Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NFuse

Status
Not open for further replies.
ascotta

ascotta

Vendor
Sep 15, 2003
7,394
AU
Can someone give me a definitive answere please!

What configuration is the easiest to do.

I have 3 citrix servers on a LAN.
I have a DMZ ( I have no rights to this whatsoever and have to get a third pary to do the work.
It is a PIX firewall DMZ.

I have 1 box to put Web server & Secure gateway and STA on.
They only have one box spare. Thats it no more boxes.

Can someone give me a rough guide as to where this should go. Currently in the DMZ and I can't get it to work.

Any help would be greatly appreciated.

Cheers
Scott
 
Sort by date Sort by votes
I wouldn't put your CSG box and Nfuse / Web Interface on one box!! Asking for trouble. Citrix doesn't like recommend this...

You can put web Int and csg box on one machine though... Put this box in the DMZ- Put STA on some other box outside of the DMZ (lan).

Brandon
 
Upvote 0 Downvote
OK can do.

How do I get the authentication through the DMZ and what Alternate address do I give the Citrix box.

i.e how does the Web server authenticate logins
and
do I give the citrix box an IP on the web or on the DMZ ?

I've kinda thought that a web IP for the Citrix box is required ie the firewall should say anything for <web address> should be forwarded to internal LAN ?

Cheers
Scott
 
Upvote 0 Downvote
you need to assign a port to your Metaframe XP server 'XML Service' when installing MXP. then you need to open that port on the firewall and config NFuse to use that port. The Metaframe server should be in the domain which you will authenticate to and that domain should be noted in the NFuse config as well.
 
Upvote 0 Downvote
By default XML Service uses :80 I have left it alone here and it works great. You have to tell /during install/ Web Interface to use this port and specify just one MF in your farm.

Hope this helps=
Brandon
 
Upvote 0 Downvote
Check this FAQ in the FAQ's on this site.
You can place the Web Interface and Secure Gateway on one box but the STA should be behind the firewall on your internal network. The box that houses the STA just needs IIS on it and will just place a DLL on it, be careful of IIS lockdown on the STA server though, the setup places the DLL into the /scripts directory and lockdown kills the /scripts directory by default.

The WI/CSG server in the DMZ will need access to 1494 and 80 for XML on all of your Citrix Servers and just port 80 on the box that houses IIS which could be one of you Citirx boxes. Name resolution in the DMZ is key either create a hosts file locally on the box or hard code IP's, Thats it. You can and should lock the WI/CSG server to just 443 in (you will need certificates) and the FAQ will show you how use 443 for two IP addresses on the same box.

Hope this helps,
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

JManley1116
  • Locked
  • Question
NFUSE ICA Web Client Install
Replies
0
Views
153
JManley1116
JManley1116
karock
  • Locked
  • Question
User can not log into nfuse
Replies
2
Views
193
enigma99
enigma99
AdminDragon
  • Locked
  • Question
Citrix XPa Unspecified Error in NFUSE user log in
Replies
1
Views
150
krazykatz
krazykatz
djacobus
  • Locked
  • Question
Restricting users from logging into NFuse
Replies
2
Views
130
djacobus
djacobus
newbobbys9
  • Locked
  • Question
Nfuse error
Replies
0
Views
86
newbobbys9
newbobbys9

Part and Inventory Search

Sponsor

Back
Top