1. Boot the Citrix Access Gateway (CAG) while having a console cable plugged into the serial port.
Use 9600bps, 8 data bits, no parity bit and 1 stop bit for the terminal program.
Configure ETH0 (Ethernet Port Zero) with the internal or private IP address.
Citrix Server 4.5 - Access Gateway Configuration
2. Download and install the Access Gateway Administration tool via a web browser, by entering HTTPS and the IP address of the Access
Gateway followed by port 9001. The default username is root and the default password is rootadmin. It is strongly recommended to
change the password at this time
3. Log into the Access Gateway using the appropriate credentials
4. Click the circle to Use both interfaces. Change the IP address of Interface 0 to the public or DMZ IP address and change the IP
address of Interface 1 to the internal or private IP address. The network cables must be swapped after this or you won't have
access after the device reboots. Eth0 goes into the DMZ and Eth1 into the LAN.
5. Enter the appropriate DNS and WINS server IP addresses and click Submit
6. Enter the appropriate Static Routes
7. Enter the appropriate Network Time Protocol settings
8. Create a Certificate Signing Request using a key length of 1024 and the appropriate company information and click Generate Request
9. Save the Certificate Signing Request file and obtain a valid Certificate from a Certificate Authority. When submitting
the request to a Certificate Authority specify Apache as the type of Web Server. Thawte SSL 1-2-3 certificates do not
require an intermediate certificate and will work in certain instances where certificates requiring an intermediate certificate
10. Upload the signed .CRT file received from the Certificate Authority and install a trusted root (intermediate) certificate if necessary
11. Select Advanced Access Control as the Administration Method for the Access Gateway and enter the FQDN or IP address of the
Advanced Access Control server
12. It is recommended to force SSL communications by selecting the General Networking tab, Advanced and changing the Security Settings
to Redirect any requests for port 80 to a secure port. Firewall settings should permit HTTP traffic on port 80 and HTTPS traffic
on port 443 from the outside to the DMZ.
13. Confirm the Citrix Access Gateway responds appropriately and redirects automatically by entering the FQDN into a web browser on
the outside network
14. If it does not function correctly, confirm port 80 is open by doing a TELNET to the FQDN or IP address on port 80 and type get and
press ENTER twice. The Access Gateway should respond with an HTTP/1.1 500 Internal Server Error and drop the connection. Confirm
port 443 for SSL is open and working properly. Type TELNET to the FQDN or IP address on port 443. The Access Gateway should respond
a blinking cursor. Using WFETCH would reply with a HTTP/1.1 301 Moved Permanently.