search cancel

Configure Cloud SWG Policy for Citrix Cloud

book

Article ID: 257169

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

As an administrator, I would like to allow the Citrix Cloud application domains/IP via the Cloud Secure Web Gateway.

Environment

Cloud Secure Web Gateway

Citrix Cloud

Resolution

To properly operate and consume the Citrix Cloud services, the following addresses must be contactable:

citrix.com
cloud.com
citrixworkspacesapi.net
citrixnetworkapi.net
cedexis-test.com
citm-test.com
cedexis.com
cedexis-radar.net
nssvc.net
g.nssvc.net
c.nssvc.net
servicebus.windows.net
blob.core.windows.net
sharefile.com
iwsprodeastusuniconacr.azurecr.io
iwsprodeastusuniconacr.eastus.data.azurecr.io
xendesktop.net

Allow Citrix Domains via Cloud SWG :

  1. Create a domain list with the domains listed above and call it Citrix Cloud WebApp
  2. Ensure that the domain list Citrix Cloud WebApp is allowed in your WSS portal policy under Content Filtering - Group A G3 - Allowed Domains/URLs
  3. Ensure that the domain list Citrix Cloud WebApp is allowed in your WSS portal policy under Threat Protection Group A: G2 - Trusted Destinations

    Note: If you are running Universal Policy Enforcement using Management Center. It is suggested to do the same.

In regards to SSL Interception via Cloud SWG proxies. There are some domains that Citrix recommends NOT to do SSL interception on. Make sure to add these domains to your SSL Exemption policy. 

nssvc.net
g.nssvc.net
c.nssvc.net
cedexis-test.com
citm-test.com
cedexis.com
cedexis-radar.net

Additional Information

Reference: Citrix Cloud System and Connectivity Requirements