Restrict External Access to Published App, in the Advanced Access Control / Citrix Access Gateway forum on BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.

Restrict External Access to Published App, in the Advanced Access Control / Citrix Access Gateway forum on BrianMadden.com

rated by 0 users
This post has 2 Replies | 0 Followers

Not Ranked
Points 460
David Davis Posted: Thu, Oct 4 2007 1:21 PM
I have CAG 4.5.5 (DMZ), AAC 4.5, WI 4.6, and CPS 4.5. I am trying to restrict access to a published app from the external logon point for specific users only. I still want the published app to be available to all other users whether they use the internal or external logon point. I am able to setup a filter to block the app externally, but it does so for all users that login thru the external page. How do I make it only block a group of users or individuals? I have it setup as follows:

external logon point: CitrixEX
internal logon point: CitrixIN

access policy name: External (allows logon and access to web interface resource, filter set to External)
access policy name: Internal (allows logon and access to web interface resource, filter set to Internal)

filter name: External (associated with CitrixEX logon point)
filter name: Internal (associated with CitrixIN logon point)

On the properties of the published app, I have the Access Control settings set to any connection that meets any of the following filters set to:
Farmname: MyAAC Filter: Internal

Like I say, this works to block the app completely from the external site.....but I only want to block it for a subset of users, not everyone.

Hope this post kinda makes sense. Anyone have any ideas on what I may try?

Thanks,
Dave
  • | Post Points: 35
Top 100 Contributor
Points 1,510
Hello,

You can do this by working with access policies on your Citrix Farm.

When you publish a application on your citrix farm, you can set rules for access. By example : only allow access through Access Gateway

This is how you can publish applications twice, but with different user-groups attached. Or different subnets

I think this will be the solution to your problem

Regards,

Timco

All Computers wait at the same speed !

SBC Blog
http://www.virtualdutch.com

  • | Post Points: 5
Top 500 Contributor
Points 615
If you're using AAC why not set an accesspolicy that denies access for this group?

regards Pelle
  • | Post Points: 5
Page 1 of 1 (3 items) | RSS