Webtop with Citrix links and Portal links
I have built a Citrix portal using the iApp and it works exactly as expected. The individual Citrix applications are displayed directly on the webtop. All is good. I then added some regular portal links to the webtop however when I click on the portal link I get a web page not available. I am getting this in the packet log:
allow ACL: /PORTAL/allow-remaining_acl:0 packet: https://vpn.company.com/f5-w-687474703a2f2f7777772e696e742e636f6d70616e792e636f6d$$/ tcp 1.2.3.4:50236 -> 10.1.2.87:443
allow ACL: /PORTAL/allow-remaining_acl:0 packet: https://vpn.company.com/f5-w-687474703a2f2f7777772e696e742e636f6d70616e792e636f6d$$/ tcp 1.2.3.4:50238 -> 10.1.2.87:443
allow ACL: /PORTAL/allow-remaining_acl:0 packet: https://vpn.company.com/f5-w-687474703a2f2f7777772e696e742e636f6d70616e792e636f6d$$/ tcp 1.2.3.4:50239 -> 10.1.2.87:443
687474703a2f2f7777772e696e742e636f6d70616e792e636f6d is http://www.int.company.com which is the portal link I created 1.2.3.4 is the IP address of the remote user 10.1.2.87 is the IP address of the Big IP (NAT on external facing FW)
The portal link actually has packet logging enabled however it is not showing up in the log. Instead the last ACL which allows all is catching and logging the traffic.
Just to prove that everything works, I created from scratch a regular portal (ie non-Citrix) in another partition. This produces the normal log messages and works as expected:
allow ACL: rewrite_/TEST/www.int.company.com:0 packet: http://www.int.company.com/resources/Styles/assets/images/iconTravelBookings.png tcp 1.2.3.4:50158 -> 192.168.10.10:80
allow ACL: rewrite_/TEST/www.int.company.com:0 packet: http://www.int.company.com/resources/Styles/assets/images/iconPasswordReset.png tcp 1.2.3.4:50160 -> 192.168.10.10:80
allow ACL: rewrite_/TEST/www.int.company.com:0 packet: http://www.int.company.com/resources/Styles/assets/images/iconThankYouCards.png tcp 1.2.3.4:50161 -> 192.168.10.10:80
In this case the proper rewrite is happening and the traffic is being proxied to www.int.company.com which sits on IP 192.168.10.10:80
I can see some differences between the configuration built by the Citrix iApp and the manual configuration that I built, however I cannot figure out what is wrong. I thought I had copied all of the important parts from the working portal over to the Citrix build but I must be missing something. I would expect that after adding the rewrite profile to the Citrix config that the log entries would begin with rewrite but they don’t.
Any suggestions?
APM 11.5.3