Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unique IP address for each client

Status
Not open for further replies.

porkchopexpress

IS-IT--Management
May 26, 2005
3,996
GB
We are running our staff through a Smoothwall firewall one of the features requires a unique IP address for each connection is this possible using Citrix/Terminal Services.

Our Setup:
Currently we use thin client devices that have their own IP that connects the user to the Citrix server but then internet traffic is generated from the Citrix box this means that the Smoothwall only sees the IP of the Citrix server so it can't identify traffic from a particular user or device.

Anyone know of a way to present a unique IP for each user?

Using Citrix PS 4.5 on Windows Server 2003 SP2.

Thanks.
 
So I take it this is an issue with users come in via the Internet using DSL/cable connections hence they don't have static IPs... With that being said, have you considered deploying a VPN solution instead whereby you can assign your users static IPs for this purpose?
 
Thanks for the reply.

I'll explain a bit more. This is a high school and all of the Citrix clients are on the LAN we use Smoothwall Guardian to provide web filtering for staff and students.

One of the features allows us to turn off internet on PC's in an IT room. This works well in a room with normal Windows PC's as they all have a unique IP address so Smoothwall can tell them appart.
With the thin client devices they all have a unique DHCP assigned IP but that connects to the Citrix server via ICA and then all user generated internet traffic comes from the Citrix servers IP so Smoothwall can't tell the clients appart.

Does that make more sence?
 
I'm fairly certain that you cannot do what you want through the Smoothwall. The IP address will show as coming from the Citrix box, and there is no way to change that and no effective way to trace it back to a user.

You can create policies via AD which would restrict/remove IE on the Citrix server itself based on user or group.
 
The only way I can see this working is if you employ a VDI type solution like implementing VMWare workstation/server on your Citrix box and have virtual desktops with dedicated IPs assigned to the virtual hosts.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top