VMware Workspace ONE Access supports Citrix deployments that include Citrix Gateway. Citrix Gateway is typically used to provide external access to Citrix applications and desktops.
If your Citrix deployment includes a Citrix Gateway appliance, you can configure VMware Workspace ONE Access with the appropriate settings so that when users launch Citrix resources, the traffic is routed through the Citrix Gateway appliance to the XenApp server.
You set policies on client network IP ranges that specify whether launch traffic is routed through Citrix Gateway to the XenApp server or whether it is routed directly to the XenApp server. This allows you to meet both external and internal access needs.
Configure Network Range for Citrix Gateway in Workspace ONE Access
You can configure the network ranges for which you want users' application or desktop launch traffic (ICA traffic) to be routed through Citrix Gateway to the XenApp server. This configuration is typically used to provide external access to Citrix-published resources integrated with Workspace ONE Access.
When a user launches an application or desktop from the Workspace ONE Intelligent Hub portal or app, if the user's IP address falls in the IP range configured for Citrix Gateway, the ICA traffic is routed through Citrix Gateway to the XenApp server.
- A Super Admin role, or a custom role that can perform the Manage Settings action in the Identity and Access Management service in Workspace ONE Access, is required to create and edit network ranges.
- In the Workspace ONE Access console, select .
- Click the Citrix collection for which you want to configure network ranges.
- Select the Network Ranges tab.
- In the Network Ranges page, click the network range to configure for Citrix Gateway.
Important: Verify that each network range in your environment has a Client Access FQDN set. If a network range is missing the Client Access FQDN, users accessing resources through that network range cannot launch their Citrix desktops and applications.
- Click the network range to edit or create a new network range, if necessary.
- If you are creating a new network range, enter a name, optional description, and the IP address range.
- Scroll to the Server Farm section.
This section lists all the XenApp servers configured in the Citrix virtual apps collection.
- For each XenApp server, enter the appropriate values for this network range.
Option Description Client Access FQDN
The Citrix Gateway appliance host name. For example:
Port The Citrix Gateway appliance port. For example: 443 NetScaler Set this option to Yes.
Note: If you are using Citrix Secure Gateway instead of Citrix Gateway, enter the Citrix Secure Gateway host name and port, and set the NetScaler option to Yes.
- Click Save.
- Repeat these steps to edit the other network ranges, if required.