Citrix Access Gateway Enterprise Edition

Citrix Access Gateway Enterprise Edition
Access Gateway Users Guide for the

Windows, Macintosh, Linux, and Unix
Platforms
Release 8.0
Citrix Systems, Inc.
CITRIX SYSTEMS, INC., 2005. ALL RIGHTS RESERVED. NO PART OF THIS DOCU-
MENT MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS
OR USED TO MAKE DERIVATIVE WORK (SUCH AS TRANSLATION, TRANSFORMA-
TION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTEN PERMISSION OF CITRIX
SYSTEMS, INC.
ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE AC-
CURATE, IT IS PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IM-
PLIED. USERS MUST TAKE ALL RESPONSIBILITY FOR THE USE OR APPLICATION OF
THE PRODUCT(S) DESCRIBED IN THIS MANUAL.
CITRIX SYSTEMS, INC. OR ITS SUPPLIERS DO NOT ASSUME ANY LIABILITY THAT
MAY OCCUR DUE TO THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN
THIS DOCUMENT. INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITH-
OUT NOTICE. COMPANIES, NAMES, AND DATA USED IN EXAMPLES ARE FICTITIOUS
UNLESS OTHERWISE NOTED.
The following information is for FCC compliance of Class A devices: This equipment has been test-
ed and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC
rules. These limits are designed to provide reasonable protection against harmful interference when
the equipment is operated in a commercial environment. This equipment generates, uses, and can
radiate radio-frequency energy and, if not installed and used in accordance with the instruction man-
ual, may cause harmful interference to radio communications. Operation of this equipment in a res-
idential area is likely to cause harmful interference, in which case users will be required to correct
the interference at their own expense.
Modifying the equipment without Citrix' written authorization may result in the equipment no longer
complying with FCC requirements for Class A digital devices. In that event, your right to use the
equipment may be limited by FCC regulations, and you may be required to correct any interference
to radio or television communications at your own expense.
You can determine whether your equipment is causing interference by turning it off. If the interfer-
ence stops, it was probably caused by the NetScaler Request Switch 9000 Series equipment. If the
NetScaler equipment causes interference, try to correct the interference by using one or more of the
following measures:
Move the NetScaler equipment to one side or the other of your equipment.
Move the NetScaler equipment farther away from your equipment.
Plug the NetScaler equipment into an outlet on a different circuit from your equipment. (Make sure
the NetScaler equipment and your equipment are on circuits controlled by different circuit breakers
or fuses.)
Modifications to this product not authorized by Citrix Systems, Inc., could void the FCC approval
and negate your authority to operate the product.
BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp, NetScaler, and NetScal-
er Request Switch are trademarks of Citrix Systems, Inc. Linux is a registered trademark of Linus
Torvalds. Internet Explorer, Microsoft, PowerPoint, Windows and Windows product names such as
Windows NT are trademarks or registered trademarks of the Microsoft Corporation. NetScape is a
registered trademark of Netscape Communications Corporation. Red Hat is a trademark of Red Hat,
Inc. Sun and Sun Microsystems are registered trademarks of Sun Microsystems, Inc. Other brand
and product names may be registered trademarks or trademarks of their respective holders.
Software covered by the following third party copyrights may be included with this product and will
also be subject to the software license agreement: Copyright 1998 Carnegie Mellon University.
All rights reserved. Copyright David L. Mills 1993, 1994. Copyright 1992, 1993, 1994, 1997
Henry Spencer. Copyright Jean-loup Gailly and Mark Adler. Copyright 1999, 2000 by Jef Pos-
kanzer. All rights reserved. Copyright Markus Friedl, Theo de Raadt, Niels Provos, Dug Song,
Aaron Campbell, Damien Miller, Kevin Steves. All rights reserved. Copyright 1982, 1985, 1986,
1988-1991, 1993 Regents of the University of California. All rights reserved. Copyright 1995
Tatu Ylonen, Espoo, Finland. All rights reserved. Copyright UNIX System Laboratories, Inc.
Copyright 2001 Mark R V Murray. Copyright 1995-1998 Eric Young. Copyright
1995,1996,1997,1998. Lars Fenneberg. Copyright 1992. Livingston Enterprises, Inc. Copyright
1992, 1993, 1994, 1995. The Regents of the University of Michigan and Merit Network, Inc.
Copyright 1991-2, RSA Data Security, Inc. Created 1991. Copyright 1998 Juniper Networks,
Inc. All rights reserved. Copyright 2001, 2002 Networks Associates Technology, Inc. All rights
reserved. Copyright (c) 2002 Networks Associates Technology, Inc. Copyright 1999-2001 The
Open LDAP Foundation. All Rights Reserved. Copyright 1999 Andrzej Bialecki. All rights re-
served. Copyright 2000 The Apache Software Foundation. All rights reserved. Copyright (C)
2001-2003 Robert A. van Engelen, Genivia inc. All Rights Reserved. Copyright (c) 1997-2004 Uni-
versity of Cambridge. All rights reserved. Copyright (c) 1995. David Greenman. Copyright (c)
2001 Jonathan Lemon. All rights reserved. Copyright (c) 1997, 1998, 1999. Bill Paul. All rights
reserved. Copyright (c) 1994-1997 Matt Thomas. All rights reserved. Copyright 2000 Jason L.
Wright. Copyright 2000 Theo de Raadt. Copyright 2001 Patrik Lindergren. All rights re-
served.
Part No. VPN-UG-JV-80-1206
Last Updated: December 2006
SSL VPN Users Guide i
Contents
Chapter 1 - Access Gateway Overview . . . . . . . . . . . . . . . . . . . . . . 1-1
1.1 Access Gateway : Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
1.2 Access Gateway : Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Chapter 2 - Getting Started with the Access Gateway. . . . . . . . . . . 2-1
2.1 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
2.2 Starting an Access Gateway Session. . . . . . . . . . . . . . . . . . . . . . . . 2-2
2.3 Using the Access Gateway Browser Plug-in . . . . . . . . . . . . . . . . . . . 2-6
Chapter 3 - Troubleshooting the Access Gateway Browser Plug-in. 3-1
3.1 Debugging the Access Gateway Browser Plug-in. . . . . . . . . . . . . . . . 3-1
3.2 Access Gateway Session Error Codes . . . . . . . . . . . . . . . . . . . . . . . 3-1
Contents
ii SSL VPN Users Guide
Access Gateway Enterprise Edition Users Guide 1-1
Chapter 1
Access Gateway Overview
The Access Gateway is a secure remote access solution that provides
point-to-point communication between remote users, such as mobile employ-
ees, partners, or resellers, and a private enterprise network. It does so by cre-
ating a secure tunnel between a standard Web browser and the Access
Gateway. This allows authorized remote users to gain access to critical busi-
ness resources such as corporate intranets, shared file systems, native cli-
ent-server applications, and terminal services.
This chapter provides an overview of the Access Gateway features. The follow-
ing topics are described in this chapter:
Access Gateway : Architecture
Access Gateway : Key Features
1.1 Access Gateway : Architecture
When you log on to a Web site that is secured by the Access Gateway, the sap-
pliance instructs the browser to download the SSL VPN browser plug-in onto
your computer. The plug-in is a Java applet that creates a secure channel of
communication between your browser and the appliance, thus allowing you to
remotely access those resources you are authorized to use.
Before the plug-in is downloaded, you will be prompted to permit it to execute.
The plug-in first initializes itself by fetching the intranet applications, it sup-
ports, from the corporate network. The network administrator configures the
Access Gateway with these applications. Once initialized, the plug-in listens on
preconfigured ports. When it receives a request from the client, it opens a con-
nection, authenticates that connection with the user's credentials, and then
tunnels subsequent data packets between the client and the server on the cor-
porate network across the connection. This is illustrated in the following figure.
1-2 Access Gateway Enterprise Edition Users Guide
Figure 1-1 Access Gateway browser plug-in architecture
The following section provides a step-by-step description of the preceding dia-
gram.
1. The client application looks up the Hosts file for the address of the server
on the corporate network.
2. The Hosts file points to localhost. The plug-in listens for requests from the
client application on preconfigured ports.
3. The client application sends a request to the plug-in.
4. The plug-in forwards the request to the Access Gateway.
5. The Access Gateway forwards the request to the application server.
6. The application server responds to the Access Gateway.
7. The Access Gateway replies to the plug-in.
8. The plug-in replies to the client application.
1.2 Access Gateway : Key Features
The Access Gateway supports:
SSL 3.0 and TLS1.0 network protocols
1024-bit encryption
Most TCP-based applications
Windows
, Linux, and Macintosh OS X

Chapter 2
Getting Started with the Access Gateway
The preceding chapter covered the architectural details of the Access Gateway
browser plug-in. In this chapter, you learn how to use the plug-in. This chapter
begins with a brief introduction to the system requirements for the plug-in.
This is followed by detailed instructions on downloading and running the
plug-in. The final section covers the various controls of the user interface. The
following topics are described in this chapter:
System Requirements
Starting an Access Gateway Session
Using the Access Gateway Browser Plug-in
2.1 System Requirements
The minimum system requirements are:
Windows Platform
Web browsers: Internet Explorer 5.0+, Netscape 7.1, Mozilla Firefox
1.2+
Java Plug-in: JRE1.4.2 or greater
Macintosh (MacOSX)
Web browsers: Safari v1.2(v125)
Java Plug-in: JRE1.4.2
Linux Platform
Web browsers: Mozilla Firefox 1.2.1+
Java Plug-in: JRE1.3.1 or greater
Note You can download the Java Runtime Environment (JRE) from Sun Microsystems
Java Web site if needed. Browse to http://www.java.com/ to find the JRE for your
operating system.
2.2 Starting an Access Gateway Session
As mentioned earlier, the Access Gateway is designed to provide remote users
access to authorized resources on a private network, over a secure connection.
To establish a secure connection, you must first log on to the Access Gateway
Web site. Contact your system administrator for the Web address of the site
and the logon credentials. The typical format for a Web address is:
https://companyname.com
To log on to your companys Access Gateway Web site
1. Open a Web browser and enter the Web address of the Access Gateway
Web site. If your administrator has not configured a proper secure certifi-
cate that identifies the server, the operating system prompts you with a
Security Alert window asking your permission to access the Access Gate-
way logon window.
Figure 2-1 Security Alert window
The security alert indicates that there might be discrepancies in the certificate.
For example:
the certificate has expired
The domain name in the certificate does not match the domain name of the
server
The certificate is not trusted
Click the Cancel button and contact the system administrator.
2. The Access Gateway logon page is displayed.
Figure 2-2 Access Gateway logon page
3. Enter your logon name and password.
4. Click logon. When you log on to the Access Gateway for the first time, a
security warning is displayed as shown in the following figure. This warning
prompts you to download the Access Gateway browser plug-in.
Figure 2-3 Security warning
Note The appearance of these dialog boxes may differ across platforms and browsers.
5. Click Trust. The Proxy Configuration alert is displayed.
Figure 2-4 Proxy Configuration alert
Note This alert will not be displayed when you use Internet Explorer on Windows
and
Safari on Macintosh OS X. For details on configuring the proxy settings of your
Web browser, refer to the section 2.3.2 of this chapter.
6. Click Run. The Secure Remote Access Session window and the services
page are loaded as shown.
Figure 2-5 Secure Remote Access Session window and services page
Note The Secure Remote Access Session window may take a few seconds to appear.
If your computer is using Netscape Navigator and is unable to fully start the
smaller secure remote session window shown in the figure above, Netscape
Navigator might not be installed with Sun Java 2 support. You may need to run
the Netscape Navigator installation application again, ensuring that Sun Java 2
support is selected.
Note Update the proxy settings of the your Web browser to the values displayed on the
Proxy Configuration alert or the Secure Remote Access Session window. This
enables you to access Web-based applications.
2.3 Using the Access Gateway Browser Plug-in
The Secure Remote Access Session window is the graphical user interface to
the browser plug-in. It allows you to securely access intranet portals, corpo-
rate applications, file systems, or email on a private network. Closing the
Access Gateway Session window ends the session. As a result, you are discon-
nected from the private network.
Figure 2-6 Secure Remote Access Session window
The components of the Secure Remote Access Session window are described
as follows:
Proxy: The IP address and port number of the Web browsers proxy that
enables Web access.
Bytes sent: The quantity of data sent through the plug-in from the client
to the server.
Bytes received: The quantity of data received through the plug-in from
the server to the client.
Home: Displays the portal page.
Applications: Click this button to view the list of intranet applications con-
figured on the system.
Compression Stats: Displays the compression statistics.
File Transfer: Click this button to download or upload files, from the net-
work, using the Web-based interface.
Logout: Click this button to log off from the Access Gateway session. The
message displayed in the Secure Remote Access Session window indicates
that the Access Gateway session terminates if you close the window. To
gracefully terminate the session, click Logout. Otherwise, changes to the
Hosts file on the client computer and the proxy settings are not rolled back.
The following sections cover the various tasks that you can perform with the
plug-in.
2.3.1 Accessing Applications on the Corporate Network
As a remote user, you are authorized to access and use a limited set ofapplica-
tions on your companys network. The administrator configures these applica-
tions on servers in the corporate network. To view these applications, click the
Applications button on the Secure Remote Access Session window. The Intra-
net Applications window, listing all the applications, is displayed.
Figure 2-7 Intranet Applications window
During an Access Gateway session, you access these applications using the
plug-in. There are two methods for doing so. The methods are:
Hosts File Modification Method
SourceIP and SourcePort Method
These methods are explained in the following sections.
2.3.1.1 Hosts File Modification Method
In this method, the plug-in adds an entry, corresponding to the applications
configured by the administrator, in the Hosts file. Note however that you must
be logged on with root or administrative privileges in order for the plug-in to
be able to modify this file. If you are not logged on to the system with the ade-
quate privileges, you need to manually edit the file yourself, adding the appro-
priate entries to the Hosts file as discussed in the following section.
Consider a scenario where you need to open a Telnet session to a remote sys-
tem from your computer. You use the computer to work both within your com-
panys intranet and remotely.
To ensure connectivity to the remote system from both within and
outside your companys intranet
1. Add an entry 10.100.101.77 telnet1 in the Hosts file on your computer.
This entry consists of the IP address of the remote system and its host
name.
Note On a computer that hosts the Windows
platform, the Hosts file is located at

%SYSTEMROOT%\system32\drivers\etc. On a computer that hosts the
Macintosh and Linux operating systems, this file is located at /etc/hosts.
To access the remote system from within your companys intranet
1. Initiate a Telnet session.
2. Type Open telnet1. The logon prompt of the remote system is displayed.
To access the remote system outside your companys intranet
1. Log on to the Access Gateway Web site.
3. Type Open telnet1. The logon prompt of the remote system is displayed.
2.3.1.2 SourceIP and SourcePort Method
If you do not have administrative rights on your computer, the plug-in does not
update the Hosts file. You need to manually configure the applications using
the source IP address and port values indicated on the Intranet Applications
window. Within your company's intranet, use the destination IP address and
destination port values corresponding to the application to be accessed. When
using the Access Gateway to access an application, use the source IP address
and port values. Consider the example in the previous section.
To access the remote system from within your companys intranet
2. Type Open 100.100.101.77. The logon prompt of the remote system is
displayed.
Note 10.100.101.77 is the DestIP value corresponding to telnet1.
To access the remote system
1. Log on to the Access Gateway Web site.
3. Type Open 127.0.0.1. The logon prompt of the remote system is dis-
played.
Note 127.0.0.1 is the SourceIP value corresponding to telnet1.
2.3.2 Using Web-based Applications
The Access Gateway uses the Forward Proxy model to access intranet portals.
All Web-based traffic is tunneled through the plug-in. When Internet Explorer
is used to access the Access Gateway logon page, the plug-in changes the
proxy settings to reflect the proxy server indicated on the Secure Remote
Access Session window. These changes are rolled back when the user logs off.
This behavior is restricted to Internet Explorer on Windows. Other browsers
need to be configured manually.
2.3.2.1 Using the Access Gateway with Netscape and Firefox
You need to manually configure the proxy server settings of Netscape and Fire-
fox. The following procedure lists the steps to do so.
To configure the proxy settings on Netscape and Firefox
1. On the Edit menu, select Preferences. The Preferences window is dis-
played.
Figure 2-8 Preferences window
2. Under Category, expand the Advanced optionand select Proxies. The
Proxies pane is displayed.
Figure 2-9 Proxies pane
3. Select Manual proxy configuration.
4. In HTTP Proxy and SSL Proxy, type the IP and port address. These IP
addresses are displayed in the Secure Remote Access Session Window.
5. Click OK to save the changes.
2.3.2.2 Using the Access Gateway on Safari
When accessing the Access Gateway from the Macintosh OS X Safari Web
browser, the appropriate proxy settings are automatically configured for the
session by the plug-in. No proxy configuration is necessary by the user.
2.3.3 Accessing a Remote File System
To access the remote file system, click File Transfer in the Secure Remote
Access Session window. The SSL VPN: Remote Secure File System Access page
is displayed. This page allows you to log on to the corporate network and
access shared resources. The following figure illustrates the various compo-
nents of this page.
Figure 2-10 File Transfer page
The following sections cover the various components of the SSL VPN: Remote
Secure File System Access page.
Top Panel
The top panel of the browser window displays a number of buttons that will
allow you to perform various tasks, pertaining to the storage and transfer of
files.
Click this button to log on to the corporate network or a specific com-
puter on that network.
Click this button to navigate to the preceding folder in the folder tree.
Click this button to refresh the contents of the active folder.
Click this button to create a subfolder within the folder that is selected.
Click this button to download the selected file from the remote server.
Click this button to upload the selected file from the local client com-
puter to a folder in the remote file server.
Click this button to delete the selected file from the remote machine.
Click this button to change the name of a file or folder, which is
selected.
Click this button to disconnect from the remote server.
Left Panel
The servers, their directories, and the directory structure are displayed in a
tree format in the left panel as shown in the following figure. Click the + icon
to view a subfolder.
Figure 2-11 Left panel
Right Panel
The right panel displays the logon server window. Use this window to log on to
the file system on the corporate network or an appropriate file server. To
access the file system, leave the Login Server field blank or click the Net-
work Neighborhood link in the left panel.
To log on to a file server
1. Enter the IP address or the name of the server in the Address field.
Note If you leave this field blank, you are logged on to the corporate network and not
any specific server.
2. Enter your logon ID in the Login field.
3. Enter your password in the Password field. If the remote server does not
require a password, leave this field blank.
4. Enter a valid domain name. If the remote server has not been assigned a
specific domain, leave the field blank.
The right panel now displays the subfolders and files as shown in the following
figure. The location of the active folder is displayed in the Address field.
Note Authorization policies, configured by the administrator, are not applied to this
operation since it bypasses the gateway. As a result, on a Windows computer, it
is advised that you access shared resources using Windows Explorer instead of
the File Transfer window.
Figure 2-12 Right panel
To download a file from a remote server
1. Select the file.
2. Click the Download icon. The File Download window is displayed.
3. Click Save. The Save As dialog box is displayed.
4. Navigate to the appropriate folder, and click Save to save the file.
To upload a file to the remote server
1. Select the file on the local machine.
2. Click to upload the file to the remote server.
To remove a folder, subfolder, or file
1. Select the file, folder, or subfolder.
2. Click the Delete icon. The file is deleted from the remote machine.
Note A parent folder that contains subfolders cannot be removed. To delete a parent
folder with sub folders, you need to delete the subfolders first and then delete
the parent folder.
2.3.4 Accessing Internal Web Sites
The default portal page is created based on the data configured by the admin-
istrator. The portal page is shown in the following figure. This page lists the
most commonly accessed intranet Web sites and file systems. The administra-
tor configures the links visible under the Configured sections on this page.
You can create your own bookmarks to appear under the Personal bookmark
sections. This chapter covers the various configuration tasks that you can per-
form on the portal page.
Note Your administrator may have customized the portal page. The appearance of the
page might vary from what is shown in this guide.
Figure 2-13 Portal page
2.3.5 Using Portal Tools
The portal page has several built-in tools to assist you in using the Access
Gateway. These tools include a ping interface for checking the accessibility of
network hosts, tips, online help, the Access Gateway file transfer utility, and
the Access Gateway themes utility.
These tools have been placed under the home, file transfer, and themes tabs
on the Access Gateway portal page.
2.3.6 Home
The tools under this tab help you navigate your way through the Access Gate-
way. This page can be customized by the administrator by providing themes
that users can apply for themselves. The individual tools are described below.
Ping Pane
The ping pane allows you to check the accessibility of other computers on your
corporate network and on the Internet. This feature can help you troubleshoot
connectivity issues if any, with your Access Gateway session in addition to
determining availability of a server hosting a resource on the network.
In Server, type the IP address, host name, or domain name of the computer
you wish to ping and click Ping. The result of the ping query is displayed on
this pane.
Figure 2-14 Ping pane
Tip and Help Pane
The Tip pane offers helpful hints on using the Access Gateway and its various
features. The Help tool is used to access the Access Gateway Enterprise Edi-
tion Users Guide. The Users Guide includes not only instructions on using the
Access Gateway but also lists error code explanations and provides other trou-
bleshooting assistance.
Bookmarks Pane
The Access Gateway portal allows you to create your own set of links to com-
monly accessed resources. These bookmarks may be links to either corporate
network or Internet Web sites or network accessible file systems in the corpo-
rate network.
To create these bookmarks, click Add on the right side of the page. The follow-
ing figure shows the New Bookmark page.
In Name field, type the label to be used for your new link. In Address Field
type either the Web address of the Web site or the network path to the file
server. In the Description field, type a short description for the created link.
Once done, click Add to apply the new link or Cancel to exit the window with-
out making any changes.
Figure 2-15 Add Bookmark Page
The bookmark added here is listed under the personal bookmarks on the
Access Gateway home page.
Note The Access Gateway automatically differentiates between Web site addresses
and network file system paths based on the format in which they are entered.
You do not need to specify which type of resource your link is for when you create
it.
Remove a bookmark
To remove a personal bookmark, click Remove on the right side of the page.
The Remove Bookmark page is displayed as shown in the figure. Select the
bookmark you want to remove and click Remove to confirm removal or click
Cancel to exit the window without making any changes.
Figure 2-16 Remove bookmark page
Note You can remove only bookmarks listed under the Personal column and not those
under the Configured column.
2.3.6.1 File transfer
For details, refer to the Accessing a Remote File System section.
2.3.6.2 Themes
You can select themes that have been made available by the administrator for
use with your Access Gateway session. The theme selected is applied across all
pages on the Access Gateway portal page.
If themes are not configured by the administrator, on the Themes tab of the
portal page, an error message is displayed as shown in the figure below:
Figure 2-17 No themes configured
Selecting a theme for the Access Gateway session
On the Themes tab in the Access Gateway portal page, you can see the con-
figured themes made available by the administrator. Click Select next to the
theme name for the theme to be applied for your current session and all future
sessions.
Customizing your theme
You can click Customize next to the theme name and change individual
parameters used in the theme. The changes made are stored in a theme called
Current Custom Theme and applied to the current theme.
Figure 2-18 Customize your theme
Select the colors you want for each item on the Access Gateway portal page,
the font style and size and then click Save Preferences. The customized
theme replaces the old theme on the portal page.
Note You can restore the default theme for the portal page by clicking Reset to site
defaults on the Themes tab.
2.3.7 Terminating the Access Gateway Session
To log off from the Access Gateway session, click Logout.
Note If you close the Secure Remote Access Session window the changes to the Hosts
file on the client computer and the proxy settings are not rolled back.
SSL VPN Users Guide 3-1
Chapter 3
Troubleshooting the Access Gateway
Browser Plug-in
This chapter covers the troubleshooting of the Access Gateway browser
plug-in. The following topics are described in this chapter:
Debugging the Access Gateway Browser Plug-in
Access Gateway Session Error Codes
3.1 Debugging the Access Gateway Browser
Plug-in
By default, the plug-in maintains a log of all of its activities in a separate ASCII
file. This ASCII file, also known as a log file, is stored in the file system by the
name mpSSLVpn.
On a Windows computer, this file is stored in the root directory. For example, if
the operating system resides on a partition labeled C of the hard disc, the log
file is generated in the %tmp% folder. On Macintosh OS X and Linux, the log
file is generated in the /tmp directory.
3.2 Access Gateway Session Error Codes
The following table lists the error codes displayed by the Access Gateway ses-
sion. It also provides a description of these error codes.
Troubleshooting the Access Gateway Browser Plug-in
3-2 SSL VPN Users Guide
Table 3-1 Specific error codes displayed by the Access Gateway session
Message Explanation Action
Hosts file update
failed.
This message indicates that
the plug-in is unable to
update the Hosts file on the
client computer.
Log on to the computer as an
administrator. This ensures
that the Hosts file is updated.
Alternately, follow the
procedure outlined in the
section SourceIP and
SourcePort Method in
chapter 2 of this guide.

Citrix Access Gateway Enterprise Edition

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Citrix Access Gateway Enterprise Edition

Uploaded by

Copyright:

Available Formats

Citrix Access Gateway Enterprise Edition

Access Gateway Users Guide for the

, Linux, and Macintosh OS X

platform, the Hosts file is located at

You might also like