Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Configuring F5 with iApp and Storefront 3.x

Hello everyone,

I would like your feedback and if possible the steps that are required to implemented a recent Citrix infrastructure (Storefront 3.0 + ) with F5 network equipment doing the load-balancing and mainly the Access Policy Manager (with iApp) ? We are struggling to implement it

Our goals are:

1- Be in HTTPS from the Citrix Receiver to the F5 and to the Storefront 2 - Make sure that all traffic come and go through the F5 3 - Allow the Storefront to know the IP of the client machine with the Receiver and not having the IP of the F5 as client's IP 4 - Be able afterwards to implement SSO or other advanced features of the Receiver

So far we have a F5 configured with the iApp, that is configured to forward the IP of the client to the Storefront but the Storefront keep seeing the IP of the F5 and not the client. The traffic is in HTTP between the F5 and the Storefront. But all traffic go through the F5.

Our version of the Storefront is:

Thank you for your advices ! Let me know if you need more info

Rate this Question

Answers to this Question


Hello, To capture client's ip you need to make your StoreFront web server x-forwarded-for header aware. To do so please refer to page 30 of XenApp deployment guide.

Comments on this Answer
Comment made 17-Jun-2016 by D@mienb 6
Hello Alex, I'm not sure this doc is still up to date. The Java client does not exist anymore in Citrix. Furthermore the path mentionned and even the file does not exist (which is explained according to me by the fact Java client does not exist anymore) "Open the file \Inetpub\wwwroot\Citrix\XenApp\app_code\PagesJava\com\citrix\wi\pageutils\Include.java on the Web Interface server, and find the function named getClientAddress. " But there is no "app_code" folder in the XenApp directory on the IIS server and no file or folder at all with the name including java. As you can see this is for when StoreFront used to be Web Interface (the path mentionned clearly the "wi" of this)
Comment made 17-Jun-2016 by alex100 317
Hello. My mistake. The instructions weren't accurate as they are specific to Web Interface servers but not StoreFront. Now, what version of Big-IP are your using? For StoreFront 3 there are specific minimum Big-IP OS requirements that are specified in deployment guide. Make sure you are on the version that supports StoreFront v3. Also, is you http profile configured to insert x-forwarded-for header?
Comment made 20-Jun-2016 by D@mienb 6
Hello Alex, the version for Big-IP that we use is 11.4.1 HF9 . How can I know if it is good ?
Comment made 20-Jun-2016 by alex100 317
Hi. It's on the first page right inder "Products and Versions".

Did you already configured this? if so, what changes did you made on store front? I am having similar kind of issues. using APM and LTM and passing it through the Storefront 3.0.1, but it prompts me with an error message, "login expired".