- We tried few times to deploy Citrix connection over WAF but did not work because of Citrix itself securing another type of own VPN/ SSL encrypted connection.
- Citrix encapsulates ICA protocol data over HTTPS/SSL
- Silverline WAF
- Proxy / Proxies
- It seems that once the Silverline WAF intercepted it, it didn't like to re-encrypt after decryption.
- Often with Citrix types of deployments, setting up an SSL HTTP or HTTP service will cause issues because of non-HTTP requests through the proxy.
- Implementing TCP Generic service type and changing the ports to 443, while adding just threat intelligence works fine.
- Setting the proxy as a TCP Generic service type will allow the proxy to just forward the traffic without any HTTP service type inspecting the traffic.