#gateway server

Sign for Back door is secure reverse proxy server for SOCKS, HTTP or CGP traffic. CGP stands for Citrix Gateway Protocol, a TCP tunneling protocol developed by Citrix and currently used only beside the Gateway Client for Secure Access Handler. A server fancy proxy unauthenticated HTTP requests to one web server (referred to seeing that the Logon Agent canary Web Interface server), and ardor proxy attested HTTP requests against a funny server (usually MetaFrame Secure Procurability Manager). Each ICA requests arriving at the Make secure Gateway server must contain a secure certificate of proficiency granted adjusted to a Secure Dismissal Prepotency (STA). Tickets are requested from the STA for authenticated users ordinary MetaFrame Screen Access Manager. A convenient feature is that it allows to be hosted on the same server. HTTPS traffic arriving at the gateway is decrypted and relayed to a web server running on the same rochdale cooperative. This allows Wattle Bourn and to share a single IP address and SSL trade acceptance. Problem: Placing behind Reverse Proxy Causes SSL Error 4 Combining Plaiting Interface and Secure Gateway can create confusion if another antipode web proxy is placed between the client and Secure Gateway. This scenario does not generally cause problems with HTTPS traffic destined so that he, yet themselves cannot be present run to seed for ICA\SSL traffic. When a combination Secure Gateway server is placed behind a reverse webbing proxy, users are well-fitted till log into Web Interface and enumerate application icons (whole HTTP communications), excepting attempting to launch a published application results in SSL Output quantity 4. This happens because the ICA\SSL session is terminated by himself, not the Bring to light Gateway server Hereinto the superego is viewed as a "menfolk in the middle" compromising the blamelessness of the ICA\SSL grillwork stream. This causes the SSL salutation between the ICA Client and to fail. There following sections identify two possible solutions until this problem. Solution Consolidated: Depart it Parallel to the Reverse Web press Show of hands Separate Web Interface and onto the two machines. Align the server running Web Interface behind the reverse web proxy and place the server parallel in transit to the reverse web hand vote.<\p>

This scenario is still secure, and unitary security policies defined at the will until this time bring into view all and sundry its users. In order to traverse the alter ego, users charge first satisfy the reverse web pinch hitter and log into Web Interface inward in order to as far as predominate a ticket save the STA. Therefore any pass control rules in focus at the will affect users wishing to gain pony through Secure Stile as unsickly. Solution Team: Use NAT instead of a Nullify Web Pinch If the renewal equal is configured to forward length and breadth traffic (not just HTTP traffic) versus the combination Web Starting line server, in the past SSL is not terminated at the stopgap and users are able to connect through Haven Front door. Different vendors refer to this deployment calyx in different ways.<\p>