Norton Personal Firewall and the outbound ports for a Citrix connection

Posted on 2004-03-23
Last Modified: 2013-11-16
I have limited time to learn a program for my office so I have installed the trial program on my home computer.  However, every time I try to access the program i get the message : ICA file not found. This is Citrix and Terminal services (I hope I said that correctly). My firewall is Norton Personal Firewall and I was told to open ports UDP 1604 and TCP 1494 but when I tried, it seems I failed.

Also, even when Norton firewall is disabled I get the same message.

Can anyone walk me through the opening of these ports?  Thank you for your time.
Question by:Modell
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 23

Expert Comment

by:Tim Holman
ID: 10668932
List of Ports Used by Terminal Server.  You're missing TCP:3389 ?

Clients                   Static ports
--------                    ------------

RDP Client (Microsoft)      TCP:3389 (Pre Beta2:1503)
ActiveX Client (TSAC)       TCP:80, 3389
ICA Client (Citrix)         TCP:1494
NOTE: Terminal Server uses port 3389.

Author Comment

ID: 10673977
umm, Tim?  I don't have a clue what you are talking about.  I need someone to help walk me through opening ports in Norton Personal Firewall without expecting me to fully understand what I'm doing.  Thanks anyway.
LVL 23

Accepted Solution

Tim Holman earned 250 total points
ID: 10695390
Those are the ports you need to open on the firewall for Citrix to work fully.  However, I looked up the 'ICA file not found' message on the Citrix support site, and it is fixable... take a look here, apologies for bombarding you in geek language... ;)
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.


Author Comment

ID: 10696748
ummmmmm, Tim, I found that web page some time ago; its instrucitons assume you have the ports open. My request is for someone to help me, step by step, open the ports using Norton Personal Firewall.  According to the host, I only need the two ports listed, udp 1604 and tcp 1494 open. But they won't help me do it ... 'third party programs etc.'. Thanks again
LVL 23

Expert Comment

by:Tim Holman
ID: 10796547
Sorry for the delay in response, but do you still need help with this ?

Author Comment

ID: 10797004
The needed help has changed a little.  With dogged determination I have managed to open the two ports required by Citrix.  But I am very uneasy about it because I don't know how to tell Norton that there is only one company/person/computer permitted to use those ports.  Is this something you can help me with? Thanks.

Assisted Solution

slowmoe earned 250 total points
ID: 10798738
It's a thre step process if you don't know the computer you want to give access to:

1) Modify the rule you created to open the two ports by going to the "Tracking" tab and ticking the box labeled "Create an event log".

2) Check the "Event log" to see the "Remote computer" that tried using these two ports.

3) Modify the same rule again by going to the "Computers" tab and adding the "Remote computer" you found in step two to the "Only the computers and sites listed below" list.
LVL 19

Expert Comment

ID: 15658501
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split - tim_holman and slowmoe

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question