Secure Gateway
Secure Gateway 3_3
This article describes how to configure automatic HTTP port 80 redirection to HTTPS port 443 for on a server in which Secure Gateway and Web Interface ...


This article describes how to configure automatic HTTP port 80 redirection to HTTPS port 443 for a server in which Secure Gateway and Web Interface are both installed.

To redirect listening local port 80 / HTTP to port 443 / HTTPS, you must have a redirection page listening on port 80. If this page is the same as the Web Interface page, which needs to listen on an accessible HTTP port, there will be a conflict. Only one service or main page can listen on the same port.

This situation is typical for a server placed in a Demilitarized Zone (DMZ), where it has a purpose for external access only on port 443 / HTTPS but can be accessible on port 80 / HTTP. This design always opens secure HTTPS connections when users enter HTTP links.


Use a different listening port within Internet Information Services (IIS) for the Web Interface page. The unsecure port would not be used because you need to redirect this port to secure access using HTTPS. Use any free port on the server.

The following example procedure uses port 8080:
  1. Open IIS manager and create new Web page.

  2. Set the listening port to 8080 during the wizard.

  3. Name it WI.

    User-added image
  4. Create a new Web Interface page in the Access Management Console and select the NEW page.

  5. Confirm all other necessary settings for the page.

    User-added image
  6. Return to IIS Manager and open Properties of the page.

  7. Set redirection to the Secure Gateway’s https address / externally accessible Fully Qualified Domain Name (FQDN).
    As Secure Gateway is listening on the same server on HTTPS port 443, do not set port 443 for this page (or any other page).
    Do not import SSL certificates to this IIS page.
    As Secure Gateway is not an IIS service, if IIS attempts to listen on secure port 443, it would block Secure Gateway and create a conflict between both services.

    User-added image
  8. Run Secure Gateway, assign the certificate, and choose the 443 port.

  9. In the section specifying the Web Interface page / server, select the destination port 8080 of the WI page.

    User-added image
  10. Finish the wizard and test the server connection with a client computer.

  11. Ensure that the client has access and can resolve the FQDN on both of the HTTP and HTTPS ports.
    In addition, the Web Interface on port 8080 can be blocked by a firewall, or block incoming IP ranges in such a manner to only allow the same server’s IP address configured in the IIS page > Properties > Settings. The blocking of an unsecure port prevents anyone using a non-encrypted method from accessing the server.


Join the conversation

Citrix Discussions

Open a case

Citrix Support