Netscaler – Optimal Gateway Routing

For authentication at Netscaler but routing directly between backend and client, i.e. when user is in the LAN but authentication shall be done at the Netscaler.

Edit the web.config file for the specific store (c:\inetpub\wwwroot\citrix\storename). Search for <optimalGatewayForFarmsCollection /> and replace with:

<optimalGatewayForFarmsCollection>
<optimalGatewayForFarms enabledOnDirectAccess=”true”>
<farms>
<farm name=”farmname” />
</farms>
</optimalGatewayForFarms>
</optimalGatewayForFarmsCollection>

For each farm, add additional <farm name=”farmname” /> tags.

For routing through a specific gateway, replace with:

<optimalGatewayForFarmsCollection>
<optimalGatewayForFarms enabledOnDirectAccess=”true”>
<farms>
<farm name=”farmname” />
</farms>
<optimalGateway key=”_” name=”deploymentname” stasUseLoadBalancing=”{true | false}” stasBypassDuration=”hh:mm:ss” enableSessionReliability=”{true | false}” useTwoTickets=”{true | false}”>
<hostnames>
<add hostname=”netscaler_gateway_fqdn:port” />
</hostnames>
<staUrls>
<add staUrl=”https://stapath/scripts/ctxsta.dll” />
</staUrls>
</optimalGateway>
</optimalGatewayForFarms>
</optimalGatewayForFarmsCollection>

The <optimalGateway …> configuration can be used from the lines above where there is a <gateway …> tag for each Netscaler Gateway you’ve configured in Storefront already. Easy way to get the key, staUrl, etc.

Posted in Citrix, Netscaler.