In past design decisions, the customer would like often to configure a single FQDN for both Netscaler (external) and StoreFront (internal) deployment. First off all the customer must have the same DNS Zone for external and internal access to fulfill this solution.
In the picture and in the PDF (you can download below) I have add the needed firewall ports also. In the future we must replace Netscaler Insight Center with MAS.
DNS static entries for zone firma.de
10.49.8.9 = cbcitrix.firma.de
10.49.8.13 = citrix.firma.de
10.49.8.13 = accounts.firma.de
Note: citrix.firma.de and accounts.firma.de using the same IP-Address, that are the configured beacon Points. accounts.firma.de would be used internal and pointing Citrix Receiver to the StoreFront. If the user enters internal https://citrix.firma.de he would routed to 10.49.8.13, the LB for StoreFront.
10.49.8.7 [citrix.firma.de] = VIP Netscaler Gateway – external access only (NAT public IP)
10.48.8.8 = SNIP
10.49.8.9 [cbcitrix.firma.de] = VIP Netscaler Gateway (callback) – internal access only
10.49.8.10 = NSIP Netscaler 1
10.49.8.11 = NSIP Netscaler 2
10.49.8.12 = VIP Loadbalancing (LB) for DNS, LDAP(s)
10.49.8.13 [citrix.firma.de and accounts.firma.de]= VIP Loadbalancing (LB) StoreFront