Accessing Nfuse from internal AND external clients

[spunkboy]

I have XPa FR3 supplying my internal clients with apps via nfuse. I want the external people to use the nfuse interface as well. I have done this before by making a copy of the /citrix/metaframe directorys under inetpub/

http://wwwroot

and linking it to an external.htm page on a FR1/FR2 server, but this no longer seems to work on the FR3 edition. I think Citrix has now somehow embedded the default path of the nfuse install into the .asp pages.

Is there a way to allow both internal and external clients to utilize the same nfuse server that HAS to be located behind a firewall and cannot be reconfigured into a "dmz like" scenario.

Thanks

 

[spunkboy]

Update: Seems Citrix completly redesigned the Nfuse layout on the webserver. They have restructured the directories. This is most likely what is keeping me from getting this to work like I did on the older version of Nfuse that came with FR1/2. They seem to have "Site" directories under the MetaframeXP directory now. I wonder if I would have to create a new "Site" for the external people to utilize Nfuse and if so, how?

Thanks

 

[rayzze]

You can create as many NFUSE servers as you like to interface with your farm so instead of copying the information I would just install new. I would use a web interface/secure gateway solution with Secure Ticket Autority for external clients this is the most secure way to get Internet clients on to your server without passing credentials or the internal addresses of your Citrix boxs over the web. Look in the FAQ's section of the Citrix forem for how to make Secure Gateway and Web interface coexist on the same box and read the documentation from the Citrix site to setup Secure gateway and Web interface.

Hope that helps.

 

[spunkboy]

Yeah, I wanted to try to do it without having to involve another system. Thanks for the information though.

 

[xs4citrix]

Let's say the internal adres on the nic of your server is 192.168.0.1
That way NFuse will work after a default installation, if your clients are running 192.168.0.x
Of course when connecting over the internet, a user at home will not get much respons from 192.168.0.1

Ok, so here we go: i asume you've enabled port 1494 for citrix traffic, and port 80 for NFuse traffic, running through your

firewall's public ip to the citrix server. Whether residing on the DMZ, or the local LAN.
Now let's say, your public ip is 123.123.123.1

On the citrix server you need to run a command, to tell the server to respond with it's public adres, if needed.
In cmd run: altaddr /set 123.123.123.1

On the firewall, make sure the following rules are open:
(i am asuming the citrix/nfuse is in the DMZ)
allow port 1494 wan to DMZ inbound, and high ports (1023 - 5000) outbound
allow port 80 wan to DMZ in and outbound

On the NFuse server either configure the alternative adres use in the admin page, or make sure the below 2 sample lines are in

the nfuse.conf (needs an iis reset if changed outside the admin page)

AlternateAddress=Mapped
ClientAddressMap=192.168.0.,Normal,*,Alternate

After these changes, the template will get filled with the alternate adres for internet users, and the internal adres for your

lan users.

http://www.printingsupport.com

Free citrixprinting support