skywalker101
asked on
Citrix NAT Checkpoint
I am looking to NAT a connect through a Citrix server I have created the rule and the packet is be accepted the rule for any service.
I am able to RDP to the remote server by using the Nat'd address, however when I try connect via Citrix it will not connect
Any Ideas ?
I am able to RDP to the remote server by using the Nat'd address, however when I try connect via Citrix it will not connect
Any Ideas ?
ASKER
Tracker is accepted the rule for http which I connection via Citrix is this opened for any service, It is also using the same rule when I attemp an RDP session.
Number: 3788
Date: 21May2009
Time: 8:42:03
Product: VPN-1 Power/UTM
Interface: eth-s1p1c0
Origin: FW
Type: Log
Action: Accept
Protocol: tcp
Service: http (80)
Source: 192.168.96.89
Destination: BDCWMPCTX3
Rule: 7
Current Rule Number: 7-Standard
Rule Name: CITRIX NAT
Source Port: 1617
Information: service_id: http
NAT additional rule number: 0
NAT rule number: 2
Rule UID: {4D9019A1-B340-424E-BBBD-F
SmartDefense Profile: Default_Protection
XlateDst: CLICK_CTX6
Policy Info: Policy Name: Standard
Created at: Thu May 21 08:24:01 2009
Number: 3788
Date: 21May2009
Time: 8:42:03
Product: VPN-1 Power/UTM
Interface: eth-s1p1c0
Origin: FW
Type: Log
Action: Accept
Protocol: tcp
Service: http (80)
Source: 192.168.96.89
Destination: BDCWMPCTX3
Rule: 7
Current Rule Number: 7-Standard
Rule Name: CITRIX NAT
Source Port: 1617
Information: service_id: http
NAT additional rule number: 0
NAT rule number: 2
Rule UID: {4D9019A1-B340-424E-BBBD-F
SmartDefense Profile: Default_Protection
XlateDst: CLICK_CTX6
Policy Info: Policy Name: Standard
Created at: Thu May 21 08:24:01 2009
How have your NAT rules been set up? Are you NATing the entire host to the external address or just forwarding certain services?
It may be that you are port-forwarding RDP (3389) but not Citrix on port 80, please confirm.
It may be that you are port-forwarding RDP (3389) but not Citrix on port 80, please confirm.
ASKER
I have the NAT rule set-up with no service defined, I am doing a Static Nat i.e. Nat'd address 172.17.5.100 translates 10.15.5.100
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah from the Source IP address I can telnet to the Nat'd address on port 80 so it is reaching the server OK, I will run a packet capture on the firewall to confirm
Make sure that logging is turned on for your rule and check Smartview Tracker to see if your packets are being dropped by a different rule. Please post your results back on here and we can help you further,
Thnx