Search

Clientless Failover Functionality: Citrix Access Gateway and Advanced Access Control

Thursday, 11 May 2006 by Michel Roth

Access Gateway with Advanced Access Control does not support clientless failover for Web-based methods of access; however, in standalone mode, double-clicking the Access Gateway icon launches the VPN client which is able to detect a downed gateway and failover to the next one in the list. In the Advanced Access Control mode of operation, the icon is merely a shortcut to Internet Explorer. In this case, the VPN client is not initially launched and there�s no method to detect a downed gateway until a user has authenticated through the Web browser.

In usage, be aware that the Access Gateway icon (installed on the end user�s desktop) is used to initiate access to the appliance regardless of whether it�s configured for standalone or Advanced Access Control mode of operation.

Although the same icon is used, different behavior occurs depending on how the Access Gateway appliance is configured.

Although the Access Gateway VPN client supports client-side failover, Web-based access (in the Advanced Access Control mode of operation) does not support clientless failover. Access Gateway use-cases that require Web-based access (authentication against a logon point, access to the NavUI, for example) need to incorporate an external hardware load balancer, such as Citrix NetScaler, to offer client-side failover capabilities.

Note that the VPN client failover functionality is still supported in the Access Gateway�s Advanced Access Control mode of operation in the same manner as a standalone Access Gateway appliance; however, failover occurs only after an end-user has authenticated to the appliance through Internet Explorer.

Read CTX109917 here.