Building a Citrix NetScaler Gateway from Scratch (SSL Labs A Grade)
I was recently asked about building a NetScaler Gateway from scratch for ICA only connections. I know this can be done using a wizard but if you want to know a little more about how it all hangs together or to name things how you want instead of the names given by the wizards then a manual build is the way to go. The following article will walk you through building your NetScaler Gateway from the ground up and ending with a secure, working remote access solution.
This article assumes that you have LDAP Bind Credentials, All your SSL Certificates to hand and also have the appropriate firewall / NAT rules in place to access your gateway from the outside world.
The way I like to build a NetScaler Gateway is a similar approach to how I like to cook. Get everything ready first then put it all together at the end. I may seem that things are a little weird at first but not creating the gateway and building it out from there but trust me – it will all work in the end !
To have a working NetScaler thats secure you will need the following
- LDAP Methods (I know you should use 2Fa but in this case i am only binding LDAP)
- A Diffie Hellman Key
- A Custom Cipher Group
- Session Policies and Profiles for Web and Receiver access
- A Secure Transport Session Rewrite Policy
- Custom SSL Settings for SSL3
- TCP Profile for XenDesktop
- Secure Renegotiation only enabled for Secure Connections
- Secure Ticketing in place
So, lets get going.
Read the entire article here, Building a NetScaler Gateway from Scratch (SSL Labs A Grade)
via Dave Brett at bretty.me.uk