Let’s suppose your are using public IPs internally (internal network) and even the callback IP on the VPX is configured using a public IP as well (due Company restrictions, It’s nothing you can affect, really).
Citrix is of course recommending using internal IPs instead, otherwise you’ll face a lot of issues on (Access Gateway integration with Storefront). Remember that the problem is only affecting the receiver for web Component, not the native receiver. Note that configuring the Subnet IP on Storefront Access Gateways does not help.

The problem in this case is that access gateway is not able to pass any of the following headers to Storefront:


To solve this, you need to create two rewrite policies and bind them to your AGvServer. Let’s configure a rewrite policy to insert the X-CITRIX-VIA header and an other one to configure the X-CITRIX-VIA-VIP header:

add rewrite action ns_rw_xcitrixvia_act insert_http_header X-Citrix-Via “\”FQDN OF YOUR EXTERNAL AGvSERVER\”” -bypassSafetyCheck YES

add rewrite action ns_rw_xcitrixviavip_act insert_http_header X-Citrix-Via-Vip “\”IP OF YOUR EXTERNAL AGvSERVER\”” -bypassSafetyCheck YES

add rewrite policy ns_rw_xcitrixvia_pol “HTTP.REQ.HEADER(\”Referer\”).EXISTS” ns_rw_xcitrixvia_act

add rewrite policy ns_rw_xcitrixviavip_pol “HTTP.REQ.HEADER(\”Referer\”).EXISTS” ns_rw_xcitrixvia_vip

bind vpn vserver Name_of_AGvserver -policy ns_rw_xcitrixvia_pol -priority 10 -gotoPriorityExpression NEXT -type REQUEST

bind vpn vserver Name_of_AGvserver -policy ns_rw_xcitrixviavip_pol -priority 20 -gotoPriorityExpression END -type REQUEST