There is a new update available for the Citrix Access Gateway
Also be aware that the Admin Interface does change significantly from 4.0 to 4.1, it would appear on the surface of it that 4.1 was a bit "buggy" so it might be a better idea to try the 4.1.2, although as usual, your mileage may vary ;-))
http://support.citrix.com/kb/entry.jspa?entryID=6651#P13_671 or
http://support.citrix.com/kb/entry.jspa?externalID=CTX107403
Issue(s) Resolved in this Hotfix
1. Cached LDAP user group information was not deleted from the Access Gateway when the user logged off or intentionally disconnected. (bz948)
2. End users who were behind a proxy server could not connect to the Access Gateway. (bz862)
3. Connections through the Access Gateway to applications running on Citrix Presentation Server where the application contains an ampersand (&) in the application name would cause the connection to fail. The user would receive an SSL Error 38 error message. (bz945)
4. If the administrator configured a registry pre-authentication scan, and it was not applied to local users, the user can connect without completion of the scan. (bz919)
5. Voice over IP communication suffered degraded quality and performance when end users connected to the Access Gateway. Users experienced crackling, latency issues, and poor voice audio performance. (bz917)
6. LDAP authentication information disappeared from the Administration Tool when the Administration Tool was closed and then opened again. (bz916)
7. IP pooling did not function correctly unless the Administration Tool was connected to the external FQDN of the Access Gateway. (bz914)
8. Users might have experienced intermittent connection loss when the local network DHCP leases expired. Users would see the internal Microsoft default address of 169.x.x.x on their computer and then the connection to the Access Gateway was reestablished. (bz942)
9. An application policy was created for an application to have access to a specified network across the Access Gateway tunnel (10.10.x.x). By default other applications could also have access to the specified network. When an application policy was set to deny access to an application on a specified network, renaming the application allowed access to the restricted resources. (bz944)
10. Users that were not administrators on their computer would fail pre-authentication scans that used a specific process name. (bz931)
11. The Administration Tool might lose its connection after an idle period making multiple refreshes necessary and could make changes to the settings fail to update the configuration on the Access Gateway. (bz909)
12. The Administration Desktop logon would fail after the default password was changed. The Access Gateway no longer needs to be restarted for these changes to take effect. (bz915)
13. The sample logon pages were missing. (bz877)
PS: There are rumours that 4.2 may be out *sometime* in October and this should finally incorporate the *Enterprise* add on that will hopefully add all of the MSAM / End Point analysis features.