Quick Configuration Wizard facilitates NetScaler Gateway setup for XenMobile and XenApp / XenDesktop type of deployments which enables communication with App Controller, StoreFront, or Web Interface in a secure way. Simplification of NetScaler Gateway configuration is achieved by creating various policies like Authentication, Session and Clientless Access etc. in background and binding them to a virtual server.

NetScaler Gateway Configuration


  1. NetScaler Gateway Platform License
  2. Proper SSL Certificate and SSL Key

Steps to Configure through Wizard:

Step 1

When you access NetScaler management console using NSIP (NetScaler IP Address) in a browser, select ‘NetScaler Gateway’ option in ‘Deployment Type’ and login to get NetScaler Gateway persona represented by ‘Home’ tab.

Step 2

When you are accessing for the first time, an interface to add Subnet IP Address, Hostname, and DNS IPs etc. is presented. Add appropriate values and click on ‘Continue’ button.

Step 3

Upload required license file(s) and reboot as suggested.

Note – Above settings can be modified later as well by clicking on the gear icon at the top right corner.

Step 4

When NetScaler reboots and you login again by choosing ‘NetScaler Gateway’ option, an interface to configure NetScaler Gateway virtual server is presented. Click on ‘Get Started’ button.

Note – When you experience this wizard, it is advisable to go through each section and complete the wizard by clicking on ‘Done’ button at the end.

Step 5

Define NetScaler Gateway virtual server name, IP Address (VIP) and Port. Also, you can enable NetScaler Gateway to redirect HTTP connection to HTTPS secure connection. Click ‘Continue’ to get next section.

Note – You cannot configure more than one virtual server with the same IP Address (VIP) but different Ports through this wizard.

Step 6

In ‘Certificate’ section, select either

  1. Already installed certificate-key pair by selecting ‘Choose Certificate’ radio option OR
  2. Install a certificate-key pair by selecting ‘Install Certificate’ radio option and choosing right SSL Certificate and SSL Key OR
  3. Use a self-signed test certificate from NetScaler by selecting ‘Use Test Certificate’ radio option.

Note – While using ‘Use Test Certificate’, make sure that you have not used the same FQDN earlier while configuring another virtual server. If you are deleting an existing virtual server and creating a new and want to use the same FQDN in ‘Use Test Certificate’ as used earlier then make sure you manually delete the related cert/key files in /nsconfig/ssl directory before coming to this wizard or select the already created certificate-key pair under the ‘Choose Certificate’.

Press ‘Continue’ to proceed with the wizard.

Step 7

Now, you get a section to configure authentication settings. It allows configuring primary and secondary authentication or configuring only primary authentication.

In Primary Authentication, select LDAP, RADIUS or Certificate. Depending on the primary selection, you get options in secondary authentication.

You can either choose already created authentication policy or configure a new policy.

While configuring LDAP authentication policy, it is recommended to use sAMAccountName Server Logon Name Attribute for XenApp / Xendesktop deployment and userPrincipalName Server Logon Name Attribute for XenMobile deployment but ideally both works for both deployments.

Note – You cannot create multiple LDAP authentication policies by using the same LDAP server IP address in this wizard as the LDAP auto-generated LDAP policy name and action name conflicts. For example, if you want to configure one policy that uses sAMAccountName in the Server Logon Name Attribute field and a second LDAP policy that uses the userPrincipalName (UPN) in the Server Logon Name Attribute field then it is not possible through this wizard but can be achieved by creating a LDAP policy through legacy policy manager. For this, click on ‘Configuration’ tab’ on top and navigate to NetScaler > NetScaler Gateway > Policies > Authentication/Authorization > Authentication > LDAP node. Make sure you don’t do this when in the middle of the wizard; otherwise you may lose the configuration.

Once you are done on configuring authentication settings, click on ‘Continue’ button.

Step 8

Now, you get a section to define your deployment type and settings related to that deployment type.

  • XenMobile – This allows configuring your App Controller which offers access to web, SaaS, mobile applications, Windows applications & desktops and ShareFile. Please provide App Controller FQDN.

  • XenApp / XenDesktop– This allows configuring Web Interface or StoreFront deployment. 

In Web Interface deployment, enter the complete address of XenApp Site e.g. http://Xenapp1.systest.agee/Citrix/XenApp and XenApp Service Services Site e.g. http://Xenapp1.systest.agee/Citrix/PNAgent/Config.xml. Enter the Single Sign-on Domain and STA (Secure Ticket Authority) URL either using IP address or FQDN.

In StoreFront deployment, enter the StoreFront FQDN, Receiver for Web Path, Single Sign-on Domain and STA (Secure Ticket Authority) URL either using IP address or FQDN.

Click on ‘Done‘ button to complete the wizard successfully.

Step 9

After clicking on ‘Done‘ button, NetScaler Gateway monitoring interface is displayed.

Now, if you want to modify certain settings in already configured virtual server then hover on it and you will get an Edit icon. When you edit virtual server settings, make sure to go till end of the wizard and click on ‘Done‘ button to edit successfully.

You can delete the virtual server using the Delete icon.

You can create a new NetScaler Gateway virtual server also from here by clicking on ‘+‘ icon

Step 10

Make sure to properly configure the NetScaler Gateway call-back settings in your backend deployment like App Controller, Web Interface or StoreFront.