Presentation Server 4 and Citrix Secure Gateway

Id love your help.

Im getting a bit confused on what needs to be NATTED on our firewall.

We have 5 internal citrix servers. All 5 have applications that users external to our network need access to.


Q. On our firewall, do we need to assign a public IP address to each citrix server, and nat this to their internal IP address?
External users will be using the web ica client, and I intend to set up citirx secure gateway.

Q. Does our internal data collector require an external public ip address, and thus natted on our firewall?

Q. For every server that external ica clients require access to, do these citrix servers require a public IP address.

The reasons I ask this is because I believe the ALTADDR command needs to be run on every citrix server, if they need to provide applications to external ica clients.

Does this mean then that if you had 100 Citrix Servers, all advertising applications for external users to use, that ALL of them need a public IP address?

Sorry for the questions.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


you dont need to NAT anything. Install Web Interface and betwenn them they do all the work for you. just make sure you have the correct ports open. i.e. 1494 for the ICA client.

This also means you dont need to use the ALRADDR command
Q1: No.  Only your Web Interface / Secure Gateway server needs a public IP Address.  Furthermore the only port you need to open on the firewall to this server is 443 (or whatever your SSL port is).

Q2. No.  The data collector is just one (or multiple) of your citrix PS 4.0 servers.  No public IP needed.

Q3: No... again you only need 1 public IP Address - the IP of your WI/SG (this of course is assuming you are using a single-hop deployment with the WI & SG installed on the same server).

Altaddr is not needed at all (not even for the WI/SG).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.