Connecting to a Citrix Server

Citrix Services

The Mobile AccessClosed Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. integrates the Citrix clients and services. It is not necessary to use STA (Secure Ticketing Authority) servers in a Mobile Access Security Gateways deployment because Mobile Access uses its own STA engine. You can also use Mobile Access in a deployment with STA and CSG (Citrix Secure Gateway) servers.

The Mobile Access server certificate must use a FQDN (Fully Qualified Domain Name) that is issued to the FQDN of the Mobile Access Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

Sample Deployment with Citrix Server

This is a sample deployment of a Mobile Access Security Gateway and a Citrix web server in the DMZ. The Citrix XenApp server is connected to the internal network.

Item

Description

1

Mobile devices

2

Mobile Access tunnels

3

Internet (external networks)

4

Security Gateway for the internal network

5

Mobile Access Security Gateway in the DMZ

6

Citrix web interface

7

Internal network resources

8

Citrix XenApp (MetaFrame) server

Configuring Citrix Services for Mobile Access

This procedure describes how to configure Mobile Access to let remote users connect to Citrix applications. The deployment is based on the Sample Deployment with Citrix Server (see Sample Deployment with Citrix Server).

To configure Citrix services:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., go to Manage & Settings > Blades.

  2. In the Mobile Access, click Configure in SmartDashboard.

  3. In the Mobile Access tab, click Applications > Citrix Services.

  4. Click New.

    The General Properties page of the Citrix Service window opens.

  5. Enter the Name for the Citrix server object.

  6. From the navigation tree, click Web Interface.

  7. Create a new object for the Citrix web interface server, in Servers, click Manage > New > Host.

    The Host Node window opens.

  8. Enter the settings for the Citrix web interface server.

  9. Click OK.

  10. In Services, select one or more of these services that the Citrix web interface server supports:

    • HTTP

    • HTTPS

  11. From the navigation tree, click Link in Portal.

  12. Configure the settings for the link to the Citrix services in the Mobile Access Portal:

    • Link text - The text that is shown for the Citrix link

    • URL - The URL for the directory or subdirectory of the Citrix application

    • Tooltip - Text that is shown when the user pauses the mouse pointer above the Citrix link

  13. From the navigation tree, select Additional Settings > Single Sign On.

  14. Enable Single Sign On for Citrix services, select these options:

    • Turn on single Sign On for this application

    • Prompt users for their credentials, and store them for future use

  15. Click OK.

    The Citrix server object is added to Defined Citrix Services.

  16. From the Mobile Access navigation tree, select Policy.

  17. Add the Citrix services object to the applicable rules.

    1. Right-click on the Applications cell of a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. and select Add Applications.

    2. Select the Citrix services object.

  18. Install the policy.