Applying Policies to Access Gateway Connections

You can create a policy that is applied to Access Gateway connections or to Access Gateway connections with certain properties.

You can create Citrix policies to accommodate different access scenarios based on factors such as authentication strength, logon point, and user device information such as endpoint analysis. You can selectively enable client-side drive mapping, cut and paste functionality, and local printing based on the logon point used to access the published application.

Prerequisites for Filtering on Access Gateway Connections

For Citrix XenDesktop to filter on Access Gateway connections, you must complete all of the following:

For Access Gateway:
  • Create one or more Connection policy filters to define specified requirements for user logon.
    Note: You must be using Access Gateway Advanced Edition (Version 4.0 or later) or Access Gateway Enterprise Edition (Version 9.1 or later) to create filters that work with XenDesktop.
For Web Interface:
  • Specify At Access Gateway as the point of authentication for your XenApp Web site.
  • Ensure that controllers for a site are configured to trust requests sent to the Citrix XML service.
For XenDesktop:
  • Ensure that any access policy configured on controllers for a site allows connections to virtual desktops through Access Gateway.
  • Create a User policy that includes a filter referencing Access Gateway filters.

To apply a policy filter based on Access Gateway connections

  1. Depending on the console you use to manage Citrix policies:
    • From Desktop Studio, select the HDX Policy node in the left pane and then select the User tab in the middle pane.

    • From the Group Policy Editor, under User Configuration in the left pane, select the Citrix Policies node.

  2. Select an existing User policy or create a new User policy.
  3. Follow the policy wizard to the filters page or click the Filters tab in the middle pane of the console.
  4. Select Access Control and then click Add.
  5. Click Add to configure the filter.
  6. Select With Access Gateway.
  7. To apply the policy to connections made through Citrix Access Gateway without considering Access Gateway policies, accept the default entries in the AG farm name and Access condition fields.
  8. To apply the policy to connections made through Citrix Access Gateway based on existing Access Gateway policies, perform the following actions:
    1. In AG farm name, enter one of the following items:
      • If using Access Gateway Advanced Edition, enter the name of the Access Gateway farm.
      • If using Access Gateway Enterprise Edition, enter the virtual server name of the Access Gateway appliance.
    2. In Access condition, enter one of the following items:
      • If using Access Gateway Advanced Edition, enter the name of the Access Gateway filter for XenDesktop to use.
      • If using Access Gateway Enterprise Edition, enter the name of the endpoint session policy for XenDesktop to use.
      Important: XenDesktop does not validate Access Gateway farm, server, and filter names, so always verify this information with the Access Gateway administrator.
  9. To apply the policy to every connection except those made through Access Gateway, in the Mode list box, select Deny. The filter's mode tells XenDesktop whether or not to apply the policy to connections that match the filter criteria. Selecting Deny tells XenDesktop to apply the policy to connections that do not match the filter criteria.

Contact Careers Terms of Use Privacy Governance Follow Us
© Citrix Systems, Inc. All rights reserved.