Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Adding a ip's to the firewall - Citrix problems

To: "'[email protected]'" <[email protected]>, "[email protected]" <[email protected]>
Subject: RE: [FW1] Adding a ip's to the firewall - Citrix problems
From: "Jonathan Jackson" <[email protected]>
Date: Thu, 21 Dec 2000 11:57:04 -0000
Organization: Scudder Threadneedle
Reply-to: "[email protected]" <[email protected]>
Sender: [email protected]

Hi Christian and thanks for the response,

I have had a good read through your suggested links and fear that they 
don't apply in this case as I am connecting to a specific IP, instead of 
using the browsing functionality/Citrix Farm. I've checked the routing and 
it all appears to be fine, but opening up JUST Tcp 1494 doesn't seem to 
work - no response from server.

Back to the drawing board for me......

For clarification, my rule is:

internal ip (static) - specific Citrix server IP - Tcp1494 - allow - log 
long

-----Original Message-----
From:	[email protected] [SMTP:[email protected]]
Sent:	Thursday, December 21, 2000 10:08 AM
To:	[email protected]
Subject:	RE: [FW1] Adding a ip's to the firewall - Citrix problems

Hi,

If you want to use the browsing functionallity, you have to open UDP-port
1604.

"The WinFrame TCP/IP client uses the UDP (User Datagram Protocol) feature
of the TCP/IP protocol suite when browsing for a WinFrame server. UDP is a
connectionless mode protocol, providing a potentially unreliable,
unsequenced, and/or duplicated (because it leaves these functions to other
protocol layers) communications layer. The WinFrame client broadcasts UDP
packets to the network with a destination address of UDP port 1604 (0644
hex) and the source address of the client is any high UDP port (any port
over 1023). A WinFrame server replies with a UDP packet where the data
area contains the names of the current WinFrame servers. The pull down
list is built using this information. This use of UDP can be eliminated by
connecting using the IP address rather than by browsing."


I have some good links about citrix thorugh a firewall:

http://www.citrix.com/support/solution/sol00053.htm
http://ctxex10.citrix.com/texpert.nsf/2e89dc7305e02e9ba69/e  
9e622dbbaf8b2bbe477?OpenDocument
http://www.sans.org/infosecFAQ/perimeter.htm


Christian H. Jensen


........................................................................  
..........


eSec A/S - Managed Security

http://www.esec.dk
Telefon: +45 7020 5585
Direkte:  +45 4450 2073
Mobil:     +45 20192510
........................................................................  
..........






"Jonathan Jackson" <[email protected]>
Sent by: [email protected]
21-12-2000 09:46
Please respond to "[email protected]"


        To:     "'Skip Lawrence - ext. 8972'" <[email protected]>, 
"'firewall
list'" <[email protected]>
        cc:
        Subject:        RE: [FW1] Adding a ip's to the firewall - Citrix 
problems


Seasons greetings back to you!

I am also having a torrid time with Citrix connections - I currently open
TCP on port 1494 with ranges from 1024 to 65535. I've also heard that you
need to add the NBT group of services and something else??

Does anyone else know what services I need for this connecting to get
through?

Thanks,

Jonathan

PS: I'm a FW4.0 - Sun Ultra 10's and Nokia 330's/440's

-----Original Message-----
From:            Skip Lawrence - ext. 8972
[SMTP:[email protected]]
Sent:            Wednesday, December 20, 2000 2:41 PM
To:              'Fw-1-Mailinglist (E-mail)
Subject:                 [FW1] Adding a ip's to the firewall


Seasons greetings to all out there . We have just created two new Citrix
Servers. I have added them to the Citrix group on the firewall. and
Verified
them and pushed them to the firewall . For some reason it works on the
Internal side . But the outside folks can not get into the two new Citrix
Servers . This is a NT Shop.

Thank you .


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


CONFIDENTIALITY: The information in this e-mail and any attachment
 is confidential. It is intended only for the named recipient(s). If you
are
not a named recipient, please notify the sender immediately and do not
read, use, copy or disseminate this information.

CONDITIONS: Any offer contained within this communication
is subject to contract and formal approval by the legal
entity giving the offer.



========================================================================  
========
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
========================================================================  
========


 << File: ATT00023.htm >> 


CONFIDENTIALITY: The information in this e-mail and any attachment
 is confidential. It is intended only for the named recipient(s). If you are 
not a named recipient, please notify the sender immediately and do not 
read, use, copy or disseminate this information.  

CONDITIONS: Any offer contained within this communication 
is subject to contract and formal approval by the legal 
entity giving the offer.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Adding a ip's to the firewall - Citrix problems
Next by Date: [FW1] license Price request
Previous by thread: RE: [FW1] Adding a ip's to the firewall - Citrix problems
Next by thread: RE: [FW1] Adding a ip's to the firewall - Citrix problems
Index(es):
- Date
- Thread