Citrix in the DMZ

[DASLG]

Hello all,
I would like to know if it is possible to have the entire farm (including MSAM and CSG) in the DMZ? If so, is there any documentation on how to do it? I don't believe it was mentioned in the admin guide.

 

[ascotta]

Erm, it should not be difficult to achieve, but why would you be doing that ? The only problem I can see is for the apps to see internal data.

[blue]Arguably the best cat skinner around ! [/blue]

Cheers
Scott

 

[DASLG]

We just wanted another option. We have an internal app server, an exchange server and a file server that would need to be accessed. I take it that we would have to open a ton of ports to let users access these resources, correct? Even so, if any one has any links to documentation that might cover this it would be most helpful. This is for Presentation server 3.0, MSAM 2.2, and CSG 2.0.


Thank You,
Damon

 

[ascotta]

Well you would have to open the ports internal sure.
I doubt you will find much documentation on this as it really is way outside the box. You would still only need 443 or whatever coming into the DMZ from the world wide waste of time.

I would go with the SG and web in DMZ everything else internal, it is at least supported by Citrix.

[blue]Arguably the best cat skinner around ! [/blue]

Cheers
Scott

 

[Stevieraycover]

I too have an entire Citrix implementation in our DMZ zone. This is how our Citrix gurus set it up. I continually have problems with "external user" access into our Citrix farm in the DMZ. The technical explanation from our Security team is that the "external user" does not allow outgoing traffic on port 1494 and therefore cannot launch the apps. Is it possible to change this to port 443 or something else that everyone allows traffic on.
Steve


Scover@ciena.com

 

[ascotta]

Yes you need Secure Gateway.

[blue]Arguably the best cat skinner around ! [/blue]

Cheers
Scott