Creating session profiles and policies in order to fullfill users, enterprise needs and requirements could be a tricky thing. So let’s give it a go…
First of all you need to create a session profile, then a session policy and bind the profile to the policy.

In order to do this let’s put up a scenario where you already set up a Storefront server and a store called “MyStore” with the following data:

The Account Services url:
https://Mycompany.com (which is your base url of course when you created your deployment)

The store url:
https://Mycompany.com/Citrix/MyStore

The storeforweb url:
https://Mycompany.com/Citrix/MyStoreWeb

And an Netscaler Access Gateway containing some AGvServers, but our users should connect only through an AGvServer with IP: 11.12.13.14, our domain name is “MyDomainName” and we would like to have a session timeout of 720 minutes

Now let’s have some fun configuring some profiles and policies:

1. Receiver version supports StoreFront services protocols

Session Profile:
add vpn sessionAction Native_Receiver -sessTimeout 720 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -homePage “https://Mycompany.com/Citrix/MyStoreWeb” -icaProxy OFF -wihome “https://Mycompany.com/Citrix/MyStoreWeb” -ntDomain MyDomainName -clientlessVpnMode ON -clientlessModeUrlEncoding TRANSPARENT -clientlessPersistentCookie DENY -SecureBrowse ENABLED -Native_Receiverurl “https://Mycompany.com”
Session Policy:
add vpn sessionPolicy Native_Receiver “REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver && REQ.HTTP.HEADER X-Citrix-Gateway EXISTS && REQ.IP.DESTIP == 11.12.13.14” Native_Receiver

2. Receiver version supports StoreFront services protocols (CHROME Devices)
add vpn sessionAction Receiver_ChromeOS -sessTimeout 720 -defaultAuthorizationAction ALLOW -SSO ON -homePage “https://Mycompany.com/Citrix/MyStoreWeb” -icaProxy ON -wihome “https://Mycompany.com/Citrix/MyStoreWeb” -ntDomain MyDomainName -clientlessVpnMode OFF -clientlessModeUrlEncoding TRANSPARENT
Session Policy:
add vpn sessionPolicy Receiver_ChromeOS “REQ.HTTP.HEADER User-Agent CONTAINS crOS && REQ.IP.DESTIP == 11.12.13.14” Receiver_ChromeOS

3. Receiver for Web

Session Profile:
add vpn sessionAction Receiver_for_Web -sessTimeout 720 -defaultAuthorizationAction ALLOW -SSO ON -homePage “https://Mycompany.com/Citrix/MyStoreWeb” -icaProxy OFF -ntDomain MyDomainName -clientlessVpnMode ON -clientlessModeUrlEncoding TRANSPARENT -SecureBrowse ENABLED -Native_Receiverurl “https://Mycompany.com”

Session Policy (IE8, IE9, IE10, IE11 and FireFox Using Microsoft Windows as OS):
add vpn sessionPolicy RfW_Win “REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS && REQ.HTTP.HEADER User-Agent NOTCONTAINS \’MSIE 7\’ && REQ.HTTP.HEADER User-Agent CONTAINS Windows && REQ.IP.DESTIP == 11.12.13.14” Receiver_for_Web
Session Policy (Chrome Browser Using a Windows OS):
add vpn sessionPolicy RfW_Win_Chrome “REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS && REQ.HTTP.HEADER User-Agent CONTAINS Chrome && REQ.HTTP.HEADER User-Agent CONTAINS Windows && REQ.IP.DESTIP == 11.12.13.14” Receiver_for_Web
Session Policy (Receiver For Web using a Macintosh client):
add vpn sessionPolicy RfW_Mac “REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS && REQ.HTTP.HEADER User-Agent CONTAINS Macintosh && REQ.IP.DESTIP == 11.12.13.14” Receiver_for_Web
Session Policy (Receiver For Web using Chrome Browser on Linux clients as UBUNTU…):
add vpn sessionPolicy RfW_Chrome_Linux “REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS && REQ.HTTP.HEADER User-Agent CONTAINS Chrome && REQ.HTTP.HEADER User-Agent CONTAINS Linux && REQ.IP.DESTIP == 11.12.13.14” Receiver_for_Web

4. Receiver for Windows 8/RT
Session Profile:
add vpn sessionAction WinRT -sessTimeout 720 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -homePage “https://Mycompany.com/Citrix/MyStoreWeb” -icaProxy OFF -wihome “https://Mycompany.com/Citrix/MyStoreWeb” -ntDomain MyDomainName -clientlessVpnMode ON -clientlessModeUrlEncoding TRANSPARENT -clientlessPersistentCookie DENY -SecureBrowse ENABLED -Native_Receiverurl “https://Mycompany.com”
Session Policy (Windows 8/RT):
add vpn sessionPolicy WinRT “REQ.HTTP.HEADER User-Agent CONTAINS WindowsRT && REQ.IP.DESTIP == 11.12.13.14” WinRT