What ports to open for Citrix 1

[lengoo]

Dear All,
I want to allow access to a Citrix box through either the Nfuse web interface or the ICA client.
What explicit ports would I need to have opened for this.. I want to tie it down to the absolute tee and not want to open any unnecessary ports on our firewall.

Many thanks
ps. We are using Citrix Metaframe xp SP2, the firewall is Checkpoint

 

[xs4citrix]

NFuse: 80 in and outbound for normal use. (not recommended since username and password travel over the web in plain text format) 443 in and outbound when used in https.

Citrix: 1494 inbound, and high ports (1023-5000) outbound.

Better would be to use CSG, which uses 443 in and outbound only, and is mutch more secure then a direct citrix connection.

http://www.printingsupport.com

Free citrixprinting support

 

[DaveRS575]

I would definately recommend Citrix Secure Gateway for this sort of access..

Otherwise, you could set up a VPN or tunneling to a safe machine behind the DMZ. Not recomended though. Some people use a dialup software like PC Anywhere to access a box inside the DMZ via an analog connection then run at LAN speeds from within, but also not a particularly secure method)