Citrix Gateway (or Citrix NetScaler Gateway) is an access gateway with SSL VPN solution, providing single sign-on (SSO) and authentication for remote end users of network assets.
$995
per month
Zscaler Private Access
Score 8.9 out of 10
N/A
Zscaler Private Access™ (ZPA) gives users secure access to private apps and OT devices while enabling zero trust connectivity for workloads.
N/A
Pricing
Citrix Gateway
Zscaler Private Access
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Citrix Gateway
Zscaler Private Access
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
Yes
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
The price for a Citrix Gateway (VPX) perpetual license is $995.00.
You must contact the sales team for subscription license pricing.
Citrix is used by everyone in our Company globally across departments, and provides a standardized, very clean, rarely-changing launchpad for all the common apps your team may need. It connects to Okta for necessary security. From my understanding, app assignment to users from the back end is also very simple. That being said, while the lack of changes over the years helps with guides and familiarity, Citrix is not without it's flaws that could use updating - apps refusing to open, scheduled app crashing at 12:00pm EST every day, setup being not as streamlined as it could be for new users, ease of use lacking on the desktop app, lack of accessible guides/quick walkthrough of what the platform is upon first login, etc. Overall, I look forward to improvements for Citrix, though overall I appreciate it's simplicity leading to visual ease of navigation.
Zscaler Private Access works really well in environments setup for FQDNs and where you know what users should/shouldn't be accessing on what ports. You can use Zscaler Private Access to figure out these kinds of features but that doesn't always mean you'll be correct. It also provides a consistent experience for users as they can access their materials anywhere. It also makes the user the last line of defense. If a user's account is compromised then the attacker has access to everything they already did. It doesn't work great in OT environments or Server based environments. Flows have to be initiated from the client and not the server for stuff to behave properly.
allows seamless use of 2-factor authentication for heightened security within the VPN, and lowers risk of an external hack because of it.
it allows for differing levels of security. access can be set specifically through the VPN so 2 users can use the same site and get different results depending on their active directory security policy.
It can grant the ability to launch a single application or an entire VPN envelope
Application Segmentation and Listener Configuration - The way applications are defined and listened for is fundamental to ZPA, but can be a source of frustration, especially when dealing with legacy or non-HTTP protocols
The ZCC is the user's primary gateway, but its control over local system network behavior can sometimes clash with enterprise requirements.
Citrix is a visually very clean platform, allowing for ease of use from even the least tech-savvy. That being said, the apps crashes a lot (scheduled or otherwise), and apps very often refuse to open from the dashboard, making for a frustrating/confusing experience from those who have not yet experienced these same issues daily for years now. The launcher app (for MacBook) leaves a lot to be desired in terms of both setup and daily use, making the web version more viable. First-time users are also often confused on what Citrix is - and how each app connects in order to open a program (explaining "log into Citrix on the web, then download the launcher app, then launch the Spectra app via Citrix web, which will open in the Citrix launcher app on your laptop to launch the app, but you have to paste in the URL again and log in again to access" is a handful)
The environment feels more secure, and we are seeing that users are adapting to it fast. The fact that we have tools to assist the users with their day-to-day access helps, as we can hand it off to the helpdesk without any escalations to the Network team. It is a work in progress for our agency, but we are seeing the benefits from the solution.
Support is pretty good and pretty fast to respond. I can't say I can really complain about the support experience I've had with them, as they've resolved issues within a reasonable time-frame. Of course, they could always be faster and better, but I think for what we pay, it's well worth the money.
We chose Citrix Netscaler Gateway for its wide market presence and its great experience over time. Although the implementation time may be longer than in the other solutions, I think the results are better and it allows configuration with greater capacity than the others. The cost is similar in all the solutions seen.
Well ZPA is a good solution, however everyone has their own advantage and disadvantages, with ZPA you can deploy ZTNA model, which will help you better control on access, however Palo Alto, Fortinet they are also market leading firewall solution, and you can not deny if they are not providing the same features.
The largest positive impact was that it provided a path up upgrade from the now defunct CSG Citrix product. Because Netscaler Gateway is an at cost product, where CSG was not, one could argue there is no monetary ROI but the ROI in this scenario comes more from the ability to not have to use a non Citrix product and learn the skills needed to administer it.
Negative wise, Netscaler Gateway can be quite costly in both upfront costs and maintenance fees. It is part of business and a requirement but when using it as a replacement for CSG you will have to account for several thousands of dollars per year in additional cost.
Because it can implemented as a virtual server (it comes in both hardware and non hardware versions) the lack of need to add one more piece of hardware to our data center saves in space, up front costs, and power/cooling needs if you opt to go with the software based version.
Positive: We have now charged users internally for the service
Negative: Dealing with users who also have the Zscaler Client Connector for their company, can cause confusions
Negative: Enabling the Zscaler Internet Access entitlement has been a major headache for us because Zscaler Private Access users can't autheniticate through ZIA on a non corporate device.
