Citrix Nerds

Installation Documentation
Citrix Server 4.5 - Access Gateway Configuration

1. Boot the Citrix Access Gateway (CAG) while having a console cable plugged into the serial port. Use 9600bps, 8 data bits, no parity bit and 1 stop bit for the terminal program. Configure ETH0 (Ethernet Port Zero) with the internal or private IP address.


2. Download and install the Access Gateway Administration tool via a web browser, by entering HTTPS and the IP address of the Access Gateway followed by port 9001. The default username is root and the default password is rootadmin. It is strongly recommended to change the password at this time


3. Log into the Access Gateway using the appropriate credentials


4. Click the circle to Use both interfaces. Change the IP address of Interface 0 to the public or DMZ IP address and change the IP address of Interface 1 to the internal or private IP address. The network cables must be swapped after this or you won't have access after the device reboots. Eth0 goes into the DMZ and Eth1 into the LAN.


5. Enter the appropriate DNS and WINS server IP addresses and click Submit


6. Enter the appropriate Static Routes


7. Enter the appropriate Network Time Protocol settings


8. Create a Certificate Signing Request using a key length of 1024 and the appropriate company information and click Generate Request


9. Save the Certificate Signing Request file and obtain a valid Certificate from a Certificate Authority. When submitting the request to a Certificate Authority specify Apache as the type of Web Server. Thawte SSL 1-2-3 certificates do not require an intermediate certificate and will work in certain instances where certificates requiring an intermediate certificate generate errors.


10. Upload the signed .CRT file received from the Certificate Authority and install a trusted root (intermediate) certificate if necessary


11. Select Advanced Access Control as the Administration Method for the Access Gateway and enter the FQDN or IP address of the Advanced Access Control server


12. It is recommended to force SSL communications by selecting the General Networking tab, Advanced and changing the Security Settings to Redirect any requests for port 80 to a secure port. Firewall settings should permit HTTP traffic on port 80 and HTTPS traffic on port 443 from the outside to the DMZ.


13. Confirm the Citrix Access Gateway responds appropriately and redirects automatically by entering the FQDN into a web browser on the outside network


14. If it does not function correctly, confirm port 80 is open by doing a TELNET to the FQDN or IP address on port 80 and type get and press ENTER twice. The Access Gateway should respond with an HTTP/1.1 500 Internal Server Error and drop the connection. Confirm port 443 for SSL is open and working properly. Type TELNET to the FQDN or IP address on port 443. The Access Gateway should respond a blinking cursor. Using WFETCH would reply with a HTTP/1.1 301 Moved Permanently.


Military | Government | Gaming | Healthcare | Citrix Demo | Installation Documentation | Customers | Company Info