1 Reply Latest reply on Aug 17, 2019 9:55 AM by srodenburg

    Internal and external accesses via a single UAG ?

    francoisma Lurker

      Hello,

       

      When a single unified access gateway is used for both internal (i.e. corporate network) and external (from the internet) accesses, I wonder if it is possible to distinguish these accesses with smart policies in order to set a property on the target vm with different

      values (e.g. Internal of External).

       

      Ideally, I would even like to be able to retrieve the public IP address of the client directly in a property on the VM.

      i was hoping to use the ViewClient_IP_Address property, but it happens to be the local address of the client endpoint (which might collide with the private IP range of the corporate network) and not the client  »public » IP address that the client uses to connect to the UAG. I wasn’t successful with the ViewClient_Broker_Remote_IP_Address either, which happens to take the value of the IP address of the internal interface of the UAG.

       

      Does anyone know how this could be achieved?

       

      Thanks if advance for any help!

      Francois

        • 1. Re: Internal and external accesses via a single UAG ?
          srodenburg Hot Shot
          vExpert

          I don't entire understand why you want to go through a AUG for internal VDI access. If you use regular "direct connect" access, the ip-address of internal endpoints is directly visible as an env.variable. So that's covered.

           

          Concerning the clients on the internet. Due to them very possibly being natted, knowing their public IP is not helping you as multiple clients that are behind the same firewall (in a hotel or another company), will all have the same public IP.

          And as you said, using the end-point IP of "internet clients" is not helpful either as it might overlap with ip-ranges of your VDI environment.

           

          What do you need that IP address for then? For external clients, it's virtually impossible to retrieve a really unique IP from them in each and every possible way they access your VDI. So many things you don't have control over.