Name for the Citrix Gateway virtual server. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Can be changed after the virtual server is created. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my server" or 'my server').
This is mandatory parameter.

Protocol used by the Citrix Gateway virtual server.
This is mandatory parameter.
Default value = NSSVC_SSL.

IPv4 or IPv6 address of the Citrix Gateway virtual server. Usually a public IP address. User devices send connection requests to this IP address.

Range of Citrix Gateway virtual server IP addresses. The consecutively numbered range of IP addresses begins with the address specified by the IP Address parameter. In the configuration utility, select Network VServer to enter a range.
Default value = 1.
Minimum value = 1.

TCP port on which the virtual server listens.
Range 1 - 65535.

The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current vpn vserver

State of the virtual server. If the virtual server is disabled, requests are not processed.
Default value = ENABLED.

Require authentication for users connecting to Citrix Gateway.
Default value = ON.

Use the Citrix Gateway appliance in a double-hop configuration. A double-hop deployment provides an extra layer of security for the internal network by using three firewalls to divide the DMZ into two stages. Such a deployment can have one appliance in the DMZ and one appliance in the secure network.
Default value = DISABLED.

Maximum number of concurrent user sessions allowed on this virtual server. The actual number of users allowed to log on to this virtual server depends on the total number of user licenses.

- When set to ON, it implies Basic mode where the user can log on using either Citrix Receiver or a browser and get access to the published apps configured at the XenApp/XenDEsktop environment pointed out by the WIHome parameter. Users are not allowed to connect using the Citrix Gateway Plug-in and end point scans cannot be configured. Number of users that can log in and access the apps are not limited by the license in this mode. - When set to OFF, it implies Smart Access mode where the user can log on using either Citrix Receiver or a browser or a Citrix Gateway Plug-in. The admin can configure end point scans to be run on the client systems and then use the results to control access to the published apps. In this mode, the client can connect to the gateway in other client modes namely VPN and CVPN. Number of users that can log in and access the resources are limited by the CCU licenses in this mode.
Default value = OFF.

This option determines if an existing ICA Proxy session is transferred when the user logs on from another device.
Default value = OFF.

This option starts/stops the turn service on the vserver
Default value = ON.

This option enables/disables seamless SSO for this Vserver.
Default value = OFF.

Indicates whether device certificate check as a part of EPA is on or off.
Default value = OFF.

Name of the certificate key that was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate

Close existing connections when the virtual server is marked DOWN, which means the server might have timed out. Disconnecting existing connections frees resources and in certain cases speeds recovery of overloaded load balancing setups. Enable this setting on servers in which the connections can safely be closed when they are marked DOWN. Do not enable DOWN state flush on servers that must complete their transactions.
Default value = ENABLED.

String specifying the listen policy for the Citrix Gateway virtual server. Can be either a named expression or an expression. The Citrix Gateway virtual server processes only the traffic for which the expression evaluates to true.
Default value = "none".

Integer specifying the priority of the listen policy. A higher number specifies a lower priority. If a request matches the listen policies of more than one virtual server, the virtual server whose listen policy has the highest priority (the lowest priority number) accepts the request.
Default value = 101.
Maximum value = 100.

Name of the TCP profile to assign to this virtual server.

Name of the HTTP profile to assign to this virtual server.
Default value = "nshttp_default_strict_validation".

Any comments associated with the virtual server.

Log AppFlow records that contain standard NetFlow or IPFIX information, such as time stamps for the beginning and end of a flow, packet count, and byte count. Also log records that contain application-level information, such as HTTP web addresses, HTTP request methods and response status codes, server response time, and latency.
Default value = ENABLED.

Criterion for responding to PING requests sent to this virtual server. If this parameter is set to ACTIVE, respond only if the virtual server is available. With the PASSIVE setting, respond even if the virtual server is not available.
Default value = NS_VSR_PASSIVE.

A host route is injected according to the setting on the virtual servers. * If set to PASSIVE on all the virtual servers that share the IP address, the appliance always injects the hostroute. * If set to ACTIVE on all the virtual servers that share the IP address, the appliance injects even if one virtual server is UP. * If set to ACTIVE on some virtual servers and PASSIVE on the others, the appliance injects even if one virtual server set to ACTIVE is UP.
Default value = NS_VSR_PASSIVE.

The name of the network profile.

When client requests ShareFile resources and Citrix Gateway detects that the user is unauthenticated or the user session has expired, disabling this option takes the user to the originally requested ShareFile resource after authentication (instead of taking the user to the default VPN home page)
Default value = ENABLED.

Configure secure private access
Default value = DISABLED.

By default, an access restricted page hosted on secure private access CDN is displayed when a restricted app is accessed. The setting can be changed to NS to display the access restricted page hosted on the gateway or OFF to not display any access restricted page.
Default value = NS_ACCESS_RESTRICTED_PAGE_REDIRECT_CDN.

Maximum number of logon attempts
Minimum value = 1.
Maximum value = 255.

Number of minutes an account will be locked if user exceeds maximum permissible attempts
Minimum value = 1.

Use Layer 2 parameters (channel number, MAC address, and VLAN ID) in addition to the 4-tuple (::::) that is used to identify a connection. Allows multiple TCP and non-TCP connections with the same 4-tuple to coexist on the Citrix ADC.

Default value = NS_DEPTYPE_NONE.

Name of the RDP server profile associated with the vserver.

Option to set plugin upgrade behaviour for Win

Option to set plugin upgrade behaviour for Linux

Option to set plugin upgrade behaviour for Mac

Option to VPN plugin behavior when smartcard or its reader is removed
Default value = OFF.

Authentication Profile entity on virtual server. This entity can be used to offload authentication to AAA vserver for multi-factor(nFactor) authentication

Fully qualified domain name for a VPN virtual server. This is used during StoreFront configuration generation.

Name of the PCoIP vserver profile associated with the vserver.

SameSite attribute value for Cookies generated in VPN context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite

Name of the QUIC profile to assign to this virtual server.

Enable device posture
Default value = DISABLED.