Citrix ICA for Clients in an Internal Network

1 Introduction

Citrix) Virtual Desktop Infrastructure is a virtualization server environment which allows remote access to users. With Citrix VDI, application traffic is delivered across a Wide Area Network (WAN).

Citrix VDI makes IT management much easier. Rather than maintaining PCs at local branch offices, Citrix VDI enables a corporation’s IT department maintain virtual, location diverse PCs in a central location.

Users require confidence that the service is available when needed. KEMP LoadMasters help to provide reliability. When deployed as a pair, two LoadMasters give the security of High Availability (HA). HA allows two physical or virtual machines to become one logical device. Only one of these units is ever handling traffic at any particular moment. One unit is active and the other is a hot standby (passive). This provides redundancy and resiliency, meaning if one LoadMaster goes down for any reason, the hot standby can become active, therefore avoiding any downtime. For more information on HA please refer to the: High Availability (HA), Feature Description.

1.1 Document Purpose

This document provides guidance on deploying Citrix VDI with a KEMP LoadMaster. The KEMP Support Team is available to provide solutions for scenarios not explicitly defined.

The KEMP support site can be found at:

1.2 Intended Audience

This document is for anyone deploying Citrix VDI with a KEMP LoadMaster.


1.3 Architecture


2 Citrix VDI Template

KEMP has developed a template containing our recommended settings for the Citrix VDIVirtual Service. This template can be installed on the LoadMaster and used when creating the Virtual Service. Using a template automatically populates the settings in the Virtual Service. This is quicker and easier than manually configuring the Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

Download released templates from the Templates section on the KEMP documentation page:

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.

3 Configure the LoadMaster

The following sections provide step-by-step instructions on how to configure a LoadMaster to load balance the Citrix VDI workload.

3.1 Enable Subnet Originating Requests Globally

It is best practice to enable the Subnet Originating Requests option globally.

In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.

In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B - Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.

When Subnet Originating Requests is enabled, the LoadMaster will route traffic so that the Real Server will see traffic arriving from the LoadMaster interface that is in that network/subnet not the Virtual Service address.

When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether or not to enable Subnet Originating Requests on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to System Configuration > Miscellaneous Options > Network Options.


2. Tick the Subnet Originating Requests check box.

3.2 Configure a Citrix VDI Virtual Service

The following are the steps involved and the recommended settings to configure a Citrix VDI StoreFront Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

Configure a Citrix VDI Virtual.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 443 in the Port text box.

4. Enter a recognizable Service Name, for example Citrix VDI StoreFront.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Expand the Standard Options section.

8. Select the Force L4 check box.

9. In the Persistence Options section, select None from the Mode drop-down list.

10. Select round robin from the Scheduling Method drop-down list.

11. Expand the SSL Properties section.

Configure a Citrix VDI Virtual_1.png

12. Select the SSL Acceleration Enabled check box.

13. Select the Reencrypt check box.

14. Ensure the TLS protocol check boxes are selected.

15. From the Cipher Set drop-down list, choose BestPractices.

16. Expand the Real Servers section.

Configure a Citrix VDI Virtual_2.png

17. Select HTTPS Protocol from the Real Server Check Parameters drop-down list.

18. Ensure HEAD is selected as the HTTP Method.

19. Click the Add New button.

Configure a Citrix VDI Virtual_3.png

20. Add Real Servers.

a) Enter the IP address of the StoreFront server.

b) Enter 443 as the Port.

The Forwarding method and Weight values are set by default. An administrator can change these.

c) Click Add this Real Server. Click OK to the pop-up message.

d) Repeat the steps above to add more Real Servers as needed, based on the environment.


Unless otherwise specified, the following documents can be found at:

Virtual Services and Templates, Feature Description.

High Availability (HA), Feature Description

Document History



Reason for Change



Mar 2016

Initial Draft

First draft of document



Aug 2016

Removed three Virtual Services

Issues with ICA



Oct 2016

Release updates

Updates for 7.2.36



Jan 2017

Minor changes

Updated Copyright Notices



July 2017 Minor changes Enhancements made 5.0 LB




Was this article helpful?

0 out of 0 found this helpful