Upload
ramesh2440
View
221
Download
0
Embed Size (px)
8/13/2019 AG GettingStarted
1/34
CitrixAccess Gateway4.2
325-1622
Getting Started with Citrix Access Gateway.
8/13/2019 AG GettingStarted
2/34
Copyright and Trademark Notice
Use of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. A printable
copy of the End User License Agreement is included on your product CD-ROM.
Information in this document is subject to change without notice. Companies, names, and data used in examples herein are
fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.
2005 Citrix Systems, Inc. All rights reserved.
Citrix, ICA (Independent Computing Architecture), MetaFrame, MetaFrame XP, and Program Neighborhood are registered
trademarks, and SpeedScreen and Access Gateway are trademarks of Citrix Systems, Inc. in the United States and other
countries.
RSA Encryption 1996-1997 RSA Security Inc., All Rights Reserved.
This product includes software developed by The Apache Software Foundation (http://www.apache.org/)
Win32 Client: Portions of this software are based on code owned and copyrighted by O'Reilly Media, Inc. 1998. (CJKV
Information Processing, by Ken Lunde. ISBN: 1565922247.) All rights reserved.
Licensing: Portions of this documentation that relate to Globetrotter, Macrovision, and FLEXlm are copyright 2005
Macrovision Corporation. All rights reserved.
Trademark Acknowledgements
Adobe, Acrobat, and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or
other countries.
Apple, LaserWriter, Mac, Macintosh, Mac OS, and Power Mac are registered trademarks or trademarks of Apple Computer Inc.
Java, Sun, and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
Solaris is a registered trademark of Sun Microsystems, Inc. Sun Microsystems, Inc has not tested or approved this product.
Portions of this software are based in part on the work of the Independent JPEG Group.
Portions of this software contain imaging code owned and copyrighted by Pegasus Imaging Corporation, Tampa, FL. All rightsreserved.
Microsoft, MS-DOS, Windows, Windows Media, Windows Server, Windows NT, Win32, Outlook, ActiveX, Active Directory,
and DirectShow are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other
countries.
UNIX is a registered trademark of The Open Group.
Licensing: Globetrotter, Macrovision, and FLEXlm are trademarks and/or registered trademarks of Macrovision Corporation.
All other trademarks and registered trademarks are the property of their respective owners.
Document Code: September 8, 2005 (KW)
8/13/2019 AG GettingStarted
3/34
CONTENTS
Contents
Chapter 1 Introduction
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
New Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Integration with Advanced Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Double Source Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Getting Service and Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Subscription Advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Knowledge Center Watches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Education and Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Related Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Chapter 2 Installing the Access Gateway
Preparing for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10Materials and Information Needed for Installation. . . . . . . . . . . . . . . . . . . . . . .10
Setting Up the Access Gateway Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Using the Access Gateway Administration Portal . . . . . . . . . . . . . . . . . . . . . . .13
ActiveX Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Using the Access Gateway Administration Tool . . . . . . . . . . . . . . . . . . . . . . . .14
Configuring the Access Gateway for Your Network . . . . . . . . . . . . . . . . . . . . .15
Installing Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Testing Your Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Firewall Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Access Gateway Configuration Using Advanced Access Control . . . . . . . . . . . . .20
Third-Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Chapter 3 Access Gateway Rack Mounting Kit
Separating the Rail Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Connecting the Chassis Rails to the Access Gateway . . . . . . . . . . . . . . . . . . . . . . .24
Connecting the Rack Rails to the Rack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
http://-/?-http://-/?-8/13/2019 AG GettingStarted
4/34
4 Getting Started with Citrix Access Gateway
Installing the Access Gateway in a Four-Post Rack . . . . . . . . . . . . . . . . . . . . . . . .25
Installing the Access Gateway in a Two-Post Rack. . . . . . . . . . . . . . . . . . . . . . . . .26
Chapter 4 Specifications and BIOS Self-Test Messages
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
BIOS Self-Test Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
8/13/2019 AG GettingStarted
5/34
CHAPTER1
Introduction
This chapter describes who should read Getting Started with Access Gateway,
new features, and related documentation.
Before installing the Access Gateway, review theAccess Gateway Pre-Installation Checklist.The checklist provides a single place to record the
necessary information for successfully setting up the Access Gateway.
AudienceThis guide is intended for service technicians who install the Access Gateway and
for administrators who need to troubleshoot the Access Gateway hardware.
New FeaturesThe following is a brief description of the new features in Access Gateway 4.2.
For details about configuring these options, see theAccess Gateway
Administrators Guide.
Integration with Advanced Access ControlAdvanced Access Control provides secure, single-point access to any enterprise
resource, including email, applications, network file services, Internet and
intranet sites, and documents. Protect your corporate resources while providing
secure access, consistent presentation, and easy navigation for mobile users who
may be connecting from anywhere. You can create and integrate policies to tailor
access to different scenarios, such as providing differentiated levels of trust or
permissions based on the identification of a corporate device or a security scan ofthe client device.
8/13/2019 AG GettingStarted
6/34
6 Getting Started with Citrix Access Gateway
Advanced Access Control:
Ensures that connections to your network and resources are safe, trusted,and secure
Add granularity to policy-based access control
Allows you to set differing levels of access permission based on evidence
you gather about the connecting client device
Allows users to connect to Advanced Access Control using the Secure
Access Client
Allows fallback to secure clientless access if the client device fails logon
requirements
When Advanced Access Control is added to your network, you can configure theAccess Gateway using the Access Suite Console. For more information, see
Access Gateway Configuration Using Advanced Access Control on page 20or
theAccess Gateway with Advanced Access Control Administrators Guide.
Double Source AuthenticationThe Access Gateway now supports double source authentication. You can use any
combination of authentication, such as LDAP and RADIUS or RSA SecurID and
LDAP. Double-source authentication provides greater security for your network.
When users connect to the Access Gateway using either a Web browser or Secure
Access Client, users type their user name and the passwords for each
authentication type.
Getting Service and SupportCitrix provides technical support primarily through the Citrix Solutions Network
(CSN). Our CSN partners are trained and authorized to provide a high level ofsupport to our customers. Contact your supplier for first-line support or check foryour nearest CSN partner at http://www.citrix.com/support/.
In addition to the CSN channel program, Citrix offers a variety of self-service,
Web-based technical support tools from its Knowledge Center athttp://support.citrix.com/. Knowledge Center features include:
A knowledge base containing thousands of technical solutions to support yourCitrix environment
An online product documentation library
Interactive support forums for every Citrix product
Access to the latest hotfixes and service packs
http://www.citrix.com/support/http://www.citrix.com/support/http://www.citrix.com/support/http://www.citrix.com/support/http://www.citrix.com/support/8/13/2019 AG GettingStarted
7/34
Chapter 1 Introduction 7
Security bulletins
Online problem reporting and tracking (for users with valid support contracts)
Another source of support, Citrix Preferred Support Services, provides a range ofoptions that allows you to customize the level and type of support for your
organizations Citrix products.
Subscription AdvantageSubscription Advantage gives you an easy way to stay current with the latestserver-based software functionality and information. Not only do you get automatic
delivery of feature releases, software upgrades, enhancements, and maintenancereleases that become available during the term of your subscription, you also get
priority access to important Citrix technology information.
You can find more information on the Citrix Web site athttp://www.citrix.com/services/ (select Subscription Advantage). You can alsocontact your Citrix sales representative or a member of the Citrix Solutions
Network for more information.
Knowledge Center WatchesThe Citrix Knowledge Center allows you to configure watches. A watch notifies
you if the topic you are interested in was updated. Watches allow you to stay
notified of updates to Knowledge Base or Forum content. You can set watches on
product categories, document types, individual documents, and on Forum product
categories and individual topics.
To set up a watch, log on to the Citrix Support Web site athttp://support.citrix.com. After you are logged on, in the upper right corner, click
My Watches and follow the instructions.
Education and TrainingCitrix offers a variety of instructor-led training and Web-based training solutions.Instructor-led courses are offered through Citrix Authorized Learning Centers(CALCs). CALCs provide high-quality classroom learning using professional
courseware developed by Citrix. Many of these courses lead to certification.
Web-based training courses are available through CALCs, resellers, and from theCitrix Web site.
Information about programs and courseware for Citrix training and certification isavailable from http://www.citrix.com/edu/.
http://www.citrix.com/services/http://www.citrix.com/services/http://www.citrix.com/services/http://www.citrix.com/services/http://www.citrix.com/edu/http://www.citrix.com/edu/http://www.citrix.com/edu/http://www.citrix.com/edu/http://www.citrix.com/services/8/13/2019 AG GettingStarted
8/34
8 Getting Started with Citrix Access Gateway
Related DocumentationFor additional information about the Access Gateway, refer to these documents:
Access Gateway Administrators Guide
Access Gateway Pre-Installation Checklist
Access Gateway Readme
For additional information about Advanced Access Control, refer to these
documents:
Advanced Access Control Administrators Guide
Upgrade Guide for Advanced Access Control
Advanced Access Control Readme
8/13/2019 AG GettingStarted
9/34
CHAPTER2
Installing the Access Gateway
Citrix Access Gateway is a universal SSL virtual private network (VPN) that
provides secure, always on, single-point-of-access to any information resource. It
combines the best features of IP Security (IPSec) and typical SSL VPNs without the costly and cumbersome implementation and management to make
access easy for users, secure for the company, and low cost for IT administrators.
Key features include:
Hardened appliance that supports up to 2000 concurrent users at 300
megabits per second (Mbps)
Supports all applications and protocols, including Voice over IP
Industry standard encryption that secures and protects information with
SSL/TLS encryption
Desk-like access provides users with the same network and application
access as if they are physically connected to the network
Integrated endpoint security provides a combination of logon time and
continuous real-time monitoring to ensure that the device is safe to remain
connected to the network
Integration with Citrix Presentation Server providing integrated secure
gateway functionality and support for Presentation Server-hosted
applications
Integration with Advanced Access Control providing secure, single-point
access to any enterprise resource, including email, applications, network
file services, Internet and intranet sites, and documents
The Access Gateway installs in any network infrastructure without requiringchanges to the existing hardware or back-end software. It works with other
networking products such as server load balancers, cache engines, firewalls,
routers, and IEEE 802.11 wireless devices.
Installed in the corporate demilitarized zone (DMZ), the Access Gateway
participates on two networks: a private network and a public network with a
publicly routable IP address. The Access Gateway can also partition local area
8/13/2019 AG GettingStarted
10/34
10 Getting Started with Citrix Access Gateway
networks internally in the organization for access control and security between
wired or wireless and data and voice networks.
The following topics describe how to prepare for and perform the installation of
the Access Gateway:
Preparing for Installation
Setting Up the Access Gateway Hardware
Preparing for InstallationTo install the Access Gateway, verify that the contents of the box match the
packing list. If an item on the packing list is missing from the box, contact Citrix
Customer Care.
Materials and Information Needed for Installation
Before installing the Access Gateway, collect materials for the initialconfiguration and for the connection to your network.
For initial configuration, use oneof the following setups:
A cross-over cable and Windows computer
Two network cables, a switch, and a Windows computer
A serial cable and a computer with terminal emulation software
For a connection to a local area network, use the following items:
One network cable to connect the Access Gateway inside of a firewall or to
a server load balancer
Two network cables to connect the Access Gateway located in the
demilitarized zone (DMZ) to the public and private networks
Collect the following network information:
If locating the Access Gateway inside the firewall, identify the Access
Gateway internal and external IP addresses and subnet masks
Note For detailed information about Access Gateway configuration andsecurity considerations, see theAccess Gateway Administrators Guide. If you
are using Advanced Access Control, see theAdvanced Access Control
Administrators Guide.
8/13/2019 AG GettingStarted
11/34
Chapter 2 Installing the Access Gateway 11
The IP address of your firewall (the default gateway device)
The port to be used for connections
If the Access Gateway is in the DMZ:
The Access Gateway internal IP address and subnet mask
The Access Gateway external IP address and subnet mask
The Access Gateway external IP address or host name for network
address translation (NAT)
The IP address of your firewall (the default gateway device)
The port to be used for connections
If the Access Gateway is in front of a router and you want to create
static routes rather than having the Access Gateway listen for
dynamic routes
If connecting the Access Gateway to a server load balancer:
The Access Gateway IP address and subnet mask
The IP address of the server load balancer (the default gateway device)
The fully qualified domain name (FQDN) of the server load balancer to be
used as the External Public Address of the Access Gateway
The port to be used for connections
Setting Up the Access Gateway HardwareThis section provides procedures for setting up the Access Gateway for the first
time. For more information about the materials and equipment needed to set up
the Access Gateway, see Materials and Information Needed for Installation on
page 10.
Note The Access Gateway does not work with Dynamic Host ConfigurationProtocol (DHCP). The Access Gateway requires the use of static IP addresses.
8/13/2019 AG GettingStarted
12/34
12 Getting Started with Citrix Access Gateway
To physically connect the Access Gateway
1. Install the Access Gateway in a rack if it is rack-mounted.
For more information, see Access Gateway Rack Mounting Kit on page
23.
2. Connect the power cord to the AC power receptacle.
3. Choose one of the following ways to perform the initial configuration of the
Access Gateway.
The preconfigured IP address of the Access Gateway is 10.20.30.40.
Access Gateway connection options using a cross-over cable, a network switch, or
terminal emulation
To connect the Access Gateway using network cables
If you use a cross-over cable or two network cables and a switch, power on the
Access Gateway.
After about three minutes, the Access Gateway is ready for its initial
configuration with your network. Continue with Using the Access Gateway
Administration Tool on page 14.
To connect the Access Gateway using a serial cable
1. Connect the null-modem cable to the 9-pin serial port on the Access
Gateway and connect the cable to a computer that is capable of running
terminal emulation software.
2. On the computer, start a terminal emulation application such asHyperTerminal.
3. Set the serial connection to 9600 bits per second, 8 data bits, no parity, 1
stop bit. Hardware flow control is optional.
4. Turn on the Access Gateway. The serial console appears on the computer
terminal after about three minutes.
8/13/2019 AG GettingStarted
13/34
Chapter 2 Installing the Access Gateway 13
5. On the serial console, enter the default administrator credentials. The user
name is rootand the default password is rootadmin.
6. To set the IP address and subnet mask and the default gateway device for
Interface 0, type 0and press Enterto choose Express Setup. After you
respond to the prompts, the information you entered appears. To commit
your changes, type y; the Access Gateway restarts.
7. To verify that the Access Gateway can ping a connected network device,
type 1and enter the IP address of the device.
8. Remove the serial cable and connect the Access Gateway to a Windows
computer using either a cross-over cable or network cable and then turn on
the Access Gateway.
9. Configure the Access Gateway using the Administration Tool.
Using the Access Gateway Administration PortalThe Administration Portal allows you to make basic configuration changes. On
the Administration Portal, you can:
Change the administrator password
Upload licenses
Download documentation
Modify portal page templates
Modify a sample email for end users
View Access Gateway logs
Upload certificates
Upload a saved configuration or a software upgrade
Save the Access Gateway configuration
Restart and shut down the Access Gateway
To access the Administration Portal
1. From a Web browser on the computer connected to the Access Gateway,
enter the default Web address of https://10.20.30.40:9001. The
administration port is 9001.
2. If a certificate is not installed on the Access Gateway, a security alert dialog
box appears. Click Yes.
The Access Gateway Administration Portal appears.
8/13/2019 AG GettingStarted
14/34
14 Getting Started with Citrix Access Gateway
If you see a Security Warning dialog box, click Yesto download the
required ActiveX Helper client.
3. When prompted, enter rootfor user name and rootadminfor password.
ActiveX HelperWhen the user connects to the Web Interface portion of the Access Gateway and
logs on, net6helper.cab, an ActiveX control is installed. This file provides three
main functions:
It launches the client from the Web page instead of having to manually
download the executable and then launching the Secure Access Client.
It performs pre-authentication checks for the Web page.
It provides single sign-on for the full client. When the Secure Access Client
is started from the Web page, the Secure Access Client does not prompt the
user to log on again.
Using the Access Gateway Administration ToolCitrix Access Gateway is configured using the Access Gateway Administration
Tool. The Administration Tool is installed on a Windows computer in the secure
network and configures the Access Gateway settings, such as network
configuration and user groups. When complete, settings can be published to all
installed Access Gateway appliances. In addition, the Administration Tool makes
it easy for you to configure network settings, authentication, users, and group
policies.
The Administration Tool is installed from the Access Gateway Administration
Portal.
To install the Administration Tool
1. In the Access Gateway Administration Portal, click Downloads.
2. Under Administration , click Download Administration Tool Installer.
The Administration Tool is installed on your computer.
3. To open the Administration Tool, on the desktop, double-click the icon.
Note If you are upgrading to Version 4.2 from previous versions, uninstall theAdministration Tool before installing the new version. To uninstall the
Administration Tool, use Add/Remove Programs in Control Panel.
8/13/2019 AG GettingStarted
15/34
Chapter 2 Installing the Access Gateway 15
Configuring the Access Gateway for Your
NetworkFollow one of the procedures below to configure the network settings. The
following three graphics show the most common configurations:
Access Gateway located inside the firewall
Access Gateway located in the DMZ
8/13/2019 AG GettingStarted
16/34
16 Getting Started with Citrix Access Gateway
Access Gateways deployed behind a server load balancer
To configure network settings inside the firewall or behind a server load
balancer
1. In the Access Gateway Administration Tool, click the Access Gateway
Cluster tab and then click the Networkingtab.
2. SelectUse only interface 0and in IP Address,type the Access Gateway
internal IP address for Interface 0.
3. In Subnet mask,type the value.
4. Click Submit.
Note You do not need to restart the Access Gateway until you complete allconfiguration steps.
8/13/2019 AG GettingStarted
17/34
8/13/2019 AG GettingStarted
18/34
18 Getting Started with Citrix Access Gateway
Installing LicensesWhen you purchase the Access Gateway, license codes are delivered to you by
email or appear on the license card in the Connection License Pack. These
licenses are also available from the MyCitrix Web site at
http://www.mycitrix.com.
To download licenses from the Citrix Web site
Click Licensing > Citrix Activation System > View Purchased Licenses.
If you are a Subscription Advantage customer, use the Licensing > Fulfillment
menu on the MyCitrix Web site to obtain the licenses and download the latest
product image.
If you received an email, follow the instructions contained in the email todownload your license file(s).
For deployments of Access Gateway that include Advanced Access Control, copy
the license file to your license server using the License Management Console.
If using the Access Gateway without Advanced Access Control, upload the
license file directly to the appliance.
To install a license file on the Access Gateway
1. In the Administration Tool, click the Access Gateway Clustertab and then
click the Licensing tab.
2. Click Browseand locate the .lic file that you want to upload.
3. Click Opento upload the license file.
Important Citrix recommends that you retain a local copy of all license filesthat you receive. When you save a backup copy of the configuration file, all
uploaded license files are included in the backup. If you need to reinstall the
Access Gateway server software and do not have a backup of the configuration,
you will need the original license files.
Note You can also install the license file using the Administration Portal.
8/13/2019 AG GettingStarted
19/34
Chapter 2 Installing the Access Gateway 19
Testing Your ConfigurationTo test your configuration, create a test user and then log on using the credentialsthat you set up for the user.
To test your configuration
1. Open the Administration Tool.
2. Click the Access Policy Manager tab.
3. Right-click the Local Users folder in the left pane and click New User.
4. In the Username dialog box, type a user name, the password twice, and
click OK.
5. In a Web browser, type the address of the Access Gateway using either the
IP address or fully qualified domain name (FQDN) to connect to either the
internal or external interface. The format should be either https://ipaddress
or https://FQDN.
6. Type the logon credentials. The Access Gateway Secure Accesspage
appears.
7. Click My own computerand then click Connect.
The Secure Access Client connection icon appears in the notification tray,
indicating a successful connection.
The initial configuration is complete. You can connect to all of your network
resources, such as email, Web servers, and file shares as if you are in the office.
To test the connection, try connecting to the applications and resources that areavailable from the corporate network.
Refer to the online Help and theAccess Gateway Administrators Guidefor
detailed information about the many configuration and customizing options for
the Access Gateway.
Firewall ConfigurationConfigure your firewall so that the port is open for the external IP address of the
Access Gateway. The default port is 443. Map the external IP address of the
Access Gateway to its internal IP address. For specific information about
configuring your firewall, see the manufacturers documentation.
8/13/2019 AG GettingStarted
20/34
20 Getting Started with Citrix Access Gateway
Access Gateway Configuration Using Advanced Access
ControlIf you purchased the Access Gateway with Advanced Access Control, you must
enable the Access Gateway to communicate with the Advanced Access Control
and turn on its granular access control features. To do this, in the Access
Gateway Administration Tool, select Advanced Access Control to manage
settings for the gateway cluster(s) in your access server farm. Afterward, you can
use the Administration Tool to manage appliance-specific settings only.
To enable Advanced Access Control
1. On the Access Gateway Clustertab, select an Access Gateway, and click
the Advanced Options tab.
2. Do one of the following:
If the Access Gateway is going to be configured using the
Administration Tool, select The Administration Tool - configures
appliances onlyand then click Submit.
If the Access Gateway is going to be configured using the Access
Suite Console, select Advanced Access Control - includes an
access server farm. Continue with Steps 4 through 8.
3. Select Get Appliance Configuration from Advanced Access Server.
4. In Server running Advanced Access Control, type the IP address or
FQDN of the server that is running the Access Suite Console.
5. In Advanced Access Control Logon Agent Root, type the path to the
logon point virtual directory. The default is /CitrixLogonPoint.
Caution When you select the Advanced Access Control for managing the
Access Gateway global settings, the corresponding settings in the AdministrationTool are deactivated and any existing configuration values are removed. If you
configured these settings with the Administration Tool before selecting the
Advanced Access Control, you must configure these settings again using the
Access Suite Console. For more information about configuring these settings in
the console, see theAdvanced Access Control Administrators Guide.
If you disable administration with the Advanced Access Control, settings in the
Access Suite Console are deactivated and existing configuration values are
removed.
8/13/2019 AG GettingStarted
21/34
Chapter 2 Installing the Access Gateway 21
For more information about the Logon Point, see theAdvanced Access
Control Administrators Guide.
6. To encrypt communication between the Access Gateway and the server
running Advanced Access Control, select Secure server communication.
7. Click Submit.
The server or servers that are configured to connect to the Access Gateway are
listed in Advanced Access Control Servers. To remove a server from the list,
select the server and then click Remove.
Third-Party SoftwareCitrix recommends that you do not install any third-party software on the Access
Gateway. The installation of third-party software is not supported.
8/13/2019 AG GettingStarted
22/34
22 Getting Started with Citrix Access Gateway
8/13/2019 AG GettingStarted
23/34
CHAPTER3
Access Gateway Rack Mounting Kit
The Access Gateway Rack Mounting Kit is used to install the Access Gateway in
a four-post or two-post rack. This chapter describes installing the Access
Gateway in a rack.The rack-mounting kit includes two sets of rail assemblies, two rail mounting
brackets, and the mounting screws that you need to install the system into the
rack. Follow the steps in the order given to complete the installation process in a
minimum amount of time. Read this chapter in its entirety before you begin the
installation.
Separating the Rail SectionsEach of the rail assemblies consist of two sections: an inner fixed chassis rail that
secures to the Access Gateway (A) and an outer fixed rack rail that secures
directly to the rack itself (B), as illustrated below. A sliding rail guide sandwichedbetween the two should remain attached to the fixed rack rail. The rails must be
separated to begin the installation.
Separating the rails and the mounting holes in the Access Gateway
8/13/2019 AG GettingStarted
24/34
24 Getting Started with Citrix Access Gateway
To separate rails A and B
1. Pull the fixed chassis rail (A) out as far as possible you will hear a clickas a locking tab emerges from inside the rail assembly and locks the inner
rail.
2. Depress the locking tab to pull the inner rail completely out. Do this for
both the left and right side rack rail assemblies.
Connecting the Chassis Rails to the Access GatewayBoth chassis rails have a locking tab that serve two functions. The first function is
to lock the Access Gateway into place when installed and pushed fully into the
rack, which is its normal position. The second function is to lock the server in
place when the rail is fully extended from the rack. This prevents the server fromcoming out of the rack when you pull it out for servicing.
To connect the chassis rails to the Access Gateway
1. Position the fixed chassis rail sections (A) that you just removed along the
side of the server, making sure the five screw holes align. Note that the right
and left rails are specific.
2. Screw the rail securely to the side of the chassis, as illustrated below.
3. Repeat this procedure for the other rail on the other side of the chassis.
4. If you are installing the server in a two-post rack, also attach the rail
brackets.
8/13/2019 AG GettingStarted
25/34
Chapter 3 Access Gateway Rack Mounting Kit 25
Connecting the rails to the Access Gateway
Connecting the Rack Rails to the RackDetermine where you want to place the Access Gateway in the rack. Position the
fixed rack rail/sliding rail guide assemblies (B) at the desired location in the rack
Screw the assembly securely to the rack using the brackets provided. Attach theother assembly to the other side of the rack, making sure that both are at the same
height and the rail guides are facing inward.
Installing the Access Gateway in a Four-Post RackYou now have the rails attached to both the Access Gateway and the rack unit.
The next step is to install the Access Gateway in the rack.
To install the Access Gateway in a four-post rack
1. Line up the rear of the chassis rails with the front of the rack rails.
2. Slide the chassis rails into the rack rails, keeping pressure even on bothsides. You may have to depress the locking tabs while inserting the Access
Gateway. Refer to the illustration below.
When the Access Gateway is pushed completely into the rack, you will hear
the locking tabs click.
8/13/2019 AG GettingStarted
26/34
26 Getting Started with Citrix Access Gateway
3. Finish by inserting and tightening the thumbscrews that hold the front of
the Access Gateway to the rack.
Inserting the Access Gateway in a four-post rack
Installing the Access Gateway in a Two-Post RackIf you are installing the server in a two-post (Telco) rack, follow the directions
given on the previous pages for rack installation. The only difference in the
installation procedure is the positioning of the rack brackets to the rack. Space
them apart just enough to accommodate the width of the Telco rack, as illustrated
below.
8/13/2019 AG GettingStarted
27/34
Chapter 3 Access Gateway Rack Mounting Kit 27
Installing the Access Gateway in a two-post (Telco) rack
8/13/2019 AG GettingStarted
28/34
28 Getting Started with Citrix Access Gateway
8/13/2019 AG GettingStarted
29/34
CHAPTER4
Specifications and BIOS Self-TestMessages
This chapter reviews the hardware specifications of the Access Gateway and theBIOS self-test messages.
8/13/2019 AG GettingStarted
30/34
30 Getting Started with Citrix Access Gateway
Specifications
BIOS Self-Test MessagesDuring the Power-On Self-Test (POST), the BIOS checks for errors. If the BIOS
detects an error that requires correction, the BIOS activates an alarm or displays a
message, as follows:
POST beep codes
A single long beep followed by two short beeps indicates that a video
error occurred and that the BIOS cannot initialize the video screen to
display any additional information
A single long beep that sounds repeatedly indicates that a Rambus
error occurred
Error messages
If a message is displayed, it will be accompanied by the following:
PRESS F1 TO CONTINUE, CTRL-ALT-ESC OR DEL TO ENTER
SETUP.
One or more of the following messages may appear if the BIOS detects an
error during the POST. This list includes messages for both the ISA and the
EISA BIOS.
APPENDIX A
Processor Pentium 4 2.8Ghz HyperThreading 800MHz front side bus
Memory 1 gigabyte (GB) PC3200 (400MHz)
Power supply 260W, 12V+
Maximum BTU/hr 887.15
System cooling fan 1 x 10cm blower fan
Drive bay 1 x 3.5 inch internal drive bay; 40 GB
Drives 1 x Slim 32x CD-ROM drive1 x 3.5 inch 1.44MB floppy drive
Network adapters Dual Intel gigabit network adaptersSystem monitoring LED indicators for power on, network activity, IDE HDD activity, overheat warning, and
drive failure
Chassis size 16.7 inches x 1.7 inches x 14 inches (1RU)
Accessories Rack-mounting kit
8/13/2019 AG GettingStarted
31/34
Chapter 4 Specifications and BIOS Self-Test Messages 31
CMOS BATTERY HAS FAILED. The CMOS battery is no longer functional.
Replace the battery.
CMOS CHECKSUM ERROR. The CMOS checksum is incorrect. This can
indicate that CMOS is corrupted. This error might be the result of a weak battery.
Check the battery and replace if necessary.
DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER.No boot device was found. This could mean that either a boot drive was not
detected or the drive does not contain the proper system boot files. Insert a system
disk into drive A and press Enter. If you expected the system to restart from the
hard drive, make sure the controller is inserted correctly and all cables are
properly attached. Also make sure the disk is formatted as a boot device. Then
restart the system.
DISKETTE DRIVES OR TYPES MISMATCH ERROR - RUN SETUP.The type of diskette drive installed in the system is different from the CMOS
definition. Run Setup to reconfigure the drive type correctly.
DISPLAY SWITCH IS SET INCORRECTLY. The display switch on the
motherboard can be set to either monochrome or color. This indicates that the
switch is set to a different setting than indicated in Setup. Determine which
setting is correct, and then either turn off the system and change the jumper or
enter Setup and change the VIDEO selection.
DISPLAY TYPE HAS CHANGED SINCE LAST BOOT. Since last turning
off the system, the display adapter was changed. You must configure the system
for the new display type.
ERROR ENCOUNTERED INITIALIZING HARD DRIVE. The hard drive
cannot be initialized. Be sure the adapter is installed correctly and all cables are
correctly and firmly attached. Also be sure the correct hard drive type is selected
in Setup.
ERROR INITIALIZING HARD DISK CONTROLLER. Cannot initialize
the controller. Make sure the cord is correctly and firmly installed in the bus. Be
sure the correct hard drive type is selected in Setup. Also check to see if any
jumper needs to be set correctly on the hard drive.
KEYBOARD ERROR OR NO KEYBOARD PRESENT. Cannot initialize
the keyboard. Make sure the keyboard is attached correctly and no keys are beingpressed during start up. If you are intentionally configuring the system without a
keyboard, set the error halt condition in Setup to HALT ON ALL, BUT
KEYBOARD. This causes the BIOS to ignore the missing keyboard and continue
to start.
8/13/2019 AG GettingStarted
32/34
32 Getting Started with Citrix Access Gateway
Memory Address Error at ... Indicates a memory address error at a specific
location. You can use this location along with the memory map for your system to
find and replace the faulty memory chips.
Memory parity Error at ... Indicates a memory parity error at a specific
location. You can use this location along with the memory map for your system to
find and replace the faulty memory chips.
Memory Verify Error at ... Indicates an error verifying a value already written
to memory. Use the location along with your systems memory map to locate the
faulty chip.
OFFENDING ADDRESS NOT FOUND. This message is used in conjunction
with the I/O CHANNEL CHECK and RAM PARITY ERROR messages when
the segment that caused the problem cannot be isolated.
OFFENDINGSEGMENT. This message is used in conjunction with the I/O
CHANNEL CHECK and RAM PARITY ERROR messages when the segment
that caused the problem is isolated.
PRESS A KEY TO REBOOT. This is displayed at the bottom of the screen
when an error occurs that requires you to restart. Press any key and the system
will restart.
PRESS F1 TO DISABLE NMI, F2 TO REBOOT. When BIOS detects a Non-
maskable Interrupt condition during start, this allows you to disable the interrupt
condition and continue to start, or you can restart the system with the interrupt
condition enabled.
RAM PARITY ERROR - CHECKING FOR SEGMENT ... Indicates a
parity error in random access memory (RAM).
SYSTEM HALTED, (CTRL-ALT-DEL) TO REBOOT ... Indicates the
present start attempt is aborted and the system must be restarted. Press and hold
down the CTRL+ALT+DEL keys.
Hard Disk(s) fail (80) HDD reset failed.
Hard Disk(s) fail (40) HDD controller diagnostics failed.
Hard Disk(s) fail (20) HDD initialization error.
Hard Disk(s) fail (10) Unable to recalibrate fixed disk.
Hard Disk(s) fail (08) Sector Verify failed.
Keyboard is locked out - Unlock the key. BIOS detected that the keyboard is
locked. P17 of the keyboard controller is pulled low.
8/13/2019 AG GettingStarted
33/34
Chapter 4 Specifications and BIOS Self-Test Messages 33
Keyboard error or no keyboard present. Cannot initialize the keyboard.
Make sure that the keyboard is attached correctly and no keys are being pressed
during start up.
Manufacturing POST loop. The system repeats the POST procedure infinitely
while P15 of the keyboard controller is pulled low. This is also used for M/B burn
in testing.
BIOS ROM checksum error - System halted. The checksum of ROM address
F0000H-FFFFFH is faulty.
Memory test fail. BIOS reports a memory test failure if the onboard memory
has an error.
8/13/2019 AG GettingStarted
34/34
34 Getting Started with Citrix Access Gateway