Citrix NAT Checkpoint

I am looking to NAT a connect through a Citrix server I have created the rule and the packet is be accepted the rule for any service.

I am able to RDP to the remote server by using the Nat'd address, however when I try connect via Citrix it will not connect

Any Ideas ?
skywalker101Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

grimkinCommented:
Hi,

Make sure that logging is turned on for your rule and check Smartview Tracker to see if your packets are being dropped by a different rule. Please post your results back on here and we can help you further,

Thnx
0
skywalker101Author Commented:
Tracker is accepted the rule for http which I connection via Citrix is this opened for any service, It is also using the same rule when I attemp an RDP session.

Number:                                      3788
Date:                                           21May2009
Time:                                          8:42:03
Product:                                      VPN-1 Power/UTM
Interface:                                    eth-s1p1c0
Origin:                                         FW
Type:                                          Log
Action:                                         Accept
Protocol:                                     tcp
Service:                                      http (80)
Source:                                       192.168.96.89
Destination:                                BDCWMPCTX3
Rule:                                           7
Current Rule Number:                7-Standard
Rule Name:                                CITRIX NAT
Source Port:                                1617
Information:                                service_id: http
NAT additional rule number:      0
NAT rule number:                       2
Rule UID:                                    {4D9019A1-B340-424E-BBBD-FFB3C130F8FB}
SmartDefense Profile:                Default_Protection
XlateDst:                                     CLICK_CTX6
Policy Info:                                 Policy Name: Standard
                                                   Created at: Thu May 21 08:24:01 2009
                                                   
0
grimkinCommented:
How have your NAT rules been set up? Are you NATing the entire host to the external address or just forwarding certain services?

It may be that you are port-forwarding RDP (3389) but not Citrix on port 80, please confirm.
0
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

skywalker101Author Commented:
I have the NAT rule set-up with no service defined, I am doing a Static Nat i.e. Nat'd address 172.17.5.100 translates 10.15.5.100
0
grimkinCommented:
Can you set up a packet sniffer e.g. wireshark on your server and make sure the connections are coming through to it on port 80? If they are and you can see replies being sent then we may need to try a packet capture on the firewall to make sure the NAT is doing what it is supposed to.

If they are coming through but the server is not replying to it then you need to look at the citrix config and see if it has been locked down to a particular subnet (Anyone? I'm not a citrix expert ..)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
skywalker101Author Commented:
Ah from the Source IP address I can telnet to the Nat'd address on port 80 so it is reaching the server OK, I will run a packet capture on the firewall to confirm
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.