Hi! I have a question reagarding UMS, ICG and NetScaler as SSL-bridge. Is it correctly understood that ICG doesn’t need to be on a DMZ if we are using NetScaler as a SSL-bridge? From my understanding UMS and ICG may be on the same network if we are using a NetScaler in between. I took the below photo from Disrupt in München, but it says that ICG should be on a DMZ, but I think that’s wrong. The reason that I am asking is that we are going to deploy UMS and ICG in Azure and I want to understand if they both may be on the same virtual network/subnet. All clients will connect to the UMS externally via ICG.

The ICG can be located anywhere in the world wide web. That’s the big advantage of it. You can use Azure, AWS or any other hoster.
It depends on the architecture. Theoretically you could place the icg on internal network and just do port forwarding. To enhance the hardening in that case I would suggest to add a NS (or some other solution suited for the task). I’m using exactly this in my lab, a NS is on the dmz, the icg and ums on the internal network. That’s the fine thing with having a ADC reverse proxying connections, you can do what you like.
Thank you both for your prompt response. @member That’s exactly how I want to design it as well. 🙂
Every reverse proxy should work, you could probably also use Azure application proxy
Haproxy Will also so the trick or a appliance like pfsense
Continue reading and comment on the thread ‘Is IGEL ICG required to be in the DMZ when using NetScaler as SSL-bridge?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!
Popular Message Threads
- Error “AM_ERROR_AUTH_NETWORK_ERROR [65275]” adding store in Citrix Workspace App version 20.x on IGEL OS 11.04
- How to Install IGEL OS via a Bootable USB Drive
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- How to change the default IGEL UMS admin password?
- IGEL UD3 (LX50) randomly get this error with Citrix: The X Request 130.1 caused error :”10: BadAccess ( attempt to access private resource denied) any ideas?
- What distro of Linux the IGEL kernel is based on?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?