To overcome the challenge, we can seperate the FQDN based on different type of traffic:
- FQDN_Authn: HTTPs protocol, used for authentication and desktop/application enumeration.
- Go through WAF.
- FQDN_ICA: ICA over TLS protocol, used for desktop/application launch.
- Bypass WAF.
On NetScaler gateway, you can retain 1 gateway vServer as usual. But on Firewall, different entrance must be configured for 2 FQDNs to separate the traffic.
On StoreFront, you need to configure Optimal HDX Routing. The following is an example:
1. Create 2 gateways on StoreFront:
a. Gateway for FQDN_Authn:
b. Gateway for FQDN_ICA:
2. Select the Store, click Configure Remote Access Setting. Enable remote access and select the gateway you created in step 1.a.
3. Select the Store, click Configure Store Settings > Optimal HDX Routing. Select the gateway you created in step 1.b. Click Manager Delivery Controllers. Select the DDCs for the Store.
Note: Manage Zones can be checked too if you have Zones set in DDC.
