Citrix Cloud

Cloud Connector Proxy and Firewall Configuration

The Cloud Connector supports connection to the Internet through an unauthenticated web proxy server. Both the installer and the services it installs need connections to Citrix Cloud. Internet access needs to be available at both of these points.

Connectivity requirements

Use port 443 for HTTP traffic, egress only. For a list of required contactable addresses, see the following resources:

The required contactable addresses for Citrix Cloud are specified as domain names, not IP addresses. Because IP addresses might change, allowing domain names ensures that the connection to Citrix Cloud remains stable.

For a list of required ports, see Inbound and outbound ports configuration.

Important:

  • Enabling SSL interception on certain proxies might prevent the Cloud Connector from connecting successfully to Citrix Cloud.
  • SSL interception cannot be performed on Citrix Gateway addresses. For more information, see Citrix Gateway Services connectivity requirements.
  • SSL interception must not impact the network connectivity or stability. For more information, see Citrix Cloud Connector
  • If you are using a proxy, it is recommended that the following traffic flows bypass the proxy:
    • Communication between Connectors (for example, during LHC events).
    • Communication between Connectors and VDA (WCF connection).
    • Communication between Connectors and Domain Controllers (AD requests).

Furthermore, it is important to note that the connector utilizes the WinHTTP proxy settings. For configuration settings, see CTX222727.

Check Cloud Connector connectivity

The Cloud Connector Connectivity Check Utility helps you verify connectivity between the Cloud Connector and Citrix Cloud using a series of connectivity checks. If you use a proxy server in your environment, the utility can help you configure proxy settings on the Cloud Connector and test connectivity through the proxy server. When a proxy server is configured, the connectivity tests are tunneled through the proxy server.

Note:

Cloud Connector Connectivity Check utility is for use with commercial Citrix Cloud accounts only. Do not use it with Citrix Cloud Government or Citrix Cloud Japan.

For more information about downloading and using the Cloud Connector Connectivity Check utility, see CTX260337.

Installer

The installer uses the settings configured for Internet connections. If you can browse the Internet from the machine then the installer should also function.

Services at Runtime

The runtime service operates in the context of a local service. It does not use the settings defined for the user (as described above).

You can configure the proxy settings during the installation process.

The Cloud Connector installation screen

After the installer starts, before logging into Citrix Cloud, click Configure Proxy. You are prompted to add the proxy information and addresses to bypass the proxy. Both fully qualified domain names (FQDNs) and wildcard addresses are supported when specifying bypass addresses.

Note:

If you are using a proxy server, you must use manual proxy setup. Automatic proxy setup, through either automatic detection or PAC/setup scripts, is not supported.

Cloud Connector Proxy and Firewall Configuration