Citrix ADC – Gateway Service is Forbidden

Reading Time: 2 minutes

This is just a quick post about an issue I encountered today with a vanilla ADC VPX with Firmware 13.0-85.15. After importing the VPX and configuring the ADC I could not reach the login page of the Citrix Gateway (ICA-Proxy).

403 – Forbidden – You don’t have permission to access this resource.

My first thougt: This must be a mistake with the DNAT configured by the network administrator translating from the public ip address to a wrong private ip. But a tcpdump on the VPX confirmed that the traffic was routed to the fresh installed Citrix ADC appliance. In the browser develolper options you could cleary see that the response came from the /logon/LogonPoint/index.html and the NSC cookies have been set.

So what is going on here? I started digging in the file system and found out that something in the “/var/netscaler” directory was missing… Can you see it?

Exactly the “logon” directory is not existing.

After grabbing the “logon” folder from a working VPX (same build – but upgraded) and putting it to the right location the Citrix Gateway Service started to be reachable with the login mask as you would expect it!

Conclusion: This seems to be a bug with the provided VPX Appliance Template from the Citrix Download Portal. In this scenario the VPX was deployed on a VMware environment. I dont know if other versions (13.1.x) and Hypervisors are affected as well. Please leave a comment if you made the same experience.


Leave a Reply

Your email address will not be published. Required fields are marked *