[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Strange problem with Citrix
Does anyone know if one can use multiple altaddr in Citrix. I have a NAT that is being done at the firewall and if the circuit fails at the upstream router then another NAT is performed at that router going to a different provider. So my client's Citrix server is setup with 1 /altaddr so when the failover happens on the upstream router Citrix stops working. Any ideas? Euge Thanks, Eugen B ----- Original Message ----- From: "Ramakrishnan" <[email protected]> To: <[email protected]> Sent: Saturday, November 03, 2001 3:43 AM Subject: [FW-1] Strange problem with Citrix > Hi, > > Yes, Both the rules are there. The Source port range > is 1024 -65534 > > The citrix is going through a 3DES tunnel(cisco) and > lands on the firewall. > > The firewall allows first six sessions and blocks any > more sessions. > > The customer has openend a TAC case with Cisco , > Citrix and CP. > > Regards > Rama > > > > What rules do you have for Citrix? Do you have > services for both TCP 1494 > and UDP 1604 with source port ranges from 1024-9999? > This what I have setup > and I've never had a problem from CP 4.0 thru 4.1 SP4. > > Also are you also using the /altaddr on the Citrix > server when trying this? > > Rich > > -----Original Message----- > From: Ramakrishnan [mailto:[email protected]] > Sent: Thursday, November 01, 2001 12:11 AM > To: [email protected] > Subject: [FW-1] A strange problem with citrix > connection through CP -1 > SP2 > > > Hi all, > > One of our customers have a strange problem in > allowing citrix client through his firewall. The web > client of citrix works fine through the firewall. But > if the native citirx client is used , the firewall > responds requests to 5 to 6 sessions and do not allow > sessions there after. Even if the sessions are > disconnected and retried , the sessions do not get > established. > > If we restart the firewall , then it allows 6 more > sessions. > > We have changed the source port range, removed NATting > . Still the problem continues. > > We understand that the FW stops dropping packets. > > Has anybody faced similar problems. Please suggest a > solution. > > THe option of upgrading the SP is ruled out. > > A ticket has been opened in citrix and CP for the > same. > > Any ideas > > Rama > > > __________________________________________________ > Do You Yahoo!? > Find a job, post your resume. > http://careers.yahoo.com > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|