Jump to content



Started by Indranil Dutta , 16 February 2017 - 06:57 AM
4 replies to this topic

Indranil Dutta Members

Indranil Dutta
  • 24 posts

Posted 16 February 2017 - 06:57 AM



We have a scenario to decide on implementation for Xenapp 7.x. Implementation is targeted for only Xenapp with session recording. No VDI is required.


1> User --> Nat Firewall --> Xenapp Storefront.


Incoming user Ips are natted to same class range of Xenapp application servers IPs, NAT done in-between firewall, before request comes to Xenapp storefront. Citrix doesn't even know the actual user Ips, it will receive only NAT Ip, Do we require Netscaler for this environment.

Storefront and Application servers are in same network and rest others master servers in other network.



Br/Indranil Dutta

Pavan nannapaneni Members

Pavan nannapaneni
  • 1,095 posts

Posted 16 February 2017 - 05:38 PM

you'll need NetScaler ADC, netscaler gateway to do the ICA reverse proxy.

Matt Evans Members

Matt Evans
  • 11 posts

Posted 17 February 2017 - 01:59 AM

Yep need a netscaler as the VDA on the actual server needs to know who its talking to

Indranil Dutta Members

Indranil Dutta
  • 24 posts

Posted 17 February 2017 - 05:47 AM

User have to cross two firewalls to reach citrix.

First firewall will nat client ips and second firewall to allow only the ports required to access citrix. So, in this case, do we still need netscaler. I mean how come citrix has to do with Natting, it doesn't knows user actual ips. It has to take only the nat ip and reply over to nat ip which will be subsequent changed by firewall. Why would i require netscaler for it.

Even if i need netscaler, can this setup fulfilled by netscaler vpx.

Carl Stalhood CTP Member

Carl Stalhood
  • 12,366 posts

Posted 17 February 2017 - 12:39 PM

Client-side NAT'ing is not a problem.


When users launch an icon, StoreFront puts inside the .ica file the VDA's private IP address. Can users reach that Private IP on 1494/2598? If so, then it might work without a NetScaler.