Telework at VA
Citrix SSO enables secure access to business critical applications, virtual desktops, and corporate data from anywhere at anytime, providing an optimal user experience with Citrix Gateway. Citrix SSO 1.0.0 Features: - Full layer 3 connectivity for secure traffic - Per-app configuration flexibility (Provisioning support through MDM systems. VA Remote Access Information. A resource for employees to connect remotely using Cisco AnyConnect VPN (also referred to as RESCUE) or the Citrix Access Gateway (CAG). If you are experiencing problems connecting, please contact the Enterprise Service Desk at 855-673-4357 (TTY: 1-844-224-6186). As a first-time user, you can download Citrix Workspace app for Mac from Citrix.com or your own download site. You can then set up an account by entering an email address instead of a server URL. Citrix Workspace app for Mac determines the Citrix Gateway or StoreFront server associated with the email address.
Telework is governed by VA Handbook 5011/26/31 Part II Chapter 4.
Employees working with their supervisor would need to determine telework suitability and eligibility to telework. Once determined telework eligible the employee would need to fill out VA Form 0740 Telework Agreement, the Telework Notification Letter – Employee Eligible to Telework, and you will need to complete Talent Management System (TMS) training as follows:
- All managers must complete TMS Course VA1366994 — Telework Training Module for Managers.
- All employees requesting telework must complete
- TMS Course VA1367006—Telework training module for employees
- TMS Course VA10176—VA Privacy and Information Security Awareness and Rules of Behavior
- TMS Course VA10203 Privacy and HIPAA Training
Additional information on telework can be found Office of Human Resources Management Telework webpage ( only available while on VA's internal network) and OPM’s Telework website.
VA Remote Access
VA Handbook 6500 identifies the compliance requirements for VA remote access users.
VA supports remote access with two different applications 1. Citrix Access Gateway (CAG) and 2. CISCO RESCUE VPN Client. The Citrix Access Gateway is designed for users that do not have VA Government Furnished Equipment (GFE) – CAG is a good option to allow users access to general applications such as email and chat. The CISCO RESCUE VPN Client is only for use on VA Government Furnished Equipment (GFE) and is installed on all GFE laptops. Users would still need to request remote access and have their remote access accounts enabled for use with either CAG or RESCUE.
You may request remote access by visiting the Remote Access Self Service Portal ( only available while on VA's internal network).
Please note the Self-Service Portal is only accessible from within the VA network, it is not externally accessible. If you require technical support, please reference the FAQs and other supporting documentation found at https://raportal.vpn.va.gov or contact the Enterprise Service Desk (855) 673-4357.
Software, supporting documentation, FAQs and general information are hosted at the VA’s Remote Access Information and Media Portal. Please ensure you have Transport Layer Security (TLS) 1.1 enabled on your web browser before attempting to access this site. To enable TLS within Internet Explorer: Select ‘Tools’, then ‘Internet Options’, then the ‘Advanced’ tab. Enable the checkbox for ‘Use TLS 1.1’ (found towards the end of the list).
How do users or facilities request equipment if they require VPN access?
- Click the “Your IT” Icon on your desktop or go to YourIT Services ( only available while on the VA’s internal network)
- Click “Make a Request”
- Click “Computer Services,” under categories
- Click on “OIT Equipment and Software”
- Complete all required fields.
- Tag request for COVID in “Justification,” field
If you do not require VPN, use the CAG process.
The following errors are displayed:
Cannot connect to NetScaler Gateway. Contact your help desk with following information: Endpoint analysis process failed.
3006: The plug-in failed to start. Contact your help desk or system administrator.
Solution
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
To resolve this issue ensure that the preauthentication policy and NetScaler Gateway plug-in are correctly configured.
Citrix Access Gateway Download Mac Download
In this article a File Exist Policy for preauthentication is used to illustrate the correct configuration.
Create the preauthentication policy and bind it to the NetScaler Gateway virtual server.
For more information refer to Citrix Documentation - Configuring Preauthentication Policies and Profiles.
Note: Ensure that you enable Smart Access Mode.Download and install the Citrix NetScaler Gateway Plug-in for MAC OS X.
Create a file on the MAC OS X. Currently, the only supported directory is the /Library directory.
In this example /Library/test.txt is created.Run Citrix NetScaler Gateway Plug-in.
Select EditConnections.
Enter a name for this connection in the Connections tab.
Note: This need not be an FQDN. The FQDN is added as a placeholder for reference.Specify the FQDN for the NetScaler Gateway virtual server in the Connections tab.
Note: Do not use http or https when specifying the FQDN.If two-factor authentication is used, select Show secondary password field check-box.
Close the Preferences Window and select the new site to start the log on process.
If you are using a preauthentication policy, then the following screen appears for logon:
Problem Cause
This error is usually observed when preauthentication policy or NetScaler Gateway plug-in is in correctly configured.
Additional Resources
In the NetScaler command line interface, you can run the following command to view the failed EPA scans:
tail -f /var/log/ns.log | grep EVAL
The EPA scans that pass will not show in this log.
Citrix Gateway Download Windows 10
For more information about EPA, refer to Citrix Documentation - Configuring Endpoint Polices.