We have 2 types of connections, one external and one internal, we would like both connections to go through NetScaler gateways using a single StoreFront store.

External connections work good, but when trying to connect internally the enumerations works and StoreFront passes the external details (Proxy Server) in the ICA files.

The problem appears to be the default routing behaviour of HDX. In the store HDX is setup as follows: External access (Auth + HDX only), Internal Access (HDX only).

When we access externally this works because it is the default behaviour. When we then try to access internally, it always falls back to the default HDX route which is the external details.

We can access the store but the applications will not run because the ICA file contains the external proxy server details.

This is a product limitation with StoreFront 3.6; by design this use case is not supported.

• 2 stores. 1 for external and 1 for internal use. If you want the same store name for both internal and external, you would need separate StoreFront servers for external and internal.
• 1 gateway in the DMZ with a firewall on either side of it. Gateway accessible from both an internal route and external route. This may require split DNS. You would not need optimal gateway routing unless you wish to use OnDirectAccess and log in via StoreFront internally, but direct launch traffic through the single gateway.