Thanks. I do have the Citrix Access Gateways, Enterprise edition with the universal licenses. Looks like I will be able to do what I want, but the challenge will be forcing remote users to log on to the CAG VPN client before attempting to do anything else. Maybe I'll write a script to force logon or something like that. Speaking of Citrix, I am starting to use XenServer for imaging. Much less cost than VMWare and it works great. Since I don't need lots of the VMWare bells and whistles it's just what I need and it costs less than VMWare (a change for anything Citrix). Two Xen servers hosting vm machines on an EMC SAN. Tom
>>> "Steve Burkett" <[email protected]> 4/14/2009 9:12 AM >>> First I’ve heard about Citrix intending to ditch the Access Gateway line in favour of the NetScalar products, unless they bring out a low cost NetScalar product they’ll be cutting out a large chunk of their market I would have thought. Anyhoo, Tom, it depends on what client licenses you bought with your Citrix Access Gateway as to whether you can use the AAC software. If you got the standard CAG client licenses, you’ll need to upgrade them to Universal CAG client licenses in order to use the box in Advanced mode. Citrix are suggesting people transition off of Secure Access Gateways to Citrix Access Gateways as they’re more robust and easier to maintain etc. http://www.citrix.com/English/ps2/products/feature.asp?contentID=26145 From:Webster [mailto:[email protected]] Sent: 13 April 2009 17:52 To: NT System Admin Issues Subject: RE: Anyone using Citrix Access Gateway appliance Yes, AAC runs on a server that you point the CAG too. With AAC you have a LOT of control over who connects and where they go once you allow them to connect. That component is tested very heavily for the Citrix certifications. Webster From:Tom Miller [mailto:[email protected]] Subject: RE: Anyone using Citrix Access Gateway appliance Thanks. Does the Advanced Access Control software run in conjunction with the CAG? My CAGs are fairly new and despite what Citrix wants they need to last at least a few years. Citrix as a company seems to fail to understand that non-profits just don't have the funds that their big customers have. Off-topic, sorry. >>> "Webster" <[email protected]> 4/13/2009 10:02 AM >>> Use the Advanced Access Control software from Citrix. The CAG appliances will be going away soon as will the AAC software. Citrix is moving everyone (or wants to) to the NetScaler line of appliances. The NetScaler has the AAC software functionality built-in. A NetScaler is also very expensive but has a lot more features and functionality. Webster From:Tom Miller [mailto:[email protected]] Subject: Anyone using Citrix Access Gateway appliance Hi Folks, I have about 30 sites that connect to use via the Secure Access Gateway. These are broadband sites with maybe 2-5 users. There are no firewalls at these locations. User PCs connect to a low-end switch and that's it. At our LAN/WAN sites we enforce a number of content filtering policies via our firewall. I was planning to purchase a number of SOHO firewalls for these locations and have static VPNs set up for each. Someone mentioned I might be able to achieve the same goal via the Access Gateway, and requiring users to connect via the CAG client before users can do anything. I'd like to force users at these sites to logon to the domain if possible. Is this possible via the Access Gateway, and if so, how? === STEMCOR CONFIDENTIALITY AND DISCLAIMER NOTICE This e-mail is intended only for the addressees named in it. The contents should not be disclosed to any other person nor copies taken. Any views or opinions presented are solely those of the sender and do not necessarily represent those of Stemcor unless otherwise specifically stated. Stemcor does not accept legal responsibility for the contents of this message nor responsibility for any change made to it after it was sent by the original sender. You are advised to carry out a virus check before opening any attachment as Stemcor does not accept liability for any damage sustained as a result of any software viruses. You should be aware that Stemcor reserves the right to read incoming and outgoing emails. === Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
