Set a policy that contains computer policies and user policies and assign the policy to be enabled only when accessing via Gateway.

However the policy name is shown on applied policy of session detail page when the session is an internal one that not via the Gateway.

This is by design. The following assignment rules can only restrict user policies. So the computer policies part will be applied if set a policy contains computer policy settings and restict targets with the following rules. Please pay attention to the type (user or computer) of policy and which assignment rule can restrict it to avoid assigning settings to unexpected targets.

・Access Control
・Citrix SD-WAN
・Client IP address
・Client name
・User or group

By the way, the following assignment rules can be applied to all settings.

・Delivery Group
・Delivery Group type
・Organization Unit (OU)
・Tag

Problem Cause

The 'Access Control' assignment rule can only work with the user policies. The computer policies will not be restricted and still apply the VDAs.

As the result, a part of the policy (computer policy settings) is indeed applied to the session, which causes the policy name is displayed on the applied policy column in Director.

The behavior is same when you assign a policy that contains both computer policies and user policies to a specify user or user group, because the 'User or Group' assignment rule can only restrict user policy as well.