Connectivity requirements


General requirements

  • Ensure you have a DHCP server in your network environment for dynamic IP and DNS address assignments. Some resource locations or blueprints do not support using static IP addresses for VMs. 
  • Configure dynamic IP and DNS addressing for Internet Protocol Version 4 (IPv4) to obtain IP and DNS addresses automatically from the DHCP server. To do this, perform the following actions:
    1. Click Start > Control Panel > Network and Internet > Network and Sharing Center.
    2. From the left pane, click Change adapter settings, right-click the network adapter and select Properties.
    3. Select Internet Protocol Version 4 (IPv4) and then click Properties.
    4. On the General tab, verify the Obtain an IP address automatically and Obtain DNS server address automatically settings are selected.

      Note: Smart Tools supports Internet Protocol version 4 (IPv4) only. Internet Protocol Version 6 (IPV6) is not supported.
  • On Windows systems, verify the password for the local Administrator account does not require changing: From Computer Management > System Tools > Local Users and Groups, under Administrator Properties, ensure that The User must change password at next logon option is not selected.
  • Ensure that the machines in your resource location are connected to the Internet. Some blueprints need to download ISO images, support files, or other software during the deployment process.

Port requirements

The Citrix Smart Tools Agent requires access over port 443 (outbound HTTPS) across the Internet to the following domains:


Ensure the machines hosting the Smart Tools Agent are able to resolve external DNS names. Communication between your server and Citrix Smart Tools occurs over port 443 (outbound HTTPS) only. 

On Windows, ensure that the Remote Desktop Protocol (RDP) service is enabled and TCP 3389 port is not blocked by a firewall.

Port requirement for auto-install

Citrix Smart Tools includes an auto-install function that automatically installs the agent on new and existing servers in your resource location.  On Linux, inbound access over port 22 (SSH) is required for agent auto-install. On Windows, inbound access over port 3389 (RDP) is required for agent auto-install.  

After the agent is installed, you can shut down these ports (if required) as further communication between your servers and Citrix Smart Tools occurs over port 443 (outbound HTTPS) only. For more information, see the Smart Tools Agent section.

For Citrix XenServer resource locations: If a Windows machine acts as a connector, ensure that Windows Management Instrumentation (WMI) and inbound connections on TCP port 135 (DCOM port) are enabled on your Windows VM template. If a Linux machine acts as a connector, ensure that Remote Desktop Services and inbound connections on TCP port 3389 are enabled on your Windows VM template. For more information, see Automatic Agent installation on Citrix XenServer provisioned VMs

Firewall requirements

Ensure that the firewall allows SSL traffic from your servers to the Citrix Smart Tools domains (specified in the Port requirements section) over port 443 (outbound HTTPS).

Proxy requirements

Citrix Smart Tools agent can function behind proxy servers, if the proxy servers do not inspect SSL traffic. If your servers are running behind a proxy, specify the proxy with basic authentication credentials (username and password) to allow the Citrix Smart Tools agent to access the Internet over outbound HTTPS. Set the environment variables on the server, where the installed agent can recognize the proxy server using basic authentication. 

On Linux, the Citrix Smart Tools agent uses the following environment variables (not case sensitive):

  • HTTPS_PROXY=<proxyserver_ip_address>:443
  • HTTPS_PROXY_USERNAME=<myusername>
  • HTTPS_PROXY_PASSWORD=<mypassword>

If your proxy server does not have authentication, it will pass traffic over HTTPS through your proxy to the public Internet. If your proxy has basic authentication, then source the environment variables for basic authentication for the agent. If you are using an authentication other than basic (for example, NTLM), the agent traffic will fail authentication. 

Note: The agent does not work with HTTPS proxy content inspection on the SSL session. If the proxy has content inspection, set up a rule on the proxy to pass traffic from the servers where the agent is installed.

Share debug log files with Citrix Support

If your servers do not appear in the Citrix Smart Tools user interface (UI) after installing the agent, contact Citrix customer support. The Citrix customer support team may request a copy of the agent log files to debug the problem.  

To send the agent log files to Citrix Support:

  1. Log in to the server that is unable to connect to Citrix Smart Tools.
  2. On Linux, go to: /opt/citrix/lifecycle-management

    On Windows, go to: C:\Program Files (x86)\Citrix\LifecycleManagement
  3. Copy the connector.log file to your local machine, for example:

    On Linux:

    cp connector.log log.txt

    On Windows:

    copy connector.log log.txt
  4. Send the log.txt file to