Issue / Solution: Citrix Application Implementation Issues with Silverline WAF Proxies



  • We tried few times to deploy Citrix connection over WAF but did not work because of Citrix itself securing another type of own VPN/ SSL encrypted connection.
    • Citrix encapsulates ICA protocol data over HTTPS/SSL



  • Silverline WAF
  • Proxy / Proxies



  • It seems that once the Silverline WAF intercepted it, it didn't like to re-encrypt after decryption.
  • Often with Citrix types of deployments, setting up an SSL HTTP or HTTP service will cause issues because of non-HTTP requests through the proxy.



  • Implementing TCP Generic service type and changing the ports to 443, while adding just threat intelligence works fine.
  • Setting the proxy as a TCP Generic service type will allow the proxy to just forward the traffic without any HTTP service type inspecting the traffic.


Related Content

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request