How to use program neighbourhood client from outside the network without vpn. : Citrix, Presentation Server, 4.5

May 17, 2008 03:16am pdt

1. KCTS 120,453
2. leew 42,555
3. oBdA 42,210
4. MrHusy 36,800
5. martin_b... 33,040
6. RobWill 32,620
7. tigermatt 28,125
8. TechSoEasy 28,100
9. LauraEHu... 27,759
10. toniur 27,475
11. lnkevin 25,680
12. merowinger 24,000
13. SteveH_UK 22,898
14. mboppe 22,442
15. Chris-Dent 21,800

1. KCTS 860,775
2. farhankazi 463,550
3. MrHusy 405,351
4. Sembee 327,964
5. TechSoEasy 287,434
6. oBdA 212,756
7. leew 196,786
8. LauraEHu... 186,651
9. sirbounty 150,360
10. Jay_Jay70 137,821
11. toniur 132,816
12. mboppe 127,190
13. tigermatt 116,488
14. RobSampson 109,475
15. RobWill 108,509

05.09.2008 at 04:22PM PDT, ID: 23391052 | Points: 500

	[x] Attachment Details

How to use program neighbourhood client from outside the network without vpn.

Zones: Citrix, Server, Remote Desktop/Terminal Services

Tags: Citrix, Presentation Server, 4.5

Hi All,

We have just setup a Citrix Presentation Server 4.5 to deliver a published desktop to laptop users. We followed the instructions in the document below to get Citrix Web Interface & Citrix Secure Gateway running on the same server.

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html

Access to the Citrix Server works perfectly in a browser using https://FQDN from inside & outside the network and this is perfect for users logging in from home or from an internet kiosk however we want to be able to enable laptop users to have the same experience & process regardless of whether the laptop is inside the LAN or is out of the office (eg. have a desktop icon for the published app/desktop and simply double click on this from any internet connected location). I thought it would be possible to point the Program Neighbour Client to the FQDN of the CSG Server using the Secure Gateway Relay Mode under the firewall tab in the client but we cannot get this to work outside the network.

Someone suggested to us that a Citrix Access Gateway with the SSL/VPN client would enable this to work and I have no problem with buying the appliance however I was hoping to get this working without the added complexity of managing a vpn client/session on each notebook in the same way that Windows Server 2008 & the TS Gateway Role works . We have about 50 laptop users who need this functionality.

Can someone please offer some options as to how this could be configured to work and what is the best way taking into consideration security & complexity.

Start your free trial to view this solution

Question Stats

Zone: OS

Question Asked By: CLL

Question Asked On: 05.09.2008

Participating Experts: 2

Points: 500

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

05.10.2008 at 04:35AM PDT, ID: 21538563

Sinder255248:

So if you're external on a laptop and you try to connect to the FQDN of the SG from a browser do you get the logon page? I take it users do from their home machines? If so is this down to the clients DNS settings? Could you access it if you use the IP?

05.11.2008 at 05:14PM PDT, ID: 21544025

CLL:

Yes - if a user opens internet explorer and types https://fqdn which resolves to the public ip from outside the LAN & resolves to the private ip inside the LAN they get the Citrix Web Interface webiste and can login without any issues.

What I am trying to achieve is that laptop users do not need to login to the webpage and can simply double click on a desktop icon for the published app regardless of their physical location.

05.12.2008 at 03:14AM PDT, ID: 21545644

JaredJ1:

Impossible I'm afraid. There has to be some authentication when going through the Secure Gateway. You could redirect from your firewall directly to your Citrix server and open the necessary ports, but this would be bypassing the Secure Gateway and opening your network up to attack. You're better off using vpn if the users must be able to launch Citrix apps without logging in.

05.13.2008 at 12:11AM PDT, ID: 21552847

CLL:

When you say "without logging in" do you mean without logging into the CSG website to launch published apps?

05.13.2008 at 02:05AM PDT, ID: 21553271

JaredJ1:

Correct.

20080206-EE-VQP-25 / EE_QW_2_20070628