This article describes how to Configure Internal Beacon for Single FQDN on StoreFront.
When you access any URL in Citrix Receiver, it tries to resolve both internal and external beacons. First it will resolve the internal beacon, followed by the external beacon, and then Citrix Receiver will follow the path depending upon which beacon was resolved.
The internal network should only be able to resolve internal beacon however the external network should not be able to resolve the internal beacon. This is the reason why the internal beacon should be changed in Single FQDN scenarios.
The following table illustrates both the scenarios:
FQDN | Internal Network | External Network |
NetScaler Gateway URL -https://nsg.domain.com | The StoreFront URL would be accessed from Receiver. | The NetScaler Gateway URL would be accessed from Receiver. |
StoreFront Base URL -https://sf.domain.com | Internal Beacon should be resolvable. | Internal Beacon should not be resolvable. |
Internal Beacon- https://sf.domain.com | External Beacon may or may not be resolvable. | External Beacon should be resolvable. |
External Beacon- https://nsg.domain.com | The authentication will occur directly on StoreFront and NetScaler Gateway is not used. | The authentication occurs on NetScaler Gateway and SSO occurs on StoreFront at the backend. In case the Internal Beacon is resolvable then the Citrix Receiver will try to reach the server where Internal Beacon is resolving to, however it would not be reachable from the external network. This is the reason why it is always recommended not to resolve Internal Beacon/ StoreFront base URL externally. This causes the app enumeration to fail. |
FQDN | Internal Network | External Network |
NetScaler Gateway URL- https://apps.domain.com | The URL should resolve to StoreFront Server. | The URL should resolve to NetScaler Gateway Virtual Server. |
StoreFront Base URL - https://apps.domain.com | Internal Beacon should be resolvable. | Internal Beacon should not be resolvable. |
Internal Beacon- https://appsib.domain.com | External Beacon may or may not be resolvable. | External Beacon should be resolvable. |
External Beacon- https://apps.domain.com | The authentication will occur directly on StoreFront and NetScaler Gateway is not used. | The authentication occurs on NetScaler Gateway and SSO occurs on StoreFront at the backend. In case the Internal Beacon is resolvable then the Citrix Receiver will try to reach the server where Internal Beacon is resolving to, however it would not be reachable from the external network. This causes the app enumeration to fail. |
Citrix Documentation - Create a single FQDN to access a store internally and externally