Add SSL VPN configuration Object.

Invoke-ADCAddVpnvserver [-Name] <String> [-Servicetype] <String> [[-Ipv46] <String>] [[-Range] <Double>]
 [[-Port] <Int32>] [[-Ipset] <String>] [[-State] <String>] [[-Authentication] <String>] [[-Doublehop] <String>]
 [[-Maxaaausers] <Double>] [[-Icaonly] <String>] [[-Icaproxysessionmigration] <String>] [[-Dtls] <String>]
 [[-Loginonce] <String>] [[-Advancedepa] <String>] [[-Devicecert] <String>] [[-Certkeynames] <String>]
 [[-Downstateflush] <String>] [[-Listenpolicy] <String>] [[-Listenpriority] <Double>]
 [[-Tcpprofilename] <String>] [[-Httpprofilename] <String>] [[-Comment] <String>] [[-Appflowlog] <String>]
 [[-Icmpvsrresponse] <String>] [[-Rhistate] <String>] [[-Netprofile] <String>]
 [[-Cginfrahomepageredirect] <String>] [[-Maxloginattempts] <Double>] [[-Failedlogintimeout] <Double>]
 [[-L2conn] <String>] [[-Deploymenttype] <String>] [[-Rdpserverprofilename] <String>]
 [[-Windowsepapluginupgrade] <String>] [[-Linuxepapluginupgrade] <String>] [[-Macepapluginupgrade] <String>]
 [[-Logoutonsmartcardremoval] <String>] [[-Userdomains] <String>] [[-Authnprofile] <String>]
 [[-Vserverfqdn] <String>] [[-Pcoipvserverprofilename] <String>] [[-Samesite] <String>] [-PassThru] [-WhatIf]
 [-Confirm] [<CommonParameters>]

Configuration for VPN virtual server resource.

Invoke-ADCAddVpnvserver -name <string> -servicetype <string>

An example how to add vpnvserver configuration Object(s).

Name for the Citrix Gateway virtual server. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Can be changed after the virtual server is created.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Protocol used by the Citrix Gateway virtual server. Possible values = SSL, DTLS

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 3
Default value: SSL
Accept pipeline input: False
Accept wildcard characters: False

IPv4 or IPv6 address of the Citrix Gateway virtual server. Usually a public IP address. User devices send connection requests to this IP address.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Range of Citrix Gateway virtual server IP addresses. The consecutively numbered range of IP addresses begins with the address specified by the IP Address parameter. In the configuration utility, select Network VServer to enter a range.

Type: Double
Parameter Sets: (All)
Aliases:

Required: False
Position: 5
Default value: 1
Accept pipeline input: False
Accept wildcard characters: False

TCP port on which the virtual server listens.

• in CLI is represented as 65535 in NITRO API

Type: Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: 6
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current vpn vserver.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

State of the virtual server. If the virtual server is disabled, requests are not processed. Possible values = ENABLED, DISABLED

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 8
Default value: ENABLED
Accept pipeline input: False
Accept wildcard characters: False

Require authentication for users connecting to Citrix Gateway. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 9
Default value: ON
Accept pipeline input: False
Accept wildcard characters: False

Use the Citrix Gateway appliance in a double-hop configuration. A double-hop deployment provides an extra layer of security for the internal network by using three firewalls to divide the DMZ into two stages. Such a deployment can have one appliance in the DMZ and one appliance in the secure network. Possible values = ENABLED, DISABLED

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 10
Default value: DISABLED
Accept pipeline input: False
Accept wildcard characters: False

Maximum number of concurrent user sessions allowed on this virtual server. The actual number of users allowed to log on to this virtual server depends on the total number of user licenses.

Type: Double
Parameter Sets: (All)
Aliases:

Required: False
Position: 11
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

• When set to ON, it implies Basic mode where the user can log on using either Citrix Receiver or a browser and get access to the published apps configured at the XenApp/XenDEsktop environment pointed out by the WIHome parameter. Users are not allowed to connect using the Citrix Gateway Plug-in and end point scans cannot be configured. Number of users that can log in and access the apps are not limited by the license in this mode.
• When set to OFF, it implies Smart Access mode where the user can log on using either Citrix Receiver or a browser or a Citrix Gateway Plug-in. The admin can configure end point scans to be run on the client systems and then use the results to control access to the published apps. In this mode, the client can connect to the gateway in other client modes namely VPN and CVPN. Number of users that can log in and access the resources are limited by the CCU licenses in this mode. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 12
Default value: OFF
Accept pipeline input: False
Accept wildcard characters: False

This option determines if an existing ICA Proxy session is transferred when the user logs on from another device. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 13
Default value: OFF
Accept pipeline input: False
Accept wildcard characters: False

This option starts/stops the turn service on the vserver. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 14
Default value: ON
Accept pipeline input: False
Accept wildcard characters: False

This option enables/disables seamless SSO for this Vserver. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 15
Default value: OFF
Accept pipeline input: False
Accept wildcard characters: False

This option tells whether advanced EPA is enabled on this virtual server. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 16
Default value: OFF
Accept pipeline input: False
Accept wildcard characters: False

Indicates whether device certificate check as a part of EPA is on or off. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 17
Default value: OFF
Accept pipeline input: False
Accept wildcard characters: False

Name of the certificate key that was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 18
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Close existing connections when the virtual server is marked DOWN, which means the server might have timed out. Disconnecting existing connections frees resources and in certain cases speeds recovery of overloaded load balancing setups. Enable this setting on servers in which the connections can safely be closed when they are marked DOWN. Do not enable DOWN state flush on servers that must complete their transactions. Possible values = ENABLED, DISABLED

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 19
Default value: ENABLED
Accept pipeline input: False
Accept wildcard characters: False

String specifying the listen policy for the Citrix Gateway virtual server. Can be either a named expression or an expression. The Citrix Gateway virtual server processes only the traffic for which the expression evaluates to true.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 20
Default value: "none"
Accept pipeline input: False
Accept wildcard characters: False

Integer specifying the priority of the listen policy. A higher number specifies a lower priority. If a request matches the listen policies of more than one virtual server, the virtual server whose listen policy has the highest priority (the lowest priority number) accepts the request.

Type: Double
Parameter Sets: (All)
Aliases:

Required: False
Position: 21
Default value: 101
Accept pipeline input: False
Accept wildcard characters: False

Name of the TCP profile to assign to this virtual server.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 22
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Name of the HTTP profile to assign to this virtual server.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 23
Default value: "nshttp_default_strict_validation"
Accept pipeline input: False
Accept wildcard characters: False

Any comments associated with the virtual server.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 24
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Log AppFlow records that contain standard NetFlow or IPFIX information, such as time stamps for the beginning and end of a flow, packet count, and byte count. Also log records that contain application-level information, such as HTTP web addresses, HTTP request methods and response status codes, server response time, and latency. Possible values = ENABLED, DISABLED

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 25
Default value: ENABLED
Accept pipeline input: False
Accept wildcard characters: False

Criterion for responding to PING requests sent to this virtual server. If this parameter is set to ACTIVE, respond only if the virtual server is available. With the PASSIVE setting, respond even if the virtual server is not available. Possible values = PASSIVE, ACTIVE

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 26
Default value: PASSIVE
Accept pipeline input: False
Accept wildcard characters: False

A host route is injected according to the setting on the virtual servers.

• If set to PASSIVE on all the virtual servers that share the IP address, the appliance always injects the hostroute.
• If set to ACTIVE on all the virtual servers that share the IP address, the appliance injects even if one virtual server is UP.
• If set to ACTIVE on some virtual servers and PASSIVE on the others, the appliance injects even if one virtual server set to ACTIVE is UP. Possible values = PASSIVE, ACTIVE

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 27
Default value: PASSIVE
Accept pipeline input: False
Accept wildcard characters: False

The name of the network profile.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 28
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

When client requests ShareFile resources and Citrix Gateway detects that the user is unauthenticated or the user session has expired, disabling this option takes the user to the originally requested ShareFile resource after authentication (instead of taking the user to the default VPN home page). Possible values = ENABLED, DISABLED

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 29
Default value: ENABLED
Accept pipeline input: False
Accept wildcard characters: False

Maximum number of logon attempts.

Type: Double
Parameter Sets: (All)
Aliases:

Required: False
Position: 30
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

Number of minutes an account will be locked if user exceeds maximum permissible attempts.

Type: Double
Parameter Sets: (All)
Aliases:

Required: False
Position: 31
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

Use Layer 2 parameters (channel number, MAC address, and VLAN ID) in addition to the 4-tuple (<source IP>:<source port>::<destination IP>:<destination port>) that is used to identify a connection. Allows multiple TCP and non-TCP connections with the same 4-tuple to coexist on the Citrix ADC. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 32
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

. Possible values = NONE, ICA_WEBINTERFACE, ICA_STOREFRONT, MOBILITY, WIONNS

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 33
Default value: 5
Accept pipeline input: False
Accept wildcard characters: False

Name of the RDP server profile associated with the vserver.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 34
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Option to set plugin upgrade behaviour for Win. Possible values = Always, Essential, Never

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 35
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Option to set plugin upgrade behaviour for Linux. Possible values = Always, Essential, Never

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 36
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Option to set plugin upgrade behaviour for Mac. Possible values = Always, Essential, Never

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 37
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Option to VPN plugin behavior when smartcard or its reader is removed. Possible values = ON, OFF

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 38
Default value: OFF
Accept pipeline input: False
Accept wildcard characters: False

List of user domains specified as comma seperated value.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 39
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Authentication Profile entity on virtual server. This entity can be used to offload authentication to AAA vserver for multi-factor(nFactor) authentication.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 40
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Fully qualified domain name for a VPN virtual server. This is used during StoreFront configuration generation.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 41
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Name of the PCoIP vserver profile associated with the vserver.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 42
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

SameSite attribute value for Cookies generated in VPN context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite. Possible values = None, LAX, STRICT

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 43
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Return details about the created vpnvserver item.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

File Name : Invoke-ADCAddVpnvserver Version : v2111.2521 Author : John Billekens Reference : https://developer-docs.citrix.com/projects/citrix-adc-nitro-api-reference/en/latest/configuration/vpn/vpnvserver/ Requires : PowerShell v5.1 and up ADC 13.x and up. ADC 12 and lower may work, not guaranteed.

https://blog.j81.nl