Applies To:

Show Versions Show Versions

Manual Chapter: FirePass® Controller version 5.5 Administrator Guide: Configuring Application Access
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


7

Configuring Application Access


Introducing Application Access

The FirePass Applications Access features provide remote users with web-based remote access to a wide variety of network applications and resources, including email servers, intranet servers, file servers, terminal services, and legacy mainframe, IBM iSeries and AS/400, Telnet character-based terminal applications. Each application takes the data from the source and renders it in the user's browser window, so there is no need to download a client yourself.

Application Access enables users to use an existing client to access the server application through App Tunnels, or they can have the FirePass controller supply the browser-based Legacy Hosts and Terminal Servers ActiveX components or Java client.

Application Access consists of three main types of access:

  • App Tunnel access
    Provides remote users with browser-based access to a backend server. App Tunnels provide secure, application-level TCP/IP connections from the client browser into a specified set of IP addresses and ports on the LAN.
  • Legacy host access
    Provides remote users with browser-based, character-driven terminal access to legacy VT100, VT320, Telnet, SSH, and IBM 3270 and IBM 5250 applications without any modifications to the applications or application servers.
  • Terminal services access
    Provides remote users with browser-based, graphical terminal interfaces for Microsoft Terminal Servers, Citrix MetaFrame applications, and VNC servers.

Application Access does not require any application modifications or any third-party software to enable the interaction with the application.

The connection process automatically downloads and installs all components required on the client system. You can also preinstall the components, if your company security policy prohibits ActiveX component installation by the end user.

Legacy Host access supports TN5250 and IBM iSeries and AS/400 connections through an ActiveX control for Internet Explorer, and a self-installed plug-in for Netscape or Mozilla browsers on Windows client computers to interpret the terminal data stream. Legacy Host access provides support through Java for VT100/320 for UNIX, and TN3270 for mainframes.

Understanding App Tunnels

Application Tunnels, or App Tunnels, provide much the same functionality as Network Access, but they allow additional control over which application a user can access through the FirePass controller. You can configure App Tunnels to work without requiring the user to have administrative rights on the client system.

Using App Tunnels, you can configure secure, application-level TCP/IP connections from the client to a specific set of IP addresses and ports on the network. On the remote end, the browser loads an ActiveX control in Internet Explorer, and a self-installed plug-in for Netscape or Mozilla browsers on Windows platforms. After the process establishes a connection, the user-defined applications that use these connections can be started automatically.

Unlike a traditional IPsec VPN client that exposes the entire network, App Tunnels only create connections to the specific resources used by the configured application. You can also restrict users to the particular application they need to use.

You can configure the following applications for use with App Tunnels:

  • Applications that are accessed using HTTP or HTTPS
  • Terminal emulators, including SSH
  • Internet Mail (POP/IMAP/SMTP)
  • LDAP-enabled clients
  • Network drive mapping
  • Custom applications

In general, any TCP/IP-based client-server applications that do not require dynamically bound ports work with App Tunnels. App Tunnels do not support UDP application traffic.

Figure 7.1 , following, shows a comparison of the flow of application data in a traditional environment and with the FirePass controller App Tunnels.

Figure 7.1 Comparison of application data flow without and with the FirePass controller

Defining App Tunnel favorites

You can create favorites and aliases to favorites on the Resources screen. A favorite is a named and saved set of options. An alias to a favorite is a named link to an existing favorite in another resource group. Favorites and aliases to favorites appear as links on the user's webtop. When a user clicks a favorite or an alias, the system establishes a connection to the App Tunnel configured.

To create an App Tunnel favorite or alias

  1. In the navigation pane, click Application Access.
    The Application Access : App Tunnels : Resources screen opens.
  2. From the Resource Group list in the upper left, select the resource group you want to contain the favorite.
  3. Click the Add New Favorite link.
    The screen refreshes to reveal additional options.
  4. From the Type list, select from the following types:
    • Favorite: Represents a new App Tunnel.
      To create a new favorite, select Favorite, and skip to step 5 .
    • Alias: Represents an association with a existing favorite from a different resource group. If there are no other groups available, or no other connections have been defined, the Alias option is not available.
      When you select Alias, the screen refreshes to reveal additional options.
    • From the From group list, select the resource group containing the existing favorite you want to use as the source.
    • From the Favorite list, select the favorite.
    • Click the Add New button.
      The new Alias appears in the list.
  5. To continue creating a new favorite, in the Name box, type the identifying label you want to use.
    The FirePass controller displays this name as a label for the App Tunnels favorite in the user's web browser.
  6. Check the Display message box before launching applications check box to have the FirePass controller present a confirmation message for the user to accept before running the application.
  7. From the Add new list, select an application class.
    • Custom client
    • Exchange
    • Internet EMail (POP + SMTP)
    • Internet EMail (IMAP + SMTP)
    • LDAP
    • HTTP
    • HTTPS
    • Telnet
    • SSH
    • VNC
    • Front Page/WebDAV
    • MS Terminal Services
    • Citrix
    • RPC port mapper
    • FTP (Passive)
    • MS File Shares
    • Exchange Client/Server Comm.
  8. In the accompanying Add new box, type the host name or IP address of the service that is to be accessed within your network.
    Be sure to review the items in Configuring Remote Host and Local Host settings: important considerations , following, for important information regarding configuring this option.
  9. If you want to restrict access based on a defined protected configuration, from the Endpoint protection required list, select the protected configuration. To add endpoint protection, you must first define access rules.
    For more information about protected configurations, see Creating protected configurations, on page 3-21 .
  10. Click the Add New button.
    The screen changes to reveal additional options, populated with common settings.
  11. For example, if you chose https as the application class, the FirePass controller enters 443 in the Remote Host : Port or Range box. The FirePass controller generates an IP address on the 127.0.0.0/255.0.0.0 subnet, and places that value, along with 443, in the Local Host : Port or Range boxes. This is the IP address the client connects to when using the App Tunnel.

  12. In the Command Line box, you can specify a string that starts an application transparently for the user. For example:
  13. iexplore http://127.10.10.80/sales/automation.pl telnet 127.10.10.10 putty -ssh 127.10.10.10
  14. Click the save button to the right of the favorite.
    You can modify any setting by changing it and clicking the Update button.

Configuring Remote Host and Local Host settings: important considerations

If you specify a network name (that is, a DNS name, a WINS name, or a static host name) instead of an IP address in Remote Host or Local Host, the App Tunnel patches the hosts file on the client computer during the connection.On Windows systems, you can find the hosts file in <drive>\<windowsdir>\system32\drivers\etc\hosts. The temporary patch allows the App Tunnel to override the network name settings, while preserving the existing network name settings for the applications. The App Tunnel restores the original hosts file when it ends the session.

Important

For this patching operation, users on Windows platforms must have local administrative rights to modify the hosts file during the connection, or the administrator must change the attributes of the hosts file to allow nonadministrative modification.

App Tunnels supports forwarding ranges of TCP ports. To do so, specify the range in the Remote Host : Port or Range and Local Host : Port or Range boxes as port1-port2,port3,port4-port5, and so on. App Tunnels limits the maximum number to 50. If you use port ranges, the range you specify in local and remote must match.

Creating custom App Tunnels

You can create a custom tunnel by specifying the values you want for the connection in the Remote Host : Port or Range and Local Host : Port or Range boxes. In general, F5 Networks recommends that you leave the port value intact, unless the client's computer is running a service on that port.

We also recommend that the IP addresses you specify be associated with the DNS name of the service the clients need in either the local hosts file or on the DNS server. For example:
telnet.siterequest.com 127.10.10.10

Configuring App Tunnel auto-open

You can configure an App Tunnel to open automatically, depending on the assigned protected configuration.

To configure App Tunnel auto-open

  1. Create an App Tunnel favorite, as described in Defining App Tunnel favorites, making sure to select a defined protected configuration from the Endpoint protection required list.
  2. Check the Autolaunch based on endpoint protection check box.
    The screen reveals additional options.
  3. From the endpoint list, select the endpoint protection you want to require.
  4. Click the Apply button.

Now, when users who log on have the endpoint protection you require, the FirePass controller automatically opens the associated App Tunnel and provides the user access.

Creating App Tunnels to network file shares

You can configure an App Tunnel to map network file shares automatically, depending on the assigned protected configuration.

To map a network drive

  1. Create an application tunnel with type MS File Shares.
    For information about creating application tunnels, see Defining App Tunnel favorites.
  2. Set both remote and local ports to 139.
    139 is the default setting.
  3. In Command Line, type a string for the process to use to mount the drive.
    You can use the following templates, substituting your network information in the appropriate places.

net use <*/drive_letter:> \\<ip|computer_name>\share_name [/user:user_name]"

For example, if you want to map the P drive on the client computer to the brochures share, which is located at the 192.168.28.100 address, type:

net use p: \\192.168.28.100\brochures

For drive mapping to work, the FirePass controller must have a valid certificate signed by a Certificate Authority accepted by the browsers. Otherwise, a security warning dialog might prevent the drive from being mapped successfully.

Configuring master group settings for App Tunnels

You can specify master-group based settings that apply whenever a user who belongs to a specific master group clicks a favorite in the App Tunnels section of the webtop. You set master group settings on the Application Access : App Tunnels : Master Group Settings screen.

Understanding general master group settings for App Tunnels connections

General master group-based settings for App Tunnels govern the App Tunnels type of Application Access connections. You can specify the following master-group-based settings.

  • Use gzip compression
    Compresses all traffic between the client and the FirePass controller, using the gzip (deflate) method.
  • Limit AppTunnels Access to Favorites only (for Extranets, partner and customer access, etc.)
    Removes the Direct Connect link from the user's webtop, and prohibits the user from creating custom favorites, which limits client access to App Tunnels that are defined and listed in the favorites section. When you check this check box, the screen refreshes to reveal a second check box, Allow Direct Connection limited by the scope. When you check the second check box, the screen presents boxes in which you can specify a list of IP addresses and a list of port ranges. The FirePass controller automatically creates App Tunnels for Portal Access-based communications from the specified addresses or ports.
  • Auto-login to applicable AppTunnels using FirePass user login credentials (applies to MS File Shares Drive Mapping)
    In situations in which the user's FirePass controller user name and password match the Windows Domain credentials, this feature permits the user to access a file share without having to logon again.

For more information about master groups, see Introducing master groups and resource groups, on page 2-1.

Configuring Customization settings on the Master Group Settings screen

Settings in the Customization section affect all App Tunnels types of Application Access connections in the master group specified in the Master Group list at the top of the screen.

  • Present the user with a message box after successfully creating AppTunnel
    Lets the user know that the App Tunnel was successfully created.
  • Minimize window after successfully creating AppTunnel
    Minimizes the user's App Tunnel control window after the App Tunnel opens.
  • Do not show remote server address in AppTunnel window
    Cleans the user's URL so that the actual server address does not appear in the browser's address field.

Configuring settings for the AppTunnels webifyer status in the group <groupname> section of the Master Group Settings screen

The final section of the Master Group Settings screen contains a message, for example:

AppTunnels is presented at the Beginner level, always visible to a user in the group <groupname>.

The User Experience screen, accessible by clicking Click to change the status and/or webifyer position on the webtop, provides some options for customizing what the user sees.

Understanding Legacy Host connections

You can configure access to legacy, or green screen, systems on mainframes, and other traditional text consoles, using the Legacy Hosts option. To set master-group-level policies and behaviors, use the Application Access : Master Group Settings screen. For more information, see Configuring master group settings for terminal server connections.

The Application Access : Legacy Hosts feature supports the following terminal types:

  • Tn3270, 80x24 in Java
  • Tn3270, 80x32 in Java
  • Tn3270, 80x43 in Java
  • Tn3270, 132x27 in Java
  • Tn5250, 80x32 as ActiveX control/Netscape Mozilla plug-in
  • Tn5250, 132x27 as ActiveX control/Netscape Mozilla plug-in
  • Vt-100 Telnet in Java
  • Vt-100, 80x25 in Java
  • Vt-100, 80x32 in Java
  • Vt-100, 132x24 in Java
  • Vt-100,132x32 in Java
  • Vt-220 Telnet in Java
  • Vt-220, 80x25 in Java
  • Vt-220, 80x32 in Java
  • Vt-220, 132x24 in Java
  • Vt-220, 132x32 in Java
  • Vt-320 HTML
  • Vt-320 Telnet in Java
  • Vt-320, 80x25 Telnet in Java
  • Vt-320, 80x32 Telnet in Java
  • Vt-320, 132x24 Telnet in Java
  • Vt-320, 132x32 Telnet in Java

Password-based SSH connection (v2.0) is optional. You can find additional information in the online help for the Application Access : Legacy Hosts : Resources screen.

Defining legacy host favorites

You can create favorites for legacy host connections. A favorite is a named and saved set of options. A favorite appears as a link on the user's webtop. When a user clicks the link, the system establishes a connection to the legacy host configured.

To create a Legacy Host favorite or alias

  1. In the navigation pane, click Application Access, and click Legacy Host.
    The Application Access : Legacy Hosts : Resources screen opens.
  2. From the Resource Group list in the upper left, select the resource group you want to contain the favorite.
  3. Click the Add New Favorite link.
    The screen refreshes to reveal additional options.
  4. From the Type list, select from the following types:
    • Favorite: Represents a new connection definition.
      To create a new favorite, select Favorite, and skip to step 5 .
    • Alias: Represents an association with a existing favorite from a different group. If there are no other groups available, or no other connections have been defined, the Alias option is not available.
      When you select Alias, the screen refreshes to reveal additional options. Continue with these steps:
    • From the From group list, select the resource group containing the existing favorite you want to use as the source.
    • From the Favorite list, select the favorite.
    • Click the Add New button.
      The new Alias appears in the list.
  5. To continue creating a new favorite, in Name, type the identifying label you want to use.
    The FirePass controller displays this name as a label for the Legacy Host favorite in the user's web browser.
  6. In Host, type the legacy host for the connection.
  7. In Port, type the port you want the connection to use.
  8. Check the Use SSH check box to use SSH, or leave the box empty.
  9. Check Open in a separate window to have the connection open in a new instance of the browser window.
  10. Note: This option is always on for 5250 sessions.
  11. From the Term-type list, select the type of terminal the connection is for,
  12. In Session name, specify the name for the terminal session.
  13. Note: Session name is available for 5250 sessions only.
  14. Check the Keep Alive check box to prevent the session from ending, or leave the box empty to permit the sessions to end.
  15. Note: Session name is available for 5250 sessions only.
  16. From the Default charset list, select the character set to use for the session. The FirePass controller provides several choices:
    • DEC Supplemental Graphic Set
    • MS-DOS Codepage 850 (Multilingual Latin 1)
    • IBM Codepage 850
    • ISO 8859-1 (Latin-1)
    • Unicode
  17. From the Unicode encoding list, select the encoding. The FirePass controller provides several choices:
    • UTF-8
    • UTF-16 little-endian
    • UTF-16 big-endian
    • UTF-32 little-endian
    • UTF-32 big-endian
  18. If you want to restrict access based on a defined protected configuration, from the Endpoint protection required list, select the protected configuration.
    For more information about protected configurations, see Creating protected configurations, on page 3-21 .
  19. Click the Add New button.

You can change any of these settings by clicking the link representing the favorite, modifying the setting, and clicking the Update button.

Configuring legacy hosts keyboard mapping

A keyboard map contains mapping instructions for associating one keystroke or key sequence on the client, to another keystroke or key sequence. For example, you can map Esc+Shift+1 to the F1 key if the client keyboard does not have function (F) keys on it.

The FirePass controller provides default keyboard mappings for the listed terminal types. However, you can override one or all key mappings. Using keyboard mapping, you can customize legacy hosts favorites to use non-standard keyboards or other code pages, and to add custom commands and shortcuts.

The Legacy Hosts Keyboard Map section of the Legacy Hosts screen contains the table of defined keyboard mappings that becomes the default for the legacy hosts favorite you are configuring. You can debug user-side keyboard mapping issues for specific devices and sessions by specifying a keystroke in the table, and then invoking that keystroke when connected to a legacy hosts session.

To modify or add to the mapping table

  1. In the navigation pane, click Application Access, and click Legacy Hosts.
    The Legacy Hosts : Resources screen opens.
  2. From the list to the left of the Load button, select the terminal type you want to configure a keyboard map for.
  3. Click the Load button.
    The FirePass controller loads the saved mapping table into the box. If no saved table exists, the FirePass controller uses the default mapping table.
  4. Edit the table as needed to override the mappings you need to change, or to add key sequences to be translated into application commands. For more information about the structure of the mapping table, see Understanding the mapping table , following.
  5. When you specify the settings you want, click the Save button.

Understanding the mapping table

Each line in the keyboard mapping table list contains one mapping rule for a single key. You can type directly in the table to The first column in the table contains any modifiers, which represent the Ctrl, Alt, and Shift keys on the keyboard. The second column contains the key, such as F12 or Tab. The third column contains the action command. The first and second columns must be separated only by blank spaces. At least one tab character is required between the second and third columns.

Commands are specific to one application or terminal type. You can supply command arguments within the parentheses. A command with no arguments ends with an pair of empty parentheses.

The default keyboard mapping contains default commands for standard terminal types. You can add commands that act as application shortcuts. These shortcuts can send commonly-used strings to your host applications using the Send("String") command.

For example, if you want a specific key combination to send a text command plus a program function key whenever the user presses Ctrl and Alt and Shift and F12, the mapping rule might look like this:

Ctrl+Alt+Shift F12 Send("MY COMMAND"); PF1();

You can find additional information in the online help for the Application Access : Legacy Hosts : Resources screen.

Configuring master group settings for legacy hosts connections

You can specify master-group based settings that apply whenever a user who belongs to a specific master group clicks a favorite in the Legacy Hosts section of the webtop. You set master group settings on the Application Access : Legacy Hosts : Master Group Settings screen.

Understanding general master group settings for legacy host connections

General master group-based settings for legacy host connections govern the legacy host type of Application Access connections. You can specify the following master-group-based settings.

  • Limit Legacy Hosts Access to Favorites only (for Extranets, partner and customer access, etc.)
    Removes the Direct Connect link from the user's webtop, and prohibits the user from creating custom favorites, which limits client access to Legacy Hosts that are defined and listed in the favorites section.
  • Restart the Legacy Hosts Server
    When clicked, restarts a subsystem on the FirePass controller.

Configuring settings for the Legacy Hosts webifyer status in the group <groupname> section of the Master Group Settings screen

The final section of the Master Group Settings screen contains a message, for example:

Legacy Hosts is presented at the Beginner level, always visible to a user in the group <groupname>.

The User Experience screen, accessible by clicking Click to change the status and/or webifyer position on the webtop, provides a some options for customizing what the user sees.

Configuring terminal server favorites

You can create favorites for terminal server connections. A favorite is a named and saved set of options. A favorite appears as a link on the user's webtop. When a user clicks the link, the system establishes a connection to the terminal server configured.

You can provide users access to internal Microsoft Terminal Servers, Windows XP® desktops, Citrix MetaFrame® servers, and VNC servers. To specify group-level settings for Terminal Servers, use the Application Access : Terminal Services : Master Group Settings screen. For more information, see Configuring master group settings for terminal server connections.

To create a Terminal Servers favorite or alias

  1. In the navigation pane, click Application Access, expand Terminal Servers, and click Resources.
    The Application Access : Terminal Servers : Resources screen opens.
  2. From the Resource Group list in the upper left, select the resource group you want to contain the favorite.
  3. Click the Add New Favorite link.
    The screen refreshes to reveal additional options.
  4. From the Type list, select from the following types.
    • Favorite: Represents a new terminal server connection.
      To create a new favorite, select Favorite, and skip to step 5 .
    • Alias: Represents an association with a existing favorite from a different group. If there are no other groups available, or no other connections have been defined, the Alias option is not available.
      When you select Alias, the screen refreshes to reveal additional options. Continue with these steps:
    • From the From group list, select the resource group containing the existing favorite you want to use as the source.
    • From the Favorite list, select the favorite.
    • Click the Add New button.
      The new Alias appears in the list.
  5. To continue creating a new favorite, in Name, type the identifying label you want to use.
    The FirePass controller displays this name as a label for the favorite under Terminal Servers in the user's web browser.
  6. In Host, specify name or IP address.
    You can enter a list here for MetaFrame and VNC hosts. The FirePass controller shuffles the entries, then tries to use the first one in the list. If connection fails, the FirePass controller tries the next one in the list, and so on, until a working server is found. You can use this simple technique for high availability solutions.
  7. In Port, type a number to use for the port.
    To automatically populate Port with the appropriate default value, select from the adjacent list. Options are:
    • Microsoft Terminal Server - default value 3389.
    • Citrix MetaFrame - default value 1494.
    • VNC - default value 5900.
    • Citrix MetaFrame Browser - default value 80.
      This option is useful for accessing Citrix server farms, and for resolving application names to IP:port.
    • Citrix MetaFrame Portal
      Populates Port with the value 80.
      This option provides functionality similar to Citrix NFuse web portal. In this case, the FirePass controller contacts the Citrix master browser using the supplied user credentials, and obtains a list of published applications configured for that specified user.
    Note: Citrix MetaFrame Browser relies on the Citrix XML Service, which must be enabled on the target server.
  8. In Select a program, type the full path to the application on the target server to limit terminal access to a single program, restricting access to the whole system.
    For Citrix, always precede the application name with a pound sign
    ( # ) for published applications; for example, #app_name
    This can be a path to Clarify on the Crete MS Terminal Server.
  9. In Working Dir, specify the working directory for the application you specified in the preceding step.
  10. Check the Open in new window check box to have the favorite run in a new browser window, or leave the box clear to have the favorite to run in the current browser session, replacing content of the user's webtop.
  11. Check the Redirect local resources (drives, printers, COM ports) check box to have the target server's local resources available to the client after the application starts, or leave the box clear to have users retain the resources on their computers.
  12. In Encryption (Citrix-only), select the encryption level for Citrix MetaFrame connections.
    This setting specifies an internal Citrix parameter, which must match the MetaFrame server setting. Connection from the client to the FirePass controller is made using SSL, regardless of this setting. Options are:
    • Basic
      This is the default.
    • RC5 128 bit-login only
    • RC5 40 bit
    • RC5 56 bit
    • RC5 128 bit
  13. From Color Depth, select the number of colors the display on the target server supports. Options are:
    • 16 Colors
    • 256 Colors
      This is the default.
    • High Color (16 bit)
    • True Color (24 bit)
    • True Color (32 bit)
  14. If you want to restrict access based on a defined protected configuration, from the Endpoint protection required list, select the protected configuration.
    For more information about protected configurations, see Creating protected configurations, on page 3-21.
  15. Click the Add New button.

You can change any of these settings by clicking the link representing the favorite, modifying the setting, and clicking the Update button.

Configuring master group settings for terminal server connections

You can specify master-group based settings that apply whenever a user who belongs to a specific master group clicks a favorite in the Terminal Servers section of the webtop. You set master group settings on the Application Access : Terminal Servers : Master Group Settings screen.

When you enable master group policy routing for a particular master group, you should not allow users of the master group to create terminal server favorites for accessing servers that are not part of the VLAN defined for that master group.

Understanding general master group settings for terminal server connections

General master group-based settings for terminal server connections govern the terminal server type of Application Access connections. You can specify the following master-group-based settings.

  • Screen resolution
    Sets the initial screen resolution for Terminal Servers and Citrix MetaFrame content, which users can override. Although users can change screen resolution if they wish, you should set the initial resolution sufficiently large to accommodate the application window. For example, if you select 640x480, users cannot start Ethereal® applications because there is no access to the OK button.
  • Limit Terminal Servers Access to Favorites only (for Extranets, partner and customer access, etc.)
    Removes the Direct Connect link from the user's webtop, and prohibits the user from creating custom favorites, which limits client access to Terminal Servers that are defined and listed in the favorites section.
  • Auto-login to applicable Terminal Services using FirePass controller user login credentials
    Uses the user's FirePass controller user name and password to access Terminal Servers. You can also enter an optional domain or workgroup name for the FirePass controller to use when users log on to Terminal Servers. In situations in which the user's FirePass controller user name and password match the Windows Domain credentials, this feature permits the user to access a Terminal Servers connection without having to logon again.

Citrix ICA client location

The FirePass controller dynamically loads the Citrix client onto the user's system, at runtime. If your site requires a version of the Citrix Web Client that is different from what the FirePass controller provides, you can use the options described in this section to specify the location of the Citrix client to be downloaded. You can specify this setting on the Application Access : Terminal Servers : Master Group Settings screen.

  • Embedded
    If the end-user does not have a Citrix client installed, or if the installed version does not match the number displayed in the Version box, downloads and installs the Citrix client supplied on the FirePass controller.
  • Citrix web-site
    If the end-user does not have a Citrix client installed, or if the installed version does not match the number displayed in the Version box, obtains the client from the Citrix web site. You can also specify the target version number you want to download.
  • Custom URL
    If the end-user does not have a Citrix client installed, or if the installed version does not match the number displayed in the Version box, obtains the client from the location entered. You can specify the source URL and the target version number you want to download.

Configuring keyboard redirection for Microsoft Terminal Servers

The keyboard redirection setting specifies how and when to apply Windows key combinations, for example, Alt+Tab. On the Master Group Settings screen for Application Access, you can configure to apply key combinations only locally on the client computer, always, and only when the client is running in full-screen mode.

Table 7.1, following, presents the Microsoft Terminal Servers shortcut keys that this setting affects.

Table 7.1 Microsoft Terminal Servers shortcut keys
Key combination
Description
Alt+Page Up
Switches between programs from left to right.
Alt+Page Down
Switches between programs for right to left.
Alt+Insert
Cycles through the programs in the order they were started.
Alt+Home
Displays the Start menu.
Ctrl+Alt+Break
Switches the client between window and full-screen mode.
Ctrl+Alt+Break is F12 on NEC98.
Ctrl+Alt+End
Brings up the Windows Security dialog box.
Ctrl+Alt+End is F15 on NEC98.
Alt+Delete
Displays the Windows menu.
Ctrl+Alt+minus ( - )
Places a snapshot of the active window, within the client, on the Terminal Server clipboard (provides the same functionality as pressing Print Scrn on the local computer).
Ctrl+Alt+plus ( + )
Places a snapshot of the entire client windows area on the Terminal Server clipboard (provides the same functionality as pressing Alt+Print Scrn on the local computer).

Configuring Terminal Servers webifyer status in the group <groupname> section of the Master Group Settings screen

The final section of the Master Group Settings screen contains a message, for example:

Terminal Servers is presented at the Beginner level, always visible to a user in the group <groupname>.

The User Experience screen, accessible by clicking Click to change the status and/or webifyer position on the webtop, provides a some options for customizing what the user sees.

For information on how to set User Experience options, see the online help for the User Experience tab, available on the Users : Groups : Master Groups screen.

Configuring global settings for Application Access

You can configure global settings that apply to all Application Access connections. You set global settings on the Application Access : Global Settings screen.

Handling Windows power-management events

You can choose from the following power-management settings to apply to Windows-based App Tunnels, Terminal Servers, and the ActiveX version of 5250 Legacy Hosts Access. This setting specifies what should occur when Windows enters the standby, or hibernate, mode.

  • Do nothing: Ignore power management events
  • Prevent Windows from entering standby/hibernate mode while a connection exists
  • Terminate connection if Windows enters standby/hibernate mode

Configuring client messages for Windows loopback

There is an issue introduced in Windows XP SP2 in which an error occurs when attempting to connect to IP addresses in the loopback range. You can read more about the issue by clicking the KB884020 link on the Application Access : Global Settings screen.

The FirePass controller displays a message when it encounters a computer that has not received the loopback fix. By default, the FirePass controller displays the following message:

Your computer requires an update to run this application. Click here or enter the following link into your web browser to install the required update from Microsoft (KB884020).
http://support.microsoft.com/default.aspx?kbid=884020

You can change the message by modifying the text in the box in the Customization section, and clicking the Update button. The message can contain any valid HTML.




Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)