I need to lock Citrix (in Application Control) to only allow users on the Lan to go to a specific external IP. This ensures they can only remotely connect to devices we allow.
The bits that confusing me is when selecting the destination I need to add the IP address in but should it be set as Virtual IP or Address?
What is the port used for the Citrix server you want your users to reach? If it is HTTPS, then create an access rule that allows HTTPS access to the external IP address. Make sure the rule uses NAT (Hide behind interface should work in most cases). You don't need an application control policy on this. This rule should be before your general browsing rule(s). The browsing rules should have an application control policy that prohibits Citrix to prevent users from reaching other Citrix servers.
HTH
d
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.