Deploying VPN
In some cases, users may need to deploy a full VPN solution as it allows a client to become a part of the internal network using the NetScaler Gateway plugin. With the use of the NetScaler Gateway plugin, we also have Endpoint analysis that allows us to scan a client for specific processes, or check if the client has antivirus active and configured. In version 10.5, Citrix added OPSWAT support. OPSWAT is a library that allows us to perform granular scans of an endpoint before it is allowed access.
Configuring the use of regular VPN with NetScaler Gateway is not much different from ICA Proxy. We need the following:
- A NetScaler Gateway vServer with a name, a port, and an IP address
- A vServer set to non ICA-mode
- A trusted certificate
- An authentication policy
- A session policy
The only difference here is that we need to set the vServer to non ICA-mode and we need to change the session policy.
We can also add a pre-authentication policy to allow NetScaler to check client-side security before...