Citrix Access Gateway – Configure Failover


In this post I’m going to show you how to setup and test failover for Citrix Access Gateway. In this example I’m using the default network interface for Applicane Failover, but it’s recommended to add a dedicated interface.

When you’re setting up Failover the Citrix Access Gateway both appliances new to be on the same version. You also need to make sure that both applicances have matching passwords since those aren’t replicated.

With two appliances joined as a failover pair, users connect to a shared virtual IP address instead of the real eth0 or eth1 IP address. You define one virtual IP address that users will connect to and another virtual IP address which Citrix Access Gateway will use when communicating with back-end resources. The internal and external virtual IP address can both be the same as in our example.

Primary VPX :

Head over to your Primary Citrix Access Gateway VPX and from the Management Node select Networking and check Application Failover.

Now the Appliction Failover node will be available and here you’ll need to provide some information.

Appliance Failover Role : Primary
Shared key : Your Private Shared Key
Peer IP Address : The address on you secondary VPX
Internal virtual IP : Interal and Extrnal can be the same address
External virtual IP : Interal and Extrnal can be the same address

Click Save and Start and then restart the appliance. You’ll now be able to access your Citrix Access Gateway from the external virutal IP address.

Secondary VPX :

Type in the Shared Key, the Peer IP address (the Primary VPX), click Join Primary and reboot the appliance when the button turns red.

On the secondary appliance most of the configuration pages will become unavaiable, since it inherits configuration settings from the primary VPX. This includes host name, certificates, authentication profiles and so on.

The easiest way to test the configuration is add the internal/external virtual IP address to C:\Windows\System32\drivers\etc\hosts and then shut down the Primay VPX. If you get the following error 401 – Unauthorized: Access is denied due to invalid credentials you’ll need to change the host file on you Web Interface server to point to the new external virtual IP address.

When Citrix Access Gateway 5.0.5 is released I’ll show you how to upgrade the applicances in a failover pair.

Resource :


Automation Framework Community Edition

The fastest way to build your lab environment.

Virtual Expo

Friday 30th of September 2022

Leave a Comment