Citrix on DMZ?

Currently, we have two Citrix Presentation Servers v4.0 on a seperate domain on Public IP's (we have a range) behind a firewall.

I'm looking to move them back into our internal domain but keep the security tight.

Quick overview of network:

Cisco Router (managed) -> Firewall (transparent mode) assigned a public IP on LAN -> Citrix Servers on public IP's -> Router/Firewall public IP on external, internal range on internal -> LAN

So there's effectively a DMZ between the two firewalls but on public IP's (no different in security to using internal IP's is it?)

I would like to know if it would be an issue having them both in the DMZ with only windows authentication ports open back inside the LAN?
Who is Participating?
BLipmanConnect With a Mentor Commented:
You will need to "swiss cheese" your firewall to allow domain services from your DMZ to your LAN.  Normally people put the Citrix servers in the LAN and a Secure Gateway/WI server in the DMZ; they can talk to Citrix via 443 and to the clients in the Internet over 443.  
If you want even more security you can secure the Citrix servers in one DMZ, allow auth into the LAN, and another DMZ with the WI/SG servers in it ("double-hop DMZ").  
Turns the firewall into "Swiss cheese"
partymarty84Author Commented:
Looks like I won't be doing that then.

CSG it is.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.