Firewall Wizards mailing list archives
Re: Citrix ICA - Published apps
From: Chris Brenton <cbrenton () sover net>
Date: Thu, 15 Apr 1999 10:42:42 -0400
"Schultz, Ken" wrote:
Has anyone actually managed to make a Citrix Metaframe server - published application actually work through a firewall? If so, would you mind sharing a few of details?
You can do it, but you do not want to try. ;) If memory serves its the same problem you run into if you try and use load balancing. The client needs to be able to query the master browser. Your problems here are: 1) the master browser can change 2) you need to open up inbound NBT which has all sorts of nasty security implications You may be able to pull all this together using client authentication, some registry hacks to specify the master browser as well as an LMHOSTS file on the remote machine, but I think I would rather get a tooth drilled. ;)
We have been able to get access to the Metaframe server directly, but are having one hell of a time trying to get access to the published app.
For Internet access to Citrix, I've found it much easier to use DNS round robin. This is load sharing instead of load balancing but from my experience its not all that less inefficient compared to the algorithm use by Citrix to determine server load. If you create a number of "A" records which use the same name as the published app (i.e. msword.bohica.edu), a remote client will resolve this and find the server farm.
Alternatively, if anyone has any _good_ sources of info regarding the use of the UDP/1604 traffic by the ICA clients and/or servers, in conjunction with the master browser server, and/or "alternate address" configuration, that would be very much appreciated.
The Citrix Web site is the best source of info I've found. Not much else out there except "experience". ;) Cheers, Chris -- ************************************** cbrenton () sover net * Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
Current thread:
- Citrix ICA - Published apps Schultz, Ken (Apr 15)
- Re: Citrix ICA - Published apps Chris Brenton (Apr 15)
- Re: Citrix ICA - Published apps Mailing Lists (Apr 15)
- Re: Citrix ICA - Published apps Bruce B. Platt (Apr 15)
- <Possible follow-ups>
- Re: Citrix ICA - Published apps Mailing Lists (Apr 15)
- Re: Citrix ICA - Published apps Chris Brenton (Apr 15)
- Re: Citrix ICA - Published apps Jonathan Feldman (Apr 15)
- RE: Citrix ICA - Published apps Doug Sink (Apr 18)
- Re: Citrix ICA - Published apps Chris Brenton (Apr 18)
- Re: Citrix ICA - Published apps Chris Brenton (Apr 15)