If the method succeeds, rc is 0 else rc > 0. Values above 0x8000 indicate Warnings.

If the method succeeds, message is NULL else message contains Error/Warning message.

List of vpnparameters

The VPN name.

The HTTP Port.

The WINS server IP address used for WINS host resolution by the VPN.

The configured DNS vserver used for DNS host resolution by the VPN.

The VPN client SplitDns state.

RADIUS policy to use for user accounting

The session timeout, in minutes.

The client security check applied to client sessions. This is in the form of an expression. Expressions are simple conditions, such as a test for equality, applied to operands, such as a URL string or an IP address. Expression syntax is described in the Installation and Configuration Guide.

The client security group that will be assigned on failure of the client security check. Users can in general be organized into Groups. In this case, the Client Security Group may have a more restrictive security policy.

The client security message that will be displayed on failure of the client security check.

Specifies whether or not to display all failed Client Security scans to the end user

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Send, through the tunnel, traffic only for intranet applications that are defined in Citrix Gateway. Route all other traffic directly to the Internet. The OFF setting routes all traffic through Citrix Gateway. With the REVERSE setting, intranet applications define the network traffic that is not intercepted. All network traffic directed to internal IP addresses bypasses the VPN tunnel, while other traffic goes through Citrix Gateway. Reverse split tunneling can be used to log all non-local LAN traffic. For example, if users have a home network and are logged on through the Citrix Gateway Plug-in, network traffic destined to a printer or another device within the home network is not intercepted.

Set local LAN access. If split tunneling is OFF, and you set local LAN access to ON, the local client can route traffic to its local interface. When the local area network switch is specified, this combination of switches is useful. The client can allow local LAN access to devices that commonly have non-routable addresses, such as local printers or local file servers.

Only allow RFC1918 local addresses when local LAN access feature is enabled.

Controls the Spoofing of Intranet IP to the Windows Applications by Windows VPN client when the end-user is connected to SSL VPN in '-splittunnel OFF' mode.
NOTE: This attribute is deprecated.
This argument is deprecated since snoofip is no longer supported.

Determines whether Windows VPN client should kill all pre-existing connections; (for example, the connections existing before the end user logged in to SSL VPN) and prevent new incoming connections on the Windows Client system when the end user is connected to SSL VPN in '-splittunnel OFF' mode.

Allow access to network resources by using a single IP address and subnet mask or a range of IP addresses. The OFF setting sets the mode to proxy, in which you configure destination and source IP addresses and port numbers. If you are using the Citrix Gateway Plug-in for Windows, set this parameter to ON, in which the mode is set to transparent. If you are using the Citrix Gateway Plug-in for Java, set this parameter to OFF.

The windows client type.
NOTE: This attribute is deprecated.
This argument is deprecated since ActiveX is no longer supported.

The Authentication Action, such as allow or deny.

The authorization group applied to the session.

The client idle timeout, in minutes.

The time after which the client gets a timeout warning, in minutes.

Proxy configuration for the session.

Address set for all proxies.

IP address of the proxy server to be used for HTTP access for all subsequent connections to the internal network.

IP address of the proxy server to be used for FTP access for all subsequent connections to the internal network.

IP address of the proxy server to be used for SOCKS access for all subsequent connections to the internal network.

IP address of the proxy server to be used for GOPHER access for all subsequent connections to the internal network.

IP address of the proxy server to be used for SSL access for all subsequent connections to the internal network.

The Proxy Exception string that is configured in the Browser for bypassing the previously configured proxies. Allowed only if proxy type is Browser.

Bypass proxy server for local addresses option in Internet Explorer and Firefox proxy server settings.

Prompt for client-side cache clean-up when a client-initiated session closes.

Whether or not to force a cleanup on exit from the VPN session.

List of configured buttons(and/or menu options in the docked client) in the Windows VPN client.
NOTE: This attribute is deprecated.
This argument is deprecated .

List of configured tabs in the Windows VPN client.

Enable or Disable Single Sign-On.

Specify whether to use the primary or secondary authentication credentials for single sign-on to the server.

Enable or Disable Windows Auto Logon.

Enables or disables the use of a Mapped IP address for the session.

Define IP address pool options. Available settings function as follows: * SPILLOVER - When an address pool is configured and the mapped IP is used as an intranet IP address, the mapped IP address is used when an intranet IP address cannot be assigned. * NOSPILLOVER - When intranet IP addresses are enabled and the mapped IP address is not used, the Transfer Login page appears for users who have used all available intranet IP addresses. * OFF - Address pool is not configured.

Whether or not to add debugging information to the activity log on the client.
NOTE: This attribute is deprecated.
This argument is deprecated .

Path to the logon script that is run when a session is established. Separate multiple scripts by using comma. A "$" in the path signifies that the word following the "$" is an environment variable.

Path to the logout script. Separate multiple scripts by using comma. A "$" in the path signifies that the word following the "$" is an environment variable.

The home page URL, or 'none'. 'none' is case sensitive.

Enable ICA proxy to configure secure Internet access to servers running Citrix XenApp or XenDesktop by using Citrix Receiver instead of the Citrix Gateway Plug-in.

Web address of the Web Interface server, such as http:///Citrix/XenApp, or Receiver for Web, which enumerates the virtualized resources, such as XenApp, XenDesktop, and cloud applications. This web address is used as the home page in ICA proxy mode. If Client Choices is ON, you must configure this setting. Because the user can choose between FullClient and ICAProxy, the user may see a different home page. An Internet web site may appear if the user gets the FullClient option, or a Web Interface site if the user gets the ICAProxy option. If the setting is not configured, the XenApp option does not appear as a client choice.

Type of the wihome address(IPV4/V6)

Web address for the Citrix Receiver home page. Configure Citrix Gateway so that when users log on to the appliance, the Citrix Gateway Plug-in opens a web browser that allows single sign-on to the Citrix Receiver home page.

Layout on the Access Interface. The COMPACT value indicates the use of small icons.

Provide users with multiple logon options. With client choices, users have the option of logging on by using the Citrix Gateway Plug-in for Windows, Citrix Gateway Plug-in for Java, the Web Interface, or clientless access from one location. Depending on how Citrix Gateway is configured, users are presented with up to three icons for logon choices. The most common are the Citrix Gateway Plug-in for Windows, Web Interface, and clientless access.

Choose between two types of End point Windows Client a) Application Agent - which always runs in the task bar as a standalone application and also has a supporting service which runs permanently when installed b) Activex Control - ActiveX control run by Microsoft Internet Explorer.
NOTE: This attribute is deprecated.
This argument is not supported

The DNS suffix for the intranet IP address.

The time, in minutes after which a timeout is forced.

The time, in minutes, after which a timeout warning is issued.

Single sign-on domain to use for single sign-on to applications in the internal network. This setting can be overwritten by the domain that users specify at the time of logon or by the domain that the authentication server returns.

Whether clientless VPN is available to the session.

URL encoding to be used for clientless mode.

State of persistent cookies in clientless access mode. Persistent cookies are required for accessing certain features of SharePoint, such as opening and editing Microsoft Word, Excel, and PowerPoint documents hosted on the SharePoint server. A persistent cookie remains on the user device and is sent with each HTTP request. Citrix Gateway encrypts the persistent cookie before sending it to the plug-in on the user device, and refreshes the cookie periodically as long as the session exists. The cookie becomes stale if the session ends. Available settings function as follows: * ALLOW - Enable persistent cookies. Users can open and edit Microsoft documents stored in SharePoint. * DENY - Disable persistent cookies. Users cannot open and edit Microsoft documents stored in SharePoint. * PROMPT - Prompt users to allow or deny persistent cookies during the session. Persistent cookies are not required for clientless access if users do not connect to SharePoint.

Web address for the web-based email, such as Outlook Web Access.

Specify groups that have permission to log on to Citrix Gateway. Users who do not belong to this group or groups are denied access even if they have valid credentials.

Enable encryption of client security expressions.

The timeout value in seconds for tokens to access XenMobile applications

Validity of MDX Token in minutes. This token is used for mdx services to access backend and valid HEAD and GET request.

Set VPN UI Theme to Green-Bubble, Caxton or Custom; default is Caxton.

Allow users to connect through Citrix Gateway to network resources from iOS and Android mobile devices with Citrix Receiver. Users do not need to establish a full VPN tunnel to access resources in the secure network.

Web address for StoreFront to be used in this session for enumeration of resources from XenApp or XenDesktop.

The KCD account details to be used in SSO

checkversion api

Name of the RDP profile associated with the vserver.

Option to set plugin upgrade behaviour for Win

Option to set plugin upgrade behaviour for Mac

Option to set plugin upgrade behaviour for Linux

Option to decide whether to show plugin icon along with receiver icon

List of user domains specified as comma seperated value
NOTE: This attribute is deprecated.
Depricate UserDomains Option

Enable or disable ica session timeout. If enabled and in case AAA session gets terminated, ICA connections associated with that will also get terminated

Enable or disable HTTP tracking for packets proxied via vpn vserver using GSLB connection proxy feature.

Name of the AlwaysON profile. The builtin profile named none can be used to explicitly disable AlwaysON.

URL to auto proxy config file

Option to enable/disable Advanced ClientlessVpnMode. Additionaly, it can be set to STRICT to block Classic ClientlessVpnMode while in AdvancedClientlessMode.

Name of the PCOIP profile.

enables sni extension for backend server handshakes

enables backend server certificate validation

Enables or disables the secure private access configuration.

Enables or disables the strict endpoint or URL checking with respect to the configuration.

By default, an access restricted page hosted on secure private access CDN is displayed when a restricted app is accessed. The setting can be changed to NS to display the access restricted page hosted on the gateway or OFF to not display any access restricted page.

Indicates current bind type (Classic/Advanced) for VPN session policy across all bind entities

Count of VPN session policies across all bind entities

Spoofed IP address range that can be used by client for FQDN based split tunneling

The netmask for the spoofed ip address

SameSite attribute value for Cookies generated in VPN context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite

Maximum number of Intranet IP that can be assigned to a user from AAA group, VPN vserver or VPN global pool. This setting is not applicable for AAA user level Intranet IP configuration

Enable device posture

Enables DTLS 1.2 for backend server handshakes