Configure TCP/UDP apps
Prerequisites:
- Secure Private Access setup is complete. For details, see Setup Secure Private Access.
- Citrix Secure Access client versions meet the following requirements:
- Windows - 24.6.1.17 and later
- macOS - 24.06.2 and later
For details about the Citrix Secure Access client, see Citrix Secure Access client.
Perform the following steps to configure TCP/UDP apps from the admin console.
- In the admin console, click Applications and then click Add an app.
-
Select the location Inside my corporate network.
-
Enter the following details:
-
App type – Select TCP/UDP.
Note:
The TCP/UDP option appears grayed out if the SPAOP-3315-EnableZTNAApplications feature flag is disabled. You must manually update the database to enable this feature flag.
- App name– Name of the application.
- App description – Description of the app you are adding. This field is optional.
-
Destinations – IP Addresses or FQDNs of the back-end machines residing in the resource location. One or more destinations can be specified as follows.
- IP address v4
- IP address Range – Example: 10.68.90.10-10.68.90.99
- CIDR – Example: 10.106.90.0/24
-
FQDN of the machines or Domain name – Single or wildcard domain. Example: ex.destination.domain.com, *.domain.com
Important:
- End users can access the apps using FQDN even if the admin has configured the apps using the IP address. This is possible because the Citrix Secure Access client can resolve an FQDN to the real IP address.
The following table provides examples of various destinations and how to access the apps with these destinations:
Destination input How to access the app 10.10.10.1-10.10.10.100 The end user is expected to access the app only through IP addresses in this range. 10.10.10.0/24 The end user is expected to access the app only through IP addresses configured in the IP CIDR. 10.10.10.101 End user is expected to access the app only through 10.10.10.101 *.info.citrix.com
End user is expected to access subdomains of info.citrix.com
and alsoinfo.citrix.com
(the parent domain). For example,info.citrix.com, sub1.info.citrix.com, level1.sub1.info.citrix.com
Note: The wildcard must always be the starting character of the domain and only one *. is allowed.info.citrix.com End user is expected to access info.citrix.com
only and no subdomains. For example,sub1.info.citrix.com
is not accessible.The destination IP address must be unique across resource locations. If a conflicting configuration exists, a warning symbol is displayed against the specific IP address in the Application Domain table (Settings > Application Domain).
-
Port – The port on which the app is running. Admins can configure multiple ports or port ranges per destination.
The following table provides examples of ports that can be configured for a destination.
Port input Description * By default, the port field is set to “*”
(any port). The port numbers from 1 to 65535 are supported for the destination.1300–2400 The port numbers from 1300 to 2400 are supported for the destination. 38389 Only the port number 38389 is supported for the destination. 22,345,5678 The ports 22, 345, 5678 are supported for the destination. 1300–2400, 42000-43000,22,443 The port number range from 1300 to 2400, 42000–43000, and ports 22 and 443 are supported for the destination. Note:
Wildcard port (*) cannot co-exist with port numbers or ranges.
- Protocol – TCP/UDP
-
App type – Select TCP/UDP.
-
Click Save. The app is added to the App Configuration page. You can edit or delete an app from the Applications page after you have configured the application. To do so, click the ellipsis button on an app and select the actions accordingly.
- Edit Application
- Delete
Configure access policies for TCP/UDP apps
To grant access to the apps for the users, admins are required to create access policies. For details, see Configure access policies.