Integration Guide. Citrix XenApp 7.8

Similar documents
How do I set up a branch office VPN tunnel with the Management Server?

Integration Guide. LogicNow MAXfocus

Integration Guide. Duo Security Authentication

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Deploying NetScaler Gateway in ICA Proxy Mode

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

App Orchestration 2.0

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC

Configuration Example

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

App Orchestration 2.5

Step-by-Step Configuration

The steps will take about 4 hours to fully execute, with only about 60 minutes of user intervention. Each of the steps is discussed below.

WHITE PAPER Citrix Secure Gateway Startup Guide

Basic Exchange Setup Guide

How To - Implement Clientless Single Sign On Authentication with Active Directory

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

Fireware How To Network Configuration

Contents. Introduction. Prerequisites. Requirements. Components Used

Configuration Guide. BES12 Cloud

App Orchestration Setup Checklist

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

Virtual Web Appliance Setup Guide

Network Configuration Settings

BlackBerry Enterprise Service 10. Version: Configuration Guide

WatchGuard Dimension v1.1 Update 1 Release Notes

Integration Guide. Swivel Secure Authentication

App Orchestration 2.0

Firewall VPN Router. Quick Installation Guide M73-APO09-380

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Multi-Homing Dual WAN Firewall Router

Fireware XTM v is a maintenance release for XTM 21, XTM 22, and XTM 23 wired and wireless devices.

Installation Steps for PAN User-ID Agent

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Configuring User Identification via Active Directory

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Fireware How To Logging and Notification

Virtual Appliance Setup Guide

Deployment Guide for Citrix XenDesktop

SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

Web Application Firewall

Setting Up Scan to SMB on TaskALFA series MFP s.

Filtering remote users with Websense remote filtering software v7.6

Configuring Security Features of Session Recording

Installing and Configuring vcloud Connector

Citrix - CXD Deploying Citrix XenDesktop 7 Solutions

Overview - Using ADAMS With a Firewall

To install the SMTP service:

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Configuring Windows Server Clusters

Overview - Using ADAMS With a Firewall

Installing and Configuring vcloud Connector

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

How to Make the Client IP Address Available to the Back-end Server

NETASQ ACTIVE DIRECTORY INTEGRATION

Virtual Managment Appliance Setup Guide

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Quick Connect. Overview. Client Instructions. LabTech

OneLogin Integration User Guide

Fireware XTM Traffic Management

CITRIX 1Y0-A14 EXAM QUESTIONS & ANSWERS

App Orchestration 2.5

How To - Implement Single Sign On Authentication with Active Directory

Configuring Trend Micro Content Security

NovaBACKUP xsp Version 15.0 Upgrade Guide

Cisco Expressway Basic Configuration

Basic Exchange Setup Guide

WatchGuard Training. Introduction to WatchGuard Dimension

This document details the procedure for installing Layer8 software agents and reporting dashboards.

FTP, IIS, and Firewall Reference and Troubleshooting

Lab 3.4.2: Managing a Web Server

Preparing for GO!Enterprise MDM On-Demand Service

Configuration Guide BES12. Version 12.1

Hands-on Lab Exercise Guide

Fireware Essentials Exam Study Guide

F-SECURE MESSAGING SECURITY GATEWAY

IMF Tune Quarantine & Reporting Running SQL behind a Firewall. WinDeveloper Software Ltd.

Microsoft Lync Server 2010

IIS, FTP Server and Windows

Application Notes for Configuring Yealink T-22 SIP Phones to interoperate with Avaya IP Office - Issue 1.0

Immotec Systems, Inc. SQL Server 2005 Installation Document

1. Begin by opening XenCenter to manage the assigned XenServer.

Citrix XenApp-7.6 Administration Training. Course

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Quickstart guide to Configuring WebTitan

Step-by-Step Configuration

Application Note. Onsight Connect Network Requirements v6.3

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

Configuration Guide BES12. Version 12.2

NEFSIS DEDICATED SERVER

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Application Note VAST Network settings

Source-Connect Network Configuration Last updated May 2009

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Using TestLogServer for Web Security Troubleshooting

idatafax Troubleshooting

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Transcription:

Integration Guide Citrix XenApp 7.8 Revised: 9 May 2016

About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

Citrix XenApp Integration Overview This document describes how to integrate Citrix XenApp 7.8 with your WatchGuard Firebox to support endpoint client automatic authentication through the WatchGuard Terminal Services Agent (TO Agent). The Firebox enforces policies for traffic from endpoint clients after a user authenticates to the Firebox from the endpoint client with a specified user name and IP address. Platform and Software The hardware and software used to complete the steps outlined in this document include: Firebox with Fireware v11.10.x installed. Citrix XenApp 7.8 and other software required for this integration installed on four virtual machines as listed in the table below. VM# Operating System Components 1 Windows 10 End-point client with Citrix Receiver 2 Windows Server 2012 R2 Citrix Delivery Controller, Studio, StoreFront, Database, and License server 3 Windows Server 2012 R2 Citrix Virtual Delivery Agent on the Master Image, WatchGuard TO Agent 4 Windows Server 2012 R2 Active Directory domain and run DNS and DHCP service

Configuration To complete this integration, you must first deploy the Citrix XenApp 7.8 software shown in the Platform and Software section above) VM1: End-point client 10.0.1.7 VM2: Citrix Delivery Controller 10.0.1.8 VM3: Citrix Virtual Delivery Agent 10.0.1.6 10.0.1.1 Trusted WatchGuard Firebox External Internet VM4: Active Directory Domain eco.cdc.com 10.0.1.5 VM Configuration Notes: All VMs must be members of the Active Directory (AD) domain. In our integration the VMs get an IP address from a DHCP server on the AD server. The DHCP server could also be enabled on the Firebox interface or through DHCP relay configured on the Firebox interface as long as FQDN is working for all VMs. The default gateway for all VMs must be the IP address of the Firebox trusted interface the network connects to. In our example integration, the IP address is 10.0.1.1. FQDN must be working. WatchGuard Terminal Services Agent (TO Agent) and the Citrix Virtual Delivery Agent (VDA) must be installed on the same server. For information about how to set up the Citrix XenApp 7.8 environment, see the Citrix XenApp 7.8 Installation Guide. In this document, we describe how to set up WatchGuard Terminal Services Agent (TO Agent) to work with Citrix XenApp 7.8 so the Firebox can authenticate end-point clients.

Set Up Citrix XenApp Publish Apps on Citrix For our integration example, we created a machine catalog and published four applications. 1. We created a Machine Catalog called <windows 2012 for Eco Traffic>, using the Master Image on VM2. 2. We created a Delivery Group to publish applications using the Machine Catalog <windows 2012 for Eco Traffic>.

3. We published four applications. For this example, we published Calculator, Command Prompt, Iexplore, and Notepad. Install the WatchGuard Terminal Services Agent (TO Agent) To install and verify the TO Agent: 1. Install the WatchGuard TO Agent on the server where the Citrix Virtual Delivery Agent is installed. In our example integration, the TO agent is installed on VM3. For detailed instructions to install and configure the Terminal Services agent, see Fireware Help. 2. Use the netstat command to verify the TO Agent works correctly. If the TO Agent is correctly working, the netstat output should look similar to the example shown here.

Set Up the Firebox Enable Terminal Services on the Firebox After you install the TO Agent, you must add the TO Agent IP address to the Firebox configuration. 1. Log in to Fireware Web UI. 2. Select Authentication > Terminal Services. 3. In the text box below the Agent IP list, add the IP address of the machine where the TO Agent is installed. In our example integration, the TO Agent is installed on VM3, at 10.0.1.6. 4. Click Add to add the specified IP address to the list. 5. Click Save to save the configuration.

Configure the Active Directory Server on the Firebox 1. Select Authentication > Servers > Active Directory. 2. Click Add. 3. Specify the Domain Name, Primary IP address, and Search Base for your Active Directory server. The other settings are optional. For our integration, the Domain Name and IP address are the same as VM4, as shown in the image below.

Add Active Directory Authentication Users You must add the Active Directory users on the Firebox before you can add them to a policy. 1. Select Authentication > Users and Groups. 2. Click Add. 3. In the Name text box, type the name of a user that exists in the Active Directory domain. The user name is case-sensitive. In our example integration, the user name is user1. 4. From the Authentication Server drop-down list, select the Authentication Server domain name. 5. Click OK 6. Click Save to save configuration.

Create a Policy for Authenticated Users To add a policy for HTTP traffic from authenticated users: 1. Select Firewall > Firewall Policies. 2. Click Add Policy. 3. Add an HTTP packet filter policy. 4. Configure the policy to allow connections from firewall user user1 to Any-External. 5. Click Save to save the policy.

Test Automatic Client Authentication 1. On a client machine that has Citrix Receiver installed, open a browser and go to the default Storefront URL: http://<servername>/citrix/storeweb. In our example integration, the client machine is VM1, which has Windows 10 installed. 2. Login as domain user user1.

3. Select Apps to see all published applications. 4. Click the Iexplore app to launch it. The Internet Explorer application window appears. 5. Type the URL for an internet site to visit. For example, we visited www.msn.com as shown below.

6. To verify that the user has authenticated, in Fireware Web UI, select System Status > Authentication List. The user name appears on the Authenticated Users list. Because the user is authenticated, the HTTP traffic for this user is enforced by the HTTP policy configured to allow traffic from this user. To make sure that the Firebox does not allow outgoing traffic from users who are not authenticated, you must disable or remove the default Outgoing (TCP-UDP) policy that allows traffic from unauthenticated users. If you remove the Outgoing policy from your device configuration file, you must add policies to your configuration that allow outbound traffic. You can either add a separate policy for each type of traffic that you want to allow out through your firewall, or you can add the TCP-UDP packet filter or TCP-UDP-proxy policy. For example, if you remove the Outgoing policy, and you want to allow authenticated users on your network to connect to websites, you must add an HTTP or HTTP-proxy policy for port 80, an HTTP or HTTPS-proxy policy for port 443, and a DNS policy for port 53 to allow DNS query resolution.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information