add a resource location or change the type of route entry. The delete icon is used to delete the route.

Add an FQDN to the Application Domains table

Admins can add an FQDN into the Application Domains table and choose the appropriate routing type for it.

  1. Click Add in the Applications Domain page.
  2. Enter the FQDN name and select the appropriate routing type for the FQDN.

Add a route entry


Mini route table

A mini version of the Application Domains table is available to make the routing decisions during app configuration. The mini route table available in the App Connectivity section in the Citrix Secure Private Access service user interface.

To add routes to the mini route table

The steps to add an app in the Citrix Secure Private Access service remain the same as described in the topics Support for software as service apps
and Support for Enterprise web apps
except for the following two changes:

  1. Complete the following steps:
    • Choose a template.
    • Enter app details.
    • Choose enhanced security details, as applicable.
    • Select the single sign-on method, as applicable.
  2. Click App Connectivity. - A mini version of the Application Domains table is available to make the routing decisions during app configuration.

    Mini route table

    • Domains: The Domains column displays one or more rows for a particular app. The first row displays the actual app URL that the admin has entered while adding the app details. The other rows are all related domains that are entered while adding the app details. If the app URL and the related domains are the same, they are displayed in one row.

    One row displays the SAML assertion URL, if SAML SSO is selected.

    • Type: Select one of the following options.
      • External – The traffic flows directly to the internet.
      • Internal – The traffic flows via the Connector Appliance and the app is treated as a web app.

        • For a web app, the traffic flows within the data center.

        • For a SaaS app, the traffic is routed outside the network through the Citrix Connector Appliance.

      • Internal – bypass proxy - Domain traffic is routed through Citrix Cloud Connector Appliances, bypassing the customer’s web proxy configured on the Connector Appliance.
      • External - via Connector – The apps are external but the traffic must flow via the Citrix Connector Appliance to the outside network.
    • Resource Location: Autopopulated when you select the type Internal for an app. Change it if a different resource location is desired.
    • Connector Appliance Status: Autopopulated, along with resource location, when you select the type Internal for an app.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:94 次

字数:8784

最后编辑:8 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文