What is Citrix Secure Access Gateway and How it Works?



If you want to connect two networks, a gateway is a node you need. It serves as a portal. Alternatively, gateways act as points of entry and exit for network traffic. Intra-LAN traffic, however, is an exception to this norm and does not go via the gateway at all (LAN).

Because of the network’s borders, it is not always feasible to communicate directly with other devices, nodes, or networks connected to the network.

A gateway is required to maintain an external connection as long as the network demands it. An internet gateway combines the functions of a modem and a router into a single unit.

Citrix’s Secure Access Gateway

Secure Access Gateway needs specialized hardware and a licensed copy of the software. Microsoft Azure, Amazon Web Services, Google Cloud Platform, and Citrix provide hybrid and public cloud alternatives.

Through the usage of this service, customers may log in to all of their companies’ and services’ online and virtual software applications with a single sign-on and distribute the load over several servers.

Given the usage of the name “gateway,” it would be natural to expect it to have all of the gateway’s features, such as load balancing, enhanced security, site filtering rules for Internet users, and user activity analytics.

In order to use Citrix Secure Private Access and other add-ons, however, you need to install them first.

Citrix secure access gateway provides a single sign-on for all applications, whether hosted on-premises, in the cloud or as SaaS offerings. Users may access any app, on any device, from any location using a single URL.

Citrix secure access gateway is an excellent choice for organizations since it is simple to set up and maintain. The Citrix secure access gateway appliance is deployed in the external network as a general rule.

Several Citrix secure access gateway appliances may be used for more complex configurations in your network.

Citrix Secure Access Gateway Architecture

By using Citrix secure access gateway virtual servers, users may access any service they want. Since several virtual servers may be deployed on a single Citrix secure access gateway device, it can serve multiple user communities with varying authentication and resource access requirements. This section covers the topics of authentication, authorization, and accounting.

  • Citrix secure access gateway or authentication servers on the secure network, such as LDAP or RADIUS, may authenticate a user’s credentials so that they can log on to Citrix Gateway. 
  • A set of authorization rules determines an individual user’s access to resources. 
  • The accounting servers keep track of every login event, resource access instance, and operational failure. An external server or the Citrix secure access gateway may hold this information on its systems. Additional accounting information may be found in the “Configuring Auditing on Citrix Gateway” documentation.

Relationships between Users

Access to the Citrix secure access gateway may be done in one of the following three ways:

Citrix secure access gateway for Windows is a software application that may run on a Windows-based computer. It is possible to log in to a Windows-based computer with a simple right-click on a notification icon.

Users may use a web browser to log in if the Citrix secure access gateway plug-in is not already installed on the computer. The Citrix secure access gateway plug-in may log in to Citrix Workspace if the software is installed.

The gateway plug-in is installed on the user’s device as soon as the Citrix Workspace app is installed.

Anyone using macOS X now has the option of logging in through the Citrix Gateway plug-in. Using the access gateway Windows plug-in is seamless. This plug-in version uses Citrix ADC Gateway 10.1, Build 120.1316.e, including endpoint analysis features.

Web browser logins are available using the Java plug-in for Citrix Gateway, which supports macOS X, Linux, and, optionally, Windows.

Apps and virtual desktops published on a server farm may be accessed by users through the Workspace app and the Web Interface.

WorxMail gives access to web and SaaS applications, iOS and Android mobile apps, and Citrix Endpoint Management ShareFile data in addition to the Citrix Workspace and Secure Hub apps.

The web address of the Citrix secure access gateway may be used to connect Android phones and tablets. When a user opens an app, a Micro VPN is utilized to divert network traffic to the internal network.

The DNS settings of the Citrix secure access gateway must be specified if Android users are connected. Learn how to support DNS queries on your Android phone or tablet using DNS Suffixes.

Access to Citrix Gateway

citrix secure access gateway

A web browser on an iOS device may be used to access Citrix Gateway. There are two approaches to implementing Secure Browsing: globally or for a single session. VPN connections are established when Citrix Gateway starts an iOS app.

As a result, users may get the access they need without installing software on their devices. Rule-based access control is possible with Citrix Gateway. Session and endpoint analysis policies may be created to restrict people from logging in.

With Citrix Gateway, users access various network resources, such as file servers, apps, and websites. A virtual adapter may be used. The Citrix secure access gateway virtual adapter supports applications that need IP spoofing.

An adapter is installed on the device via the Citrix secure access gateway plug-in. When users connect to the internal network using Citrix Gateway, the intranet IP address is used as the source IP address for outbound connections. The server gives the Citrix secure access gateway plug-in this IP address as part of the configuration.

All intranet traffic is routed via the virtual adapter if Citrix’s secure access gateway split tunneling is enabled. The virtual adapter will only intercept two types of DNS queries: A and AAAA. 

A network adapter is installed on the user device to transfer communication that is not meant for the internal network. Public and private networks (LANs) are always connected and operational. If split tunneling is deactivated, connections to virtual adapters will go via the virtual adapter.

If any of the present connections have been lost, the user will have to start again. When an intranet IP address is set up, traffic to the internal network is spoofed with an intranet IP address.

Citrix Workspace App

One app gives users access to their Windows applications and virtual desktops using Citrix Workspace. Application access with Endpoint Management is also an option. Using the Citrix secure access gateway plug-in is a prerequisite for remote logins.

An instant addition is made to the list of plug-ins accessible in the Citrix Workspace app. The Citrix secure access gateway plug-in is now available to the Citrix Workspace app users. Single sign-on for the Citrix secure access gateway plug-in may also be enabled when users check in to Citrix Workspace.

Utilize a Mobile Device Powered by iOS or Android

Users may access Secure Hub from their mobile devices using the app available for iOS and Android. He/she may log in to their email and website with the help of Secure Mail and WorxWeb. Citrix secure gateway redirects mobile device connections to enterprise services. 

For iOS users, you may enable Secure Browsing as part of the session profile. It is impossible to connect without the Micro VPN on Android. Using Micro VPN, the Citrix secure access gateway connects to Secure Mail and WorxWeb. Micro VPN is not required for Citrix Gateway.


As many as 10,000 concurrent users may be served by Citrix’s Access Gateway 10000 series equipment. With the Citrix Access Gateway, several virtual private networks are no longer necessary (VPNs).

The usage of a second virtual private network (VPN) in combination with Secure Gateway raises the total cost and complexity of the system. Access Gateway is one SSL VPN that solves all of your company’s remote access problems.


Leave a Reply

Your email address will not be published. Required fields are marked *

home-icon-silhouette remove-button