© 1999-2017 Citrix Systems, Inc. All rights reserved. p.55https://docs.citrix.com
You can use the Secure Gateway in either Normal mode or Relay mode to provide a secure channel for communication
between Citrix Receiver for Mac and the server. No configuration of Citrix Receiver for Mac is required if you are using the
Secure Gateway in Normal mode and users are connecting through the Web Interface.
Citrix Receiver for Mac uses settings that are configured remotely on the Web Interface server to connect to servers
running the Secure Gateway. For more information about configuring proxy server settings for Citrix Receiver for Mac, see
the Web Interface documentation.
If the Secure Gateway Proxy is installed on a server in the secure network, you can use the Secure Gateway Proxy in Relay
mode. For more information about Relay mode, see the XenApp and Secure Gateway documentation.
If you are using Relay mode, the Secure Gateway server functions as a proxy and you must configure Citrix Receiver for
Mac to use:
The fully qualified domain name (FQDN) of the Secure Gateway server.
The port number of the Secure Gateway server. Note that Relay mode is not supported by Secure Gateway Version 2.0.
The FQDN must list, in sequence, the following three components:
Host name
Intermediate domain
Top-level domain
For example, my_computer.example.com is a FQDN, because it lists, in sequence, a host name (my_computer), an
intermediate domain (example), and a top-level domain (com). The combination of intermediate and top-level domain
(example.com) is generally referred to as the domain name.
Connecting through a proxy server
Proxy servers are used to limit access to and from your network, and to handle connections between Citrix Receiver for
Mac and servers. Citrix Receiver for Mac supports both SOCKS and secure proxy protocols.
When communicating with the XenApp or XenDesktop server, Citrix Receiver for Mac uses proxy server settings that are
configured remotely on the Web Interface server. For information about configuring proxy server settings for Receiver, see
the Web Interface documentation.
When communicating with the Web server, Citrix Receiver for Mac uses the proxy server settings that are configured for
the default Web browser on the user device. You must configure the proxy server settings for the default Web browser on
the user device accordingly.
Connecting through a firewall
Network firewalls can allow or block packets based on the destination address and port. If you are using a firewall in your
deployment, Citrix Receiver for Mac must be able to communicate through the firewall with both the Web server and Citrix
server. The firewall must permit HTTP traffic (often over the standard HTTP port 80 or 443 if a secure Web server is in use)
for user device to Web server communication. For Receiver to Citrix server communication, the firewall must permit inbound
ICA traffic on ports 1494 and 2598.
If the firewall is configured for Network Address Translation (NAT ), you can use the Web Interface to define mappings from
internal addresses to external addresses and ports. For example, if your XenApp or XenDesktop server is not configured
with an alternate address, you can configure the Web Interface to provide an alternate address to Citrix Receiver for Mac.
Citrix Receiver for Mac then connects to the server using the external address and port number. For more information, see
the Web Interface documentation.