Role of Spoofed IP address in FQDN Based Tunneling

citrix logo header


Role of Spoofed IP address in FQDN Based Tunneling

Applicable Products : Citrix ADCCitrix Gateway

By design, if there’s any hostname-based application configured on ADC then client adds a concept of Spoofed IP range [ used on client side for masking the DNS resolutions]. Based on VPN plugin’s architecture, this spoofed IP range (a configurable range on ADC) should be disjoint from any intranet application present on ADC. If not, then that particular intranet resource access will be affected, and end-users won’t be able to access those resources. If there’s no separate configuration made for FQDN spoofed IP range, then is used by default. If the network setup clashes with the same [ either with intranet applications on ADC or local subnet on client machine or any NAT’ing done] then the spoofed Ip range should be reconfigured on the ADC by setting a new range that is not being used in the internal network. Required configuration is set vpn parameter -fqdnSpoofedIP -netmask Reference engineering ticket – NSHELP-23912

Read full article (

All content and images belong to their respected owners, this article is curated for informational purposes only.

Leave a Reply
Previous Post
citrix logo header

Secure Mail – missing from Google Play Store

Next Post
citrix logo header

Workspace App for Mac – Known Issue – March 23rd 2023

Related Posts