If the method succeeds, rc is 0 else rc > 0. Values above 0x8000 indicate Warnings.

If the method succeeds, message is NULL else message contains Error/Warning message.

List of vpnvservers

Name of the Citrix Gateway virtual server for which to show detailed information.

The Virtual IP address of the VPN virtual server.

The IP address of the virtual server.

Indicates whether or not the certificate is bound or if SSL offload is disabled.

The virtual TCP port of the VPN virtual server.

The range of VPN virtual server IP addresses. The new range of VPN virtual servers will have IP addresses consecutively numbered, starting with the primary address specified with the argument.

The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current vpn vserver

The VPN virtual server's protocol type. Currently, the only possible value is SSL.

The type of virtual server; for example, CONTENT based or ADDRESS based.

The current state of the virtual server, as UP, DOWN, BUSY, and so on.

Whether or not this virtual server responds to ARPs and whether or not round-robin selection is temporarily in effect.

Virtual server cache type. The options are: TRANSPARENT, REVERSE, and FORWARD.

The cache redirect policy. The valid redirect policies are: l. CACHE - Directs all requests to the cache. 2. POLICY - Applies cache redirection policy to determine whether the request should be directed to the cache or origin. This is the default setting. 3. ORIGIN - Directs all requests to the origin server.

This argument is used only when configuring content switching on the specified virtual server. This is applicable only if both the URL and RULE-based policies have been configured on the same virtual server. It specifies the type of policy (URL or RULE) that takes precedence on the content switching virtual server. The default setting is RULE. l URL - In this case, the incoming request is matched against the URL-based policies before the rule-based policies. l RULE - In this case, the incoming request is matched against the rule-based policies before the URL-based policies. For all URL-based policies, the precedence hierarchy is: 1. Domain and exact URL 2. Domain, prefix, and suffix 3. Domain and suffix 4. Domain and prefix 5. Domain only 6. Exact URL 7. Prefix and suffix 8. Suffix only 9. Prefix only 10. Default

The URL where traffic is redirected if the virtual server in system becomes unavailable. WARNING! Make sure that the domain you specify in the URL does not match the domain specified in the -d domainName argument of the addcspolicy method. If the same domain is specified in both arguments, the request will be continuously redirected to the same unavailable virtual server in the system. If so, the user may not get the requested content.

Indicates whether or not authentication is being applied to incoming users to the VPN.

Indicates whether double-hop functionality is enabled or not.

Indicates whether an ICA only license feature is enabled or not.

This option determines if an existing ICA Proxy session is transferred when the user logs on from another device.

This option starts/stops Turn service on the vserver

This option enables/disables seamless SSO for this Vserver.

Indicates whether advanced EPA feature is enabled or not.
NOTE: This attribute is deprecated.
Depricated AdvanceEPA Option

Indicates whether device certificate check as a part of EPA is enabled or not.

Name of the certificate key which was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate

The maximum number of concurrent users allowed to log on into this virtual server at a time.

The number of current users logged on to this virtual server.

The total number of current users connected through this virtual server.

The domain name of the server for which a service needs to be added. If the IP address has been specified, the domain name does not need to be specified.

The name of the rule, or expression, if any, that policy for the VPN server is to use. Rules are combinations of expressions. Expressions are simple conditions, such as a test for equality, applied to operands, such as a URL string or an IP address. Expression syntax is described in the Installation and Configuration Guide. The default rule is true.

The name of the policy, if any, bound to the VPN virtual server.
NOTE: This attribute is deprecated.
Replaced by Policy field

The name of the policy, if any, bound to the VPN virtual server.

The name of the service, if any, to which the virtual server policy is bound.

Weight for this service, if any. This weight is used when the system performs load balancing, giving greater priority to a specific service. It is useful when the services bound to a virtual server are of different capacity.

The name of the default target cache virtual server, if any, to which requests are redirected.

The name of the backup VPN virtual server for this VPN virtual server.

Integer specifying the policy's priority. The lower the number, the higher the priority. Policies are evaluated in the order of their priority numbers. Maximum value for default syntax policies is 2147483647 and for classic policies is 64000.

The idle time, if any, in seconds after which the client connection is terminated.

VPN client applications are allocated from a block of intranet IP addresses. That block may be exhausted after a certain number of connections. This switch specifies the method used to determine whether or not a new connection will spill over, or exhaust, the allocated block of intranet IP addresses for that application. Possible values are CONNECTION or DYNAMICCONNECTION. CONNECTION means that a static integer value is the hard limit for the spillover threshold. The spillover threshold is described below. DYNAMICCONNECTION means that the spillover threshold is set according to the maximum number of connections defined for the VPN virtual server.

VPN client applications are allocated from a block of intranet IP addresses. That block may be exhausted after a certain number of connections. The value of this option is the number of client connections after which the mapped IP address is used as the client source IP address instead of an address from the allocated block of intranet IP addresses.

Whether or not cookie-based site persistance is enabled for this VPN vserver. Possible values are 'ConnectionProxy', HTTPRedirect, or NONE

The timeout, if any, for cookie-based site persistance of this VPN vserver.

The intranet VPN application.

The name of the next hop server bound to the VPN virtual server.

The intranet URL.

The network ID for the range of intranet IP addresses or individual intranet IP addresses to be bound to the virtual server.

The netmask of the intranet IP address or range.

The network id for the range of intranet IP6 addresses or individual intranet ip to be bound to the vserver.

The number of ipv6 addresses

Configured Secure Ticketing Authority (STA) server.

Type of the STA server address(ipv4/v6).

Authority ID of the STA Server. Authority ID is used to match incoming STA tickets in the SOCKS/CGP protocol with the right STA server.

State of the STA Server. If Authority ID is set then STA Server is UP else DOWN.

Configured App Controller server in XenMobile deployment.

Configured Secure Private Access URL

Configured ShareFile server in XenMobile deployment. Format IP:PORT / FQDN:PORT

Deprecated. See 'map' below.

Whether or not mapped IP addresses are ON or OFF. Mapped IP addresses are source IP addresses for the virtual servers running on the Citrix ADC. Mapped IP addresses are used by the system to connect to the backend servers.

Close existing connections when the virtual server is marked DOWN, which means the server might have timed out. Disconnecting existing connections frees resources and in certain cases speeds recovery of overloaded load balancing setups. Enable this setting on servers in which the connections can safely be closed when they are marked DOWN. Do not enable DOWN state flush on servers that must complete their transactions.

Bindpoint to which the policy is bound.

Next priority expression.

Tells whether traffic will continue reaching backup virtual servers even after the primary virtual server comes UP from DOWN state.

The string is listenpolicy configured for VPN vserver

This parameter is the priority for listen policy of VPN Vserver.

Name of the TCP profile to assign to this virtual server.

Name of the HTTP profile to assign to this virtual server.

Any comments associated with the virtual server.

Log AppFlow records that contain standard NetFlow or IPFIX information, such as time stamps for the beginning and end of a flow, packet count, and byte count. Also log records that contain application-level information, such as HTTP web addresses, HTTP request methods and response status codes, server response time, and latency.

Criterion for responding to PING requests sent to this virtual server. If this parameter is set to ACTIVE, respond only if the virtual server is available. With the PASSIVE setting, respond even if the virtual server is not available.

A host route is injected according to the setting on the virtual servers. * If set to PASSIVE on all the virtual servers that share the IP address, the appliance always injects the hostroute. * If set to ACTIVE on all the virtual servers that share the IP address, the appliance injects even if one virtual server is UP. * If set to ACTIVE on some virtual servers and PASSIVE on the others, the appliance injects even if one virtual server set to ACTIVE is UP.

The name of the network profile.

When client requests ShareFile resources and Citrix Gateway detects that the user is unauthenticated or the user session has expired, disabling this option takes the user to the originally requested ShareFile resource after authentication (instead of taking the user to the default VPN home page)

Configure secure private access

By default, an access restricted page hosted on secure private access CDN is displayed when a restricted app is accessed. The setting can be changed to NS to display the access restricted page hosted on the gateway or OFF to not display any access restricted page.

Maximum number of logon attempts

Number of minutes an account will be locked if user exceeds maximum permissible attempts

Binds the authentication policy as the secondary policy to use in a two-factor configuration. A user must then authenticate not only via a primary authentication method but also via a secondary authentication method. User groups are aggregated across both. The user name must be exactly the same for both authentication methods, but they can require different passwords.

Binds the authentication policy to a tertiary chain which will be used only for group extraction. The user will not authenticate against this server, and this will only be called if primary and/or secondary authentication has succeeded.

Option to set plugin upgrade behaviour for Win

Option to set plugin upgrade behaviour for Linux

Option to set plugin upgrade behaviour for Mac

Option to VPN plugin behavior when smartcard or its reader is removed

Advanced EPA profile to bind
NOTE: This attribute is deprecated.
Depricated AdvanceEPA Option

Mark the EPA profile optional for preauthentication EPA profile. User would be shown a logon page even if the EPA profile fails to evaluate.
NOTE: This attribute is deprecated.
Depricated AdvanceEPA Option

Name of the RDP server profile associated with the vserver.

Node group devno to which this authentication virtual sever belongs

State of the virtual server. If the virtual server is disabled, requests are not processed.

Use Layer 2 parameters (channel number, MAC address, and VLAN ID) in addition to the 4-tuple (::::) that is used to identify a connection. Allows multiple TCP and non-TCP connections with the same 4-tuple to coexist on the Citrix ADC.

Name of the portal theme bound to VPN vserver

Name of the EULA bound to VPN vserver

List of user domains specified as comma seperated value
NOTE: This attribute is deprecated.
Depricate UserDomains Option

Name of the CS vserver to which the VPN vserver is bound

Authentication Profile entity on virtual server. This entity can be used to offload authentication to AAA vserver for multi-factor(nFactor) authentication

Fully qualified domain name for a VPN virtual server. This is used during StoreFront configuration generation.

Name of the PCoIP vserver profile associated with the vserver.

Name of the analytics profile bound to the VPN Vserver

to determine if the configuration will have default ssl CIPHER and ECC curve bindings

SameSite attribute value for Cookies generated in VPN context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite

Name of the QUIC profile to assign to this virtual server.

Enable device posture

Name of the Secure Private Access profile bound to the vserver.

The bound Cache policy names.

The priorities of bound Cache policies.

The bindpoints of bound Cache policies.

The next_expr-s of bound CACHE policies.

The bound RW policy names.

The priorities of bound RW policies.

The next_expr-s of bound RW policies.

The bindpoints of bound RW policies.

The bound Responder policy names.

The priorities of bound Responder policies.

The next_expr-s of bound Responder policies.

The bindpoints of bound Responder policies.

The bound Appflow policy names.

The priorities of bound AppFlow policies.

The next_expr-s of bound AppFlow policies.

The bindpoints of bound CMP policies.

The bound SAML IdP policy names.

The priorities of bound SAML IdP policies.

The next_expression of bound SAML IdP policies.

The bound OAuth IdP policy names.

The priorities of bound OAuth IdP policies.

The next_expression of bound OAuth IdP policies.

The bound LoginSchema policy names.

The priorities of bound LoginSchema policies.

The next_expression of bound LoginSchema policies.

The bound CSW policy names.

The priorities of bound CSW policies.

The next_expr-s of bound CSW policies.

The bound Front End Optimization policy names.

The priorities of bound FEO policies.

The next_expr-s of bound FEO policies.

The bindpoints of bound FEO policies.

The bound ICA policy names.

The priorities of bound ICA policies.

The next_expr-s of bound ICA policies.

The priorities of bound application firewall policies.

The next_expr-s of bound Application firewall policies.