| Author |
Message |
Dave
Guest
|
 Posted:
Thu Dec 01, 2005 10:18 pm Post subject:
Citrix web Interface |
|
|
Hi,
I am trying to setup a citrix secure gateway which is running in my DMZ I
have got the firewall (Watchguard Firebox III) to allow the CSG to talk to
the Citrix Farm through port 1494, 80 and 443. What I can't get is an
external connection to access the application, the user can authenticate
against the AD but an "can not find metaframe server" error appears when
they try to access a publish app. There is no problem if I try on the LAN.
I've been told that my problems lie with my firewall, but I am not to sure,
I have configure the Watchguard as detailed in the whitepaper on Watchguard.
Is there anything I am missing?
TIA |
|
| Back to top |
|
 |
Leythos
Guest
|
| Posted:
Fri Dec 02, 2005 5:51 am Post subject:
Re: Citrix web Interface |
|
|
In article <dmnss9$avi$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com>,
no@mail.com says...
| Quote: | Hi,
I am trying to setup a citrix secure gateway which is running in my DMZ I
have got the firewall (Watchguard Firebox III) to allow the CSG to talk to
the Citrix Farm through port 1494, 80 and 443. What I can't get is an
external connection to access the application, the user can authenticate
against the AD but an "can not find metaframe server" error appears when
they try to access a publish app. There is no problem if I try on the LAN.
I've been told that my problems lie with my firewall, but I am not to sure,
I have configure the Watchguard as detailed in the whitepaper on Watchguard.
Is there anything I am missing?
|
In order to get CITRIX working from the client side I had to create a
rule as follows:
PORT 1494 TCP Allow outbound
PORT 1604 UDP Allow outbound
Since you are allowing inbound CITRIX, you may need to allow 1604 UDP
inbound (since I would expect it to be the reverse of my outbound rule).
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Wil
Guest
|
| Posted:
Fri Dec 02, 2005 8:46 am Post subject:
Re: Citrix web Interface |
|
|
I'm no Citrix guy, buy AFAIK you need to open 443 to the CSG and the CSG
will proxy all of the connections to the farm, so nothing needs to be
open from the outside to the farm.
Wil
my 3¢
Dave wrote:
| Quote: | Hi,
I am trying to setup a citrix secure gateway which is running in my DMZ I
have got the firewall (Watchguard Firebox III) to allow the CSG to talk to
the Citrix Farm through port 1494, 80 and 443. What I can't get is an
external connection to access the application, the user can authenticate
against the AD but an "can not find metaframe server" error appears when
they try to access a publish app. There is no problem if I try on the LAN.
I've been told that my problems lie with my firewall, but I am not to sure,
I have configure the Watchguard as detailed in the whitepaper on Watchguard.
Is there anything I am missing?
TIA
|
|
|
| Back to top |
|
|
Keith
Guest
|
| Posted:
Fri Dec 02, 2005 5:21 pm Post subject:
Re: Citrix web Interface |
|
|
That is correct, you only need 443 open from the outside world to the CSG
box, you could even NAT this from the Firebox if it allows.
The CSG box then needs to be able to talk with your Citrix servers, XML
service and STA so ports 1494, and whatever your xml service and STA is on.
That's how I've setup CSG's anyway...
--
Cheers
"Wil" <wil@SPAM.THIS> wrote in message
news:438fb569$0$38602$742ec2ed@news.sonic.net...
| Quote: | I'm no Citrix guy, buy AFAIK you need to open 443 to the CSG and the CSG
will proxy all of the connections to the farm, so nothing needs to be open
from the outside to the farm.
Wil
my 3¢
Dave wrote:
Hi,
I am trying to setup a citrix secure gateway which is running in my DMZ I
have got the firewall (Watchguard Firebox III) to allow the CSG to talk
to the Citrix Farm through port 1494, 80 and 443. What I can't get is an
external connection to access the application, the user can authenticate
against the AD but an "can not find metaframe server" error appears when
they try to access a publish app. There is no problem if I try on the
LAN.
I've been told that my problems lie with my firewall, but I am not to
sure, I have configure the Watchguard as detailed in the whitepaper on
Watchguard. Is there anything I am missing?
TIA |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in