10
Secure Gateway Pre-Installation Checklist For other guides in this document set, go to the Document Center The Secure Gateway for Windows

Secure Gateway Checklist

Embed Size (px)

Citation preview

Page 1: Secure Gateway Checklist

Secure Gateway Pre-Installation ChecklistFor other guides in this document set, go to the Document Center

The Secure Gateway for Windows

Page 2: Secure Gateway Checklist

Use of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. Copies of the End User License Agreement are included in the /Documentation/language directory of the Citrix MetaFrame product CD containing Secure Gateway for MetaFrame software.

Copyright and Trademark NoticeInformation in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.

Copyright © 2001−2007 Citrix Systems, Inc. All rights reserved.

Citrix, ICA (Independent Computing Architecture), MetaFrame, MetaFrame XP, Citrix Presentation Server, and Program Neighborhood are registered trademarks, and Citrix Solutions Network is a trademark of Citrix Systems, Inc. in the United States and other countries.

RSA Encryption © 1996−1997 RSA Security Inc., All Rights Reserved.

Trademark AcknowledgementsACE/Server, ACE/Agent, RSA, and SecurID are registered trademarks or trademarks of RSA Security Inc.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

All other trademarks and registered trademarks are the property of their respective owners.

Document Code: January 17, 2007 6:51 pm (SV)

Page 3: Secure Gateway Checklist

Go to Document Center

OverviewThis document contains a checklist of the tasks and planning information you must complete before you install the Secure Gateway.

Important While the Secure Gateway for Windows functionality has not changed since Citrix Presentation Server 3.0, it is important to install the Citrix hotfix SGE300W003 and its replacements before starting the Secure Gateway. See the “Server Reserved for the Secure Gateway for Windows” section beginning on page 5. If you do not install this hotfix, newer clients cannot use the Session Reliability feature of Secure Gateway. Session Reliability is enabled by default in Citrix Presentation Server 4.5

Space is provided so that you can check off each task as you complete it. Make note of the configuration values needed during the installation and configuration of the Secure Gateway. General steps are also provided for the tasks you need to perform to ensure Citrix Presentation Server, the Web Interface, and Citrix Presentation Server Clients are configured and functioning correctly.

Citrix recommends that you print and fill out this checklist before proceeding with the installation. See the Secure Gateway for Windows Administrator’s Guide for instructions about installing and configuring the Secure Gateway.

Page 4: Secure Gateway Checklist

4 Secure Gateway Pre-Installation Checklist Go to Document Center

Choose the Option that Represents Your Secure Gateway Deployment

Pre-installation tasks required to set up and evaluate the Secure Gateway in a Secure Access to Citrix Presentation Server scenario are described in this document. In this scenario, you deploy the Secure Gateway for Windows to provide secure access to published resources within a server farm. Print and complete information as you follow the instructions in this checklist.

For information about advanced deployment scenarios supported by the Secure Gateway for Windows, including double-hop DMZ deployment and securing all communication links, see the Secure Gateway for Windows Administrator’s Guide.

Secure Access to Citrix Presentation Server

This illustration shows a typical Secure Gateway deployment used to secure a server farm. The network is divided into three segments. The unsecured network contains a client device running a Web browser and Citrix Presentation Server Client. The demilitarized zone contains the Secure Gateway and Web Interface components, and the secure network contains a server farm running the Citrix XML Service and the Secure Ticket Authority. A firewall separates the unsecured network from the demilitarized zone and a second firewall separates the demilitarized zone from the secure network. Root and server certificates are installed to enable secure communications.

Page 5: Secure Gateway Checklist

Go to Document Center 5

Client Devices

On the Firewall between the Unsecured Network and the DMZ

Server Reserved for the Secure Gateway for Windows

1. Ensure client devices meet the installation prerequisites described in the Secure Gateway for Windows Administrator’s Guide.

2. Ensure client devices have root certificates that correspond to the server certificate on the destination server in the DMZ.

3. Ensure port 443 (default SSL port) on the firewall is open between the Internet and the server running the Secure Gateway.

4. Ensure this server meets the installation prerequisites described in the Secure Gateway for Windows Administrator’s Guide.

5. Enter the IP address for this server.

6. Ensure a server certificate with a key bit length of 1024 or higher is installed on the server running the Secure Gateway.

7. Enter the Fully Qualified Domain Name (FQDN) of this server.Important: Ensure the FQDN entered matches the FQDN that appears in the CN (Common Name) field on the Subject line of the server certificate installed on this machine.

Page 6: Secure Gateway Checklist

6 Secure Gateway Pre-Installation Checklist Go to Document Center

8. Optional. If this server communicates with a secure server in the DMZ or the secure network, install a root certificate (that corresponds to the server certificate on the destination server) on this server.

9. Restart the server on which you installed Secure Gateway.

10. Install the Secure Gateway hotfix SGE300W003 or its replacements on the Secure Gateway server. This hotfix is available from the \Secure Gateway\Windows folder of the Citrix Presentation Server 4.5 Components CD. This hotfix is also available from the Citrix Web site. Go to the Hotfixes, Rollups & Service Packs section of the Citrix Knowledge Center ( http://support.citrix.com/hotfixes.jsp) and browse to the Secure Gateway 3.0 hotfix (SGE300W003) or its replacements.

Important Before clients connect to the Secure Gateway, you must install this hotfix. If you do not install this hotfix on your Secure Gateway server, the ICA Java Client (version 9.3 and higher) and the Presentation Server Client for Windows (version 9.200 and higher) cannot use the Session Reliability feature of Secure Gateway. Session reliability is enabled by default in Presentation Server 4.5.

For additional information about the hotfix, see the document, “Installation Notes for Citrix Secure Gateway,” which is available in the following location of the Citrix Presentation Server 4.5 Components CD: \Secure Gateway\Windows\secure_gateway_install_notes.htm.

Page 7: Secure Gateway Checklist

Go to Document Center 7

Server Running the Web Interface

11. Do you intend to run the Web Interface and the Secure Gateway on a single server (Yes/No)?If you answered Yes, skip to Step 14.

12. If you are running the Web Interface on a separate server, enter its IP address.

13. Do you plan to secure communications between the Web Interface and the Secure Gateway (Yes/No)?If you answered No, skip to Step 14.

14. Ensure a server certificate is installed on the server running the Web Interface.

15. Enter the FQDN of this server.Important: Ensure the FQDN entered matches the FQDN that appears in the CN (Common Name) field on the Subject line of the server certificate installed on this machine.

16. Optional. If this server communicates with a secure server in the DMZ or the secure network, install a root certificate (that corresponds to the server certificate on the destination server) on this server.

17. Ensure the Web Interface is configured to provide access to published applications within a server farm.

Page 8: Secure Gateway Checklist

8 Secure Gateway Pre-Installation Checklist Go to Document Center

On the Firewall between the DMZ and the Secure Network

Server Farm

18. Ensure port 443 (default SSL port) is open if the Secure Gateway connects to any secure servers in the secure network.-or-Ensure port 80 (default HTTP port) is open.

19. Ensure port 443 is open if the Web Interface connects to any secure servers in the secure network.-or-Ensure port 80 (default HTTP port) is open.

20. Ensure port 1494 is open on the firewall between the Secure Gateway and the server(s) running Citrix Presentation Server.

21. If session reliability is enabled, ensure port 2598 is open.

22. Ensure your server farm is set up and configured for access to published applications.For help with configuring computers running Citrix Presentation Server, see the Citrix Presentation Server Administrator’s Guide.

23. Enter the the default virtual directory path /Scripts/CtxSTA.dll. If you changed the default path when you configured the Citrix XML Service to share a port with Internet Information Services on the server running Citrix Presentation Server, enter the correct path.

24. Enter the port used to communicate with the Secure Ticket Authority (STA). This is the same port used by the Citrix XML Service.

25. Do you plan to secure communications between servers in the DMZ and the server(s) running the STA? If you answered No, enter the FQDN of any server running the STA and skip to Step 27.

26. Ensure a server certificate is installed on each server running the STA with which the servers in the DMZ will communicate.

27. Enter the FQDN(s) of the secured server(s) running the STA.Important: Ensure the FQDN entered matches the FQDN that appears in the CN (Common Name) field on the Subject line of the server certificate installed on this machine.

Page 9: Secure Gateway Checklist

Go to Document Center 9

28. Enter the IP address(es) of the server(s) running the STA.

29. Do you plan to configure an outbound access control list in the Secure Gateway? If you answered Yes, enter the IP address range or IP addresses of the servers to include in the access control list. This list must include all servers with which the servers in the DMZ must communicate.

30. Is there a firewall separating the Secure Gateway and the computer(s) running Citrix Presentation Server? (Yes/No)If you answered No, skip the remaining question.

31. Is the firewall using NAT (Network Address Translation)? (Yes/No)If you answered Yes, do the following:• Ensure that altaddr is enabled on the computer(s) running Citrix

Presentation Server. The altaddr command is used to query and set the alternate (external) IP address that a computer running Citrix Presentation Server returns to clients requesting this information. The alternate address is an external address used by clients outside a firewall.

• Enable alternate addressing on the server running the Web Interface. See the Web Interface Administrator’s Guide for instructions about configuring alternate addressing.

Page 10: Secure Gateway Checklist

10 Secure Gateway Pre-Installation Checklist Go to Document Center


Secure IOT Gateway

Secure IOT Gateway

Technology
Magic Quadrant for Secure Web Gateway

Magic Quadrant for Secure Web Gateway

Documents
Citrix Secure Gateway Secure Ticket Authority Frequently ...€¦ · Citrix Secure Gateway Secure Ticket Authority Frequently Asked Questions This article answers some frequently

Citrix Secure Gateway Secure Ticket Authority Frequently ...€¦ · Citrix Secure Gateway Secure Ticket Authority Frequently Asked Questions This article answers some frequently

Documents
secure gateway

secure gateway

Documents
Vaultize Secure Content Access Gateway Data Sheet

Vaultize Secure Content Access Gateway Data Sheet

Documents
McAfee Appliance Version 4.0 Secure Internet Gateway (SIG)/Secure

McAfee Appliance Version 4.0 Secure Internet Gateway (SIG)/Secure

Documents
Secure Web Gateway SWG User Guide - Trustwave€¦ · • Management Console User Guide • Secure Web Gateway User Security Policies InDepth Guide • Secure Web Gateway User Identification

Secure Web Gateway SWG User Guide - Trustwave€¦ · • Management Console User Guide • Secure Web Gateway User Security Policies InDepth Guide • Secure Web Gateway User Identification

Documents
CommandCenter Secure Gateway - Raritan Inc.support.raritan.com/commandcenter-secure-gateway/version-4.2.0/... · CommandCenter Secure Gateway (CC-SG) provides a hardware-based management

CommandCenter Secure Gateway - Raritan Inc.support.raritan.com/commandcenter-secure-gateway/version-4.2.0/... · CommandCenter Secure Gateway (CC-SG) provides a hardware-based management

Documents
Secure Gateway-V1 - Infineon Technologies

Secure Gateway-V1 - Infineon Technologies

Documents
SVN5800 Secure Access Gateway - Huawei6-1 SVN5800 Secure Access Gateway SVN5800 series secure access gateways The development of networks allows enterprises to provide remote access

SVN5800 Secure Access Gateway - Huawei6-1 SVN5800 Secure Access Gateway SVN5800 series secure access gateways The development of networks allows enterprises to provide remote access

Documents
CommandCenter Secure Gateway - Raritan Inc.assets.raritan.com/resources/data_sheets/raritan-ds...CommandCenter ® Secure Gateway V1084 R7 Smart, Secure Remote Access and Control of

CommandCenter Secure Gateway - Raritan Inc.assets.raritan.com/resources/data_sheets/raritan-ds...CommandCenter ® Secure Gateway V1084 R7 Smart, Secure Remote Access and Control of

Documents
Secure Web Gateway

Secure Web Gateway

Documents
Gateway and secure micro services

Gateway and secure micro services

Software
Comodo Secure Web Gateway...Comodo Secure Web Gateway – Quick Start Guide Comodo Secure Web Gateway - Quick Start Guide Comodo Secure Web Gateway (SWG) is a real time web traffic

Comodo Secure Web Gateway...Comodo Secure Web Gateway – Quick Start Guide Comodo Secure Web Gateway - Quick Start Guide Comodo Secure Web Gateway (SWG) is a real time web traffic

Documents
Total Control Secure Transaction Gateway

Total Control Secure Transaction Gateway

Documents
M86 Security apresenta Secure Web Gateway

M86 Security apresenta Secure Web Gateway

Technology
Clearswift SECURE ICAP Gateway integration with … · integration with Barracuda NextGen Firewall ... Clearswift SECURE ICAP Gateway integration ... appropriate information security

Clearswift SECURE ICAP Gateway integration with … · integration with Barracuda NextGen Firewall ... Clearswift SECURE ICAP Gateway integration ... appropriate information security

Documents
BIG-IP Secure Web Gateway and Splunk templates Summary · BIG-IP Secure Web Gateway and Splunk templates . Summary . BIG-IP Secure Web Gateway (SWG) provides 26 specific reports that

BIG-IP Secure Web Gateway and Splunk templates Summary · BIG-IP Secure Web Gateway and Splunk templates . Summary . BIG-IP Secure Web Gateway (SWG) provides 26 specific reports that

Documents
Comodo Secure Web Gateway Administrator Guide · 2020-03-20 · Comodo Secure Web Gateway - Admin Guide 1 Introduction to Comodo Secure Web Gateway • Comodo Secure Web Gateway (SWG)

Comodo Secure Web Gateway Administrator Guide · 2020-03-20 · Comodo Secure Web Gateway - Admin Guide 1 Introduction to Comodo Secure Web Gateway • Comodo Secure Web Gateway (SWG)

Documents
CIRA Labs Secure Home Gateway Project SECURE HOME GATEWAY ...€¦ · Gateway (SHG) Prototype 7 MUD Server Repository / Curation openWRT Turris Omnia CZNIC SHG MUD Controller Supervisor

CIRA Labs Secure Home Gateway Project SECURE HOME GATEWAY ...€¦ · Gateway (SHG) Prototype 7 MUD Server Repository / Curation openWRT Turris Omnia CZNIC SHG MUD Controller Supervisor

Documents
Symantec Endpoint Protection + Secure Web Gateway

Symantec Endpoint Protection + Secure Web Gateway

Documents
Secure Services Gateway (SSG)Family Overview

Secure Services Gateway (SSG)Family Overview

Documents
TNS Secure SSL Gateway Product Sheet

TNS Secure SSL Gateway Product Sheet

Technology
Clearswift SECURE Email Gateway Evaluation Guide

Clearswift SECURE Email Gateway Evaluation Guide

Documents
SECURE Email Gateway v4 - Clearswift - Clearswift · SECURE Email Gateway – TLS configuration guide Page 6 of 40 3 Clearswift’s Application of TLS The Clearswift SECURE Email

SECURE Email Gateway v4 - Clearswift - Clearswift · SECURE Email Gateway – TLS configuration guide Page 6 of 40 3 Clearswift’s Application of TLS The Clearswift SECURE Email

Documents
Secure Email Gateway - Market Quadrant 2016 ∗

Secure Email Gateway - Market Quadrant 2016 ∗

Documents
Secure Web Gateway with mod_security and mod_proxy

Secure Web Gateway with mod_security and mod_proxy

Documents
Secure Gateway for Windows Administrator’s Guide Getting Started with the Secure Gateway The Secure Gateway for Windows Administrator’s Guide is designed to help anyone who plans,

Secure Gateway for Windows Administrator’s Guide Getting Started with the Secure Gateway The Secure Gateway for Windows Administrator’s Guide is designed to help anyone who plans,

Documents
CommandCenter Secure Gateway User Guidesupport.raritan.com/commandcenter-secure-gateway/version... · 2014-01-24 · Search for Nodes ... CommandCenter Secure Gateway User Guide

CommandCenter Secure Gateway User Guidesupport.raritan.com/commandcenter-secure-gateway/version... · 2014-01-24 · Search for Nodes ... CommandCenter Secure Gateway User Guide

Documents
Secure Web Gateway SWG User Guide

Secure Web Gateway SWG User Guide

Documents