the command should work with some limitations. By restricting to 10.1.1.1 you will only see the communication between Client and MWG. You won´t see what MWG is talking to the server. If the timeout happens on the server side, you won´t be able to see what is happening.
If you know the remote IP of the Citrix server, something like this should work:
tcpdump -s 0 -i any -w /tmp/mycapture.pcap host 10.1.1.1 or host 192.168.0.1
(where 192.168.0.1 is the Citrix server)
If that doesn´t work, a capture without limitations, but done during "after office hours" should be more helpful.
Actually I remember I have seen this 120 second timeout multiple times. Is there a support case in regards to this issue? Maybe they have already heard of this problem and can give you a solution.