Citrix NAT Checkpoint

I am looking to NAT a connect through a Citrix server I have created the rule and the packet is be accepted the rule for any service.

I am able to RDP to the remote server by using the Nat'd address, however when I try connect via Citrix it will not connect

Any Ideas ?
Who is Participating?
grimkinConnect With a Mentor Commented:
Can you set up a packet sniffer e.g. wireshark on your server and make sure the connections are coming through to it on port 80? If they are and you can see replies being sent then we may need to try a packet capture on the firewall to make sure the NAT is doing what it is supposed to.

If they are coming through but the server is not replying to it then you need to look at the citrix config and see if it has been locked down to a particular subnet (Anyone? I'm not a citrix expert ..)

Make sure that logging is turned on for your rule and check Smartview Tracker to see if your packets are being dropped by a different rule. Please post your results back on here and we can help you further,

skywalker101Author Commented:
Tracker is accepted the rule for http which I connection via Citrix is this opened for any service, It is also using the same rule when I attemp an RDP session.

Number:                                      3788
Date:                                           21May2009
Time:                                          8:42:03
Product:                                      VPN-1 Power/UTM
Interface:                                    eth-s1p1c0
Origin:                                         FW
Type:                                          Log
Action:                                         Accept
Protocol:                                     tcp
Service:                                      http (80)
Destination:                                BDCWMPCTX3
Rule:                                           7
Current Rule Number:                7-Standard
Rule Name:                                CITRIX NAT
Source Port:                                1617
Information:                                service_id: http
NAT additional rule number:      0
NAT rule number:                       2
Rule UID:                                    {4D9019A1-B340-424E-BBBD-FFB3C130F8FB}
SmartDefense Profile:                Default_Protection
XlateDst:                                     CLICK_CTX6
Policy Info:                                 Policy Name: Standard
                                                   Created at: Thu May 21 08:24:01 2009
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

How have your NAT rules been set up? Are you NATing the entire host to the external address or just forwarding certain services?

It may be that you are port-forwarding RDP (3389) but not Citrix on port 80, please confirm.
skywalker101Author Commented:
I have the NAT rule set-up with no service defined, I am doing a Static Nat i.e. Nat'd address translates
skywalker101Author Commented:
Ah from the Source IP address I can telnet to the Nat'd address on port 80 so it is reaching the server OK, I will run a packet capture on the firewall to confirm
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.