This article answers the frequently asked questions on Secure Web and Web proxy support. For more information about Secure Web and proxy support, refer to Citrix Documentation - Citrix Secure Web.

The support for PAC file in MDX application is removed as of September 2021. This means Citrix has deprecated support for a Proxy Automatic Configuration (PAC) file with a full VPN tunnel deployment for iOS and Android devices. The alternative is to use Citrix Gateway to connect through a proxy server for access to internal networks.

Find more details on the deprecated and new features : https://docs.citrix.com/en-us/xenmobile/server/whats-new/removed-features.html

Q: What do I need to enter in this new proxy server field?

A: For PAC file configuration, specify a PAC file URL in the form: http://IP-address/file.pac. or https://Proxy-FQDN/file.pac.
For proxy server configuration, specify the IP address or FQDN.
Note: When defining HTTPS in the URL to download the PAC file, ensure to have the Root/Intermediate certificates installed on the mobile device to ensure a successful trusted connection. This is mainly applicable when using self-signed or private certificates.

Q: Can I use custom port numbers to define my Web proxy server?

A: Yes. Custom port numbers are supported.

Q: Do we support Web proxy authentication?

A: Yes. In this case, the NetScaler will intercept the challenge and attempt to do single sign-on. NetScaler supports the following authentication types:

• Basic
• Digest
• NTLM
• Kerberos

In the event, the NetScaler is unable to do single sign-on, IT Admins can also leverage this MDX policy feature called Password Caching. For more information, refer to CTX200209 - FAQ: Citrix Secure Web (iOS) Password Caching.

 

This article answers the frequently asked questions on Citrix Secure Web and Web proxy support.