downloadWhy can't I download this file?ST_WB_RW_IP_Address Clientless Access ProfileUnder Rewrite tab URL Rewrite
Note: This setting states that any FQDNs or domain suffixes defined under “Clientless Access Domains” in NetScaler Gateway, the NetScaler will rewrite (CVPN) the Web app content accordingly.ns_cvpn_default_inet_url_labelUnder Finding URLs tabAll fields must be emptyUnder Client Cookies tab ST_WB_CKIES_IP_AddressPattern set values
CsrfToken (Index 1)
ASP.NET_SessionId (Index 2)
CtxsPluginAssistantState (Index 3)
CtxsAuthId (Index 4)
Note: This setting states that any FQDNs or domain suffixes defined under “Clientless Access Domains” in NetScaler Gateway, the NetScaler will rewrite (CVPN) the Web app content accordingly.ns_cvpn_default_inet_url_labelUnder Finding URLs tabAll fields must be emptyUnder Client Cookies tab ST_WB_CKIES_IP_AddressPattern set values
CsrfToken (Index 1)
ASP.NET_SessionId (Index 2)
CtxsPluginAssistantState (Index 3)
CtxsAuthId (Index 4)
NO_RW_IP_Address Clientless Access Profile
| NO_RW_IP_Address Clientless Access Profile | |
| Under Rewrite tab | All fields must be empty |
| Under Finding URLs tab | All fields must be empty |
| Under Client Cookies tab | All fields must be empty |
Note: This Clientless Access Profile should disable all rewrite policies and settings that the NetScaler can apply to web applications. Why? Secure Browse needs to receive the Web URI content ‘untouched’ when traversing through the NetScaler.
This profile mainly applies when mobile users use Secure Web to navigate through Internal/External Web resources.
AC_OS_IP_Address Session Profile
| AC_OS_IP_Address Session Profile | |
| Under Client Experience tab Split Tunnel* *Note: This setting determines whether all MicroVPN traffic between mobile device and NetScaler Gateway should go through the virtual server. If set to OFF (default), all MicroVPN traffic will be intercepted by NetScaler. If set to ON, then, only internal traffic will be intercepted by NetScaler. For more information, please check this article http://support.citrix.com/article/CTX136914 | OFF |
| Session Time-out (minutes) | 1440 |
| Clientless Access | ON |
| Clientless Access URL Encoding | Clear |
| Plug-in Type* *Note: This setting determines whether or not, the NetScaler will accept MicroVPN connections. If the value is set to Java, MicroVPN will be disabled at the NetScaler Gateway level. | Windows/Mac OSX |
| Single Sign-on to Web Applications* *Note: This setting allows NetScaler and XenMobile Server perform Single Sign-on when users connect remotely to the XenMobile Store but also, to Web links (e.g. Intranet sites) via Secure Web. | ON |
| Credential Index* *Note: This setting determines what credentials will be passed over to the XenMobile Server. The “Primary” index is usually associated with the LDAP policy bound to the NetScaler Gateway virtual Server. If the customer is looking for two-factor authentication (e.g. RSA, Radius, OTP token, etc.), this setting must be changed. Follow the instructions in this article http://support.citrix.com/article/CTX125364 that also applies to the Secure Hub / XenMobile deployment. | Primary |
| Under Advanced Settings Split DNS | BOTH |
| Client Choices | OFF |
| Under Security tab Allow Authorization Action | ALLOW |
| Secure Browse* *Note: This is the setting that determines which component (Secure Hub or NetScaler) will rewrite the content in order to properly access Web applications. Secure Browse ON means the NetScaler will not rewrite the content via Client Access (CVPN). | ON |
| Under Published Applications tab ICA Proxy | OFF |
| Account Services Address* *Note: This value must match exactly the same name defined on the XenMobile Server FQDN. Failure to do so, mobile users will not be able to access the XenMobile Store after enrollment. | XenMobile Server URL (e.g. https://xms.domain.com) |
Note: All other settings not overwritten by this Session Profile, the NetScaler Gateway will use the Global Settings and apply them.
AC_AG_PLG_IP_Address Session Profile
| AC_AG_PLG_IP_Address Session Profile | |
| Under Client Experience tab Home Page | XenMobile App Controller – Receiver for Web site URL (Example - https://appc.domain.com/Citrix/StoreWeb) |
| Split Tunnel | OFF |
| Clientless Access | Allow |
| Clientless Access URL encoding | Clear |
| Plug-in Type | Windows/Mac OS X |
| Single Sign-on to Web Applications* *Note: This setting allows NetScaler and XenMobile Server perform Single Sign- on when users connect remotely to the XenMobile Store but also, to Web links (e.g. Intranet sites) via Secure Web. | ON |
| Credential Index* *Note: This setting determines what credentials will be passed over to the XenMobile Server. The “Primary” index is usually associated with the LDAP policy bound to the NetScaler Gateway virtual Server. If the customer is looking for two-factor authentication (e.g. RSA, Radius, OTP token, etc.), this setting must be changed. Follow the instructions in this article http://support.citrix.com/article/CTX125364 that also applies to the Secure Hub / XenMobile deployment. | Primary |
| Under Advanced Settings Split DNS | BOTH |
| Client Choices | OFF |
| Under Security tab Allow Authorization Action | ALLOW |
| Secure Browse* *Note: This is the setting that determines which component (Secure Hub or NetScaler) will rewrite the content in order to properly access Web applications. Secure Browse ON means the NetScaler will not rewrite the content via Client Access (CVPN). | ON |
| Under Published Applications tab ICA Proxy | OFF |
| Account Services Address* *Note: This value must match exactly the same name defined on the XenMobile Server FQDN. Failure to do so, desktop users using the NetScaler Gateway Plugin will not be able to access the Receiver for Web site remotely. | XenMobile App Controller URL (e.g. https://appc.domain.com) |
Note: All other settings not overwritten by this Session Profile, the NetScaler Gateway will use the Global Settings and apply them.
AC_WB_IP_Address Session Profile
| AC_WB_IP_Address Session Profile | |
| Under Client Experience tab Home Page | XenMobile App Controller – Receiver for Web site URL (Example - https://appc.domain.com/Citrix/StoreWeb) |
| Clientless Access | ON |
| Single Sign-on to Web Applications* *Note: This setting allows NetScaler and XenMobile Server perform Single Sign- on when users connect remotely to the XenMobile Store but also, to Web links (e.g. Intranet sites) via Secure Web. | ON |
| Credential Index* *Note: This setting determines what credentials will be passed over to the XenMobile Server. The “Primary” index is usually associated with the LDAP policy bound to the NetScaler Gateway virtual Server. If the customer is looking for two-factor authentication (e.g. RSA, Radius, OTP token, etc.), this setting must be changed. Follow the instructions in this article http://support.citrix.com/article/CTX125364 that also applies to the Secure Hub / XenMobile deployment. | Primary |
| Under Security tab Allow Authorization Action | ALLOW |
| Secure Browse* (This setting is not applicable for Receiver for Web connections) *Note: This is the setting that determines which component (Secure Hub or NetScaler) will rewrite the content in order to properly access Web applications. Secure Browse ON means the NetScaler will not rewrite the content via Client Access (CVPN). | ON |
| Under Published Applications tab ICA Proxy | OFF |
| Web Interface Address* *Note: This value must match exactly the same name defined on the XenMobile Server FQDN. Failure to do so, desktop users will not be able to access the Receiver for Web site remotely. | XenMobile App Controller – Receiver for Web site URL (Example - https://appc.domain.com/Citrix/StoreWeb) |
Note: All other settings not overwritten by this Session Profile, the NetScaler Gateway will use the Global Settings and apply them.
Additional Resources
downloadWhy can't I download this file?Citrix Secure Hub For Mac App
1. Install the Android Debug Bridge using
http://developer.android.com/tools/help/adb.html
2. Open the Tools directory and select:
Run the following commands:
5. If we are capturing ADB logs please use
Steps on how to collect XCODE logs:
1. Connect your iOS device to your Mac and then open Xcode. Select Window > Devices.
2. Screen will pop-up which has a list of devices connected to MAC machine
3. Select the device and then collect the logs
Objective
To make users aware on how they can collect the ADB logs and XCODE logs
Instructions
Steps on how to collect ADB logs:1. Install the Android Debug Bridge using
http://developer.android.com/tools/help/adb.html
2. Open the Tools directory and select:
- Android SDK Tools
- Android SDK Platforms-tools
- Android SDK Build-tools
- Phone>Settings>About Phone>Tap the 'Build Number' seven times. You should see get the message saying you are now a developer.
- Go to Developer options on phone and turn on USB debugging
Citrix Secure Hub For Macbook
4. To test whether adb is working properly, connect your Android device to your computer using a USB cable and run following command:Run the following commands:
5. If we are capturing ADB logs please use
adb shell logcat –v threadtime > <logfilename> (replace logfilename with the path to the log file)
6. Secure/Worx bundle should contain the device properties when we capture the Secure Hub logs and the MDX app logs however in future if we are in a situation where such an option isn’t available we can use Steps on how to collect XCODE logs:
1. Connect your iOS device to your Mac and then open Xcode. Select Window > Devices.
2. Screen will pop-up which has a list of devices connected to MAC machine
3. Select the device and then collect the logs