Deploy NetScaler Gateway VPN profile using Microsoft Intune

So with the upcoming integration between Intune and NetScaler I decided to take a look at some of the possiblities that are here with the latest build.  I’ve blogged a bit about it before that Intune and NetScaler now supports Conditional Access to web applications, but Intune also supports VPN profile deployment to Citrix NetScaler SSL VPN.

Now Citrix has two VPN clients, one for iOS and one for Android. The iOS version has supported Intune for about 1 month, but to be able to leverage it for Android you need to join the beta version program, which can be found here –> https://play.google.com/store/apps/details?id=com.citrix.CitrixVPN&hl=no if you get it on AppStore you have an option to choose beta version from there.

Since there is no option to deploy the Android beta app using Intune as of now, this step will only show the Android client as is (this will of course change when Citrix gets out an updated version)

NOTE: Leveraging this walktrough, it requires that your Android device is already enrolled into Intune using Company Portal.

Since Intune doesn’t support linked Android from store you need to download the apk file from the store, so using a site like apkpure — https://apkpure.com/citrix-vpn/com.citrix.CitrixVPN

Software installer from Intune (Yes its in Norwegian…) but I just point to type APK and find the APK file stored locally on my computer.

image

After you have uploaded it, we can distribute it to our users.

image

The easiest way to not enforce an deployment is to choose user based install and define it as available

image

Now we need to configure the VPN Policy within Intune. Go into policies – Configuration Policies – Click Add – Android – VPN Profile. Select Citrix from the connection type.

Define the IP address of the NetScaler Gateway. Even though it is a reuirement to define custom data I havent found any documentation around what kind of data it is expecting there yet.

image
I just defined a Authentication method to username and password and defined an IP address.
NOTE: The documentation on Citrix just started appearing in the last 20 days so I expect some more information come there a bit later as well.

After you’ve created the policy you have to deploy it to our devices

image

When the policy refresh happens on the device or you can go into the company portal and refresh the VPN policies.

Screenshot_20170101-213006

So after the VPN profiles have been refreshed you can open up the Citrix SSL VPN client and notice that the VPN connection has been created.

Screenshot_20170101-213020

So in the next post we will take a closer look at Per-App VPN and Conditional Access leveraging Citrix VPN.

Leave a Reply

Scroll to Top