Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Internet Connection to Citrix Server through Firewall

Status
Not open for further replies.
Udir

Udir

Technical User
Aug 16, 2001
111
US
I am trying to allow access to our Citrix server through our PIX firewall...

I am using the regular Full PN 7.0, the server is Win 2000 SP 3 with XP 1.0 FR 2. Nothing else is being used on either the client or server.

I have run altaddr on the server and it has both addresses that it needs to have.

I have the following tcp ports mapped to the citrix server
www
https
1494
udp - 1604

I looked through the citrix support site and came up with everything that has been done to date... I can telnet into the external address on port 1494 and I get ICA on the prompt, so I think I am getting in, it is just when I try and use the client, it cannot find either the server or the published app...

Idea and suggestions appreciated.

Thanks
 
Sort by date Sort by votes
In the PN client itself, have you checked the "use alternate address for firewall connection" box?
 
Upvote 0 Downvote
Excuse me whilst I go "eek".

What you're trying to do is quite possible and many people do it, and opening up all those ports on the firewall to your Citrix server is fair enough if you're just testing for the heck of it, or just maybe if you are also going to do something with - say - SecureID, but port 1494 is very well known out there in the big bad world and advertises the fact you have a Citrix server.

In other words, assuming you succeed in getting this to work - and I'm sure you can - you will (not may) start to get a number of unwanted visitors. Now your username/password security may be quite good (no administrator/guest users, passwords change every 30 days or so, nor repeating passwords, passwords must be 8 alpha numeric comprising at least 2 numerics and a mix of upper and lower case, etc), but even so....

Personally I'd consider/recommend setting up a CSG server - particularly as the software is free and it's not that hard to do - so that the only port external users need access to is https/443 to the NFuse server..... If you're short on hardware, or only a few people will be accessing Citrix remotely, you can even run NFuse and CSG on the same box (see faq48-3648).

Cheers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

P
  • Question
Recovery Disc failing to verify correct PC even though it is. 2006 Palvilion a1410y
Replies
0
Views
216
PalBadium
P
gazonk.del
  • Locked
  • Question
How to Copy save_set from Tape to Disk -- Continuation
Replies
0
Views
269
gazonk.del
gazonk.del
wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
352
wavestar69
wavestar69
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
497
ntinlin
ntinlin
damienenglish
  • Locked
  • Question
Citrix Replication Fault Detection
Replies
0
Views
226
damienenglish
damienenglish

Part and Inventory Search

Sponsor

Back
Top