Citrix Nfuse

Posted on 2004-11-18
Medium Priority
Last Modified: 2010-04-14

could someone explain why some clients at remote sites (internet cafes. hotels etc) cant connect.

the majority of people on remote sites can, but every so often we get places that can't connect, but  do have internet access,

sometimes an ssl  error, sometimes just the hour glass, sometimes nothing, (we do have peopl using the system all the time and is working whilst theses errors are happerning so i doubt its at our end.
I was under the impression that it all worked under port 80 as far as the client was concernd, so cant see what would be stoping it working.

any ideas,

using Citrix frx

clients do connect to CSG first ratherthan the web server.

and we do use NAT but CSG and Web server are on a card of there own on the firewall.
Question by:mhamer

Author Comment

ID: 12615092
would the clinets firewall need to have any other oports thatn 80 open for nfuise to work?

is there anyway nfuse willwork only through port 80?

Accepted Solution

tmorrison3 earned 1500 total points
ID: 12616812
Found this at http://honor.trusecure.com/pipermail/firewall-wizards/2002-December/013646.html

Sounds like the Hotels/Internet Cafes etc. Might only have port 80 open period?

Citrix has its own proprietary gateway andticketing service called Citrix Secure Gateway (CSG) that it uses to
authenticate sessions and proxy sessions on port 443 for connection to backend Citrix Metaframe servers listening on TCP 1494 (ICA).  Inessence:

1)      A user connects to a portal server (Citrix Nfuse on port 80 or443) using user credentials (plus SecureID if required).
2)      After login the request is passed to a proprietary ticketing authority and a ticket is generated.  If authentication is successful half of the ticket is returned to the client and the other to the CSG server.  At the same time the Metaframe farm is queried for apps accessible to the user and using JAVA script a web page is created on the fly and returned to the user.
3)      Once the user clicks on an app icon an ICA file containing info about the app and connection is generated to allow connection on 443 to the CSG server.
4)      At the CSG server the halves of the tickets are compared and if they match the CSG server proxies the connection to the Metaframe farm via ICA.

All connections from the external network(s) can use SSL and thus only 443 needs to be opened to the Nfuse Portal and the CSG servers sitting in a DMZ.  Port 80 needs to be open from the portal in the DMZ to Metaframe (ICA) farm on the internal network.  ICA (1494) needs to be open from the CSG box in the DMZ to the Metaframe (ICA) farm on the internal network.  I am told that the port 80 connections will be replaced with SSL ability in the next release.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Strategic internal linking is often considered an SEO power technique, especially for content marketing. Do you need to hire an SEO agency to optimize you internal linking? No, this article will help you understand the basics of internal linking and…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question