Am I able to build the ICG on an internal network then move it to the DMZ, or will changing the IP later break the connection?
It depend, how did you setup the certificate? IP, Wildcard or hostname based?
Hostname and/or IP address of certificate target server: Hostname(s) or IP address(es) for which the certificate is valid. Multiple entries are allowed, separated by semicolons.
So I can enter both the internal and “final” external IP in the cert and it will work before and after the move?
If it’s IP based, you would have to recreate a Signed certificate with the right IP (or even better Wildcard): kb.igel.com/igelicg-2.01/updating-expired-icg-keystores-26029821.html please stay in the same ROOTCA, that’s mandatory. Then, I would build a second Server, reinstall ICG there with the new Keystore, add it to UMS, wait a few days and check that every devices got the new config, and then shutdown ICG1. That’s how I’m doing it on customer sites, if someone has a more handy procedure, please correct me 😄
During rereading, I‘m not sure to have understood you right tbh. Which IPs are changing during that move? ICG<=>UMS or WWW Endpoints<=>ICG?
I wanted to setup the server on an internal network, then move it to the dmz network. But since our remote users will need to VPN anyways to access other things, I am not sure the ICG is even needed.
It would make sense, at least if you already have EMP:
• Remote Shadowing even before VPN is established or if a User needs support for the VPN
• Remote Wipping of the device if stolen / lost
ICG is fairly portable as long as the same CA chain and name is used. We’ve completely removed the ICG from UMS, rebuilt it using the same keystore and name, re-added in UMS, and the IGEL will simply pick it back up on next reboot.
Continue reading and comment on the thread ‘Can I build an IGEL ICG on an internal network then move it to DMZ, or will changing the IP later break the connection?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.
Submit a question, or Join Today!
Popular Message Threads
- Error “AM_ERROR_AUTH_NETWORK_ERROR ” adding store in Citrix Workspace App version 20.x on IGEL OS 11.04
- How to Install IGEL OS via a Bootable USB Drive
- How to change the default IGEL UMS admin password?
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- What distro of Linux the IGEL kernel is based on?
- IGEL UD3 (LX50) randomly get this error with Citrix: The X Request 130.1 caused error :”10: BadAccess ( attempt to access private resource denied) any ideas?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?