Securing Network Access through Citrix VPN

Citrix Gateway is a secure remote-access solution that is available as a hardware appliance and as a cloud service. It integrates seamlessly with other Citrix applications, including Citrix Virtual Apps and Desktops. Citrix VPN is the add-on that provides full Secure Sockets Layer (SSL) virtual private network (VPN) capabilities to Citrix Gateway, allowing users to access remote applications on internal networks securely from anywhere and using any device.

How Do You Connect Using Citrix VPN through the Citrix Gateway Plugin?

While Citrix Gateway is touted as easy to deploy and administer, this may not be so true if you are unfamiliar with Citrix products.

The most common deployment scenario involves putting the Citrix Gateway appliance in your organization’s perimeter network, adding more appliances to the network when required. If subscribed to the Citrix Gateway service, Citrix takes care of everything for you.

Central to using Citrix VPN is the deployment of the Citrix Gateway plugin on PCs and devices allowed to access remote applications on the network. With the Citrix Gateway plugin installed on those devices, a full VPN tunnel between the appliance and the connecting device is established whenever a user logs on to the network.

The Citrix Gateway plugin is available as a desktop application for Windows, macOS X and Linux machines, and as a mobile app for Android and iOS devices. It also supports every major browser on all supported platforms. Users may also choose to log on to Citrix Gateway from web browsers installed with the Citrix Gateway plugin for Java.

When using Citrix VPN for the first time, users authenticate to the secure URL on the Citrix Gateway appliance using their browsers. Upon successful login, users are prompted to download and install the Citrix Gateway plugin.

Once users install the Citrix Gateway plugin successfully, the next time they need to access the network using Citrix VPN, all they have to do is click the icon to try and establish a connection.

Two-factor authentication (2FA) for Citrix VPN is available via third-party appliances.

What Is the Citrix Always On VPN?

Always On VPN before Windows Logon is a feature in Citrix VPN that ensures Windows users have an always-on connection to the network. With Always On VPN, a VPN tunnel is established on a Windows device before user logon.

Citrix Always On VPN works like this:

Administrators must set an advanced policy for the Always On VPN feature before it can be used on the network. This policy entails creating an authentication profile, an authentication virtual server and authentication polices that are bound to the authentication profile. Thus, its setup can be complicated.

What Are the Benefits of Citrix VPN Always On Service?

The Citrix VPN Always On service does have its advantages, including:

What about Citrix Clientless VPN?

Citrix VPN also provides clientless VPN access to the network and web applications via web browsers. In this case, users are not required to install the Citrix Gateway plugin on their devices. This is crucial if users do not have access to their regular devices but need to connect to the network, albeit in a limited manner.

You can enable clientless access either globally or using a session policy for a user, group or virtual server. You can also encrypt the web address as an additional security measure. It is a good idea to turn this on, considering Citrix Gateway’s history of VPN server breaches.

Applications that can be set up for clientless access include Outlook Web Access, Outlook Web App and SharePoint 2007. While Citrix VPN provides preconfigured policies for these applications, you might want to configure your own policy since you cannot customize those policies.

Choose a Simpler Approach to Secure Your Environment with Parallels RAS

Parallels® Remote Application Server (RAS) offers a comprehensive solution for organizations looking for a secure remote-access solution for their applications and data.

Parallels RAS supports multifactor authentication (MFA) using Azure MFA, Duo, FortiAuthenticator, RADIUS and Google Authenticator, among other products. It enables the creation of unlimited independent sites inside the same farm, ensuring non-sharing of data, applications and desktops across sites. Management of your multi-tenancy environment is also more streamlined and done from a single pane of glass with the Parallels RAS Console.

Other Parallels RAS features include:

It also supports SSL or Federal Information Processing Standards (FIPS) 140-2 protocol encryption in compliance with the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR), among other standards and regulations.

Download the trial, and see for yourself how easy it is to use Parallels RAS for secure network access.