Firewall ports on DMZ

Hi Eperts,
could you please tell me which are the ports need to open on firewall in my dmz setup for citrix farm. Our users will be accessing applications through Web interface 5.1.1 and Secure Gateway 3.1, server hosting the WI nd SG will be on DMZ.
So tell me which port no. on which firewall need to open. If we could categoris first firewall and 2nd firewall. First firewall is from the public end.

Thanks in advance.
anupam1983Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

amichaellCommented:
1494 = ICA
2598 = Session Reliability
80 = HTTP
443= HTTPS

You'll need to allow HTTP/HTTPS (whichever you are using...hopefully HTTPS) from the Internet to the CSG/WI server in your DMZ.  You'll need to allow 80 and 1494/2598 (depending upon whether you use Session Reliability) from your DMZ to private network.

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html

and

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part2.html
0
anupam1983Author Commented:
Hi Amichaell,

thanks for your replpy, i would like to confirm that we are using HTTPS so we need to open 443 only from internet to DMZ. And we are using XML service port 8080 so do we need to open only 1494/2598 and 8080 from DMZ to private network. I would like to confirm that we don't need to open port 80 on either way. Just confirm.
0
anupam1983Author Commented:
Hi,

one more doubt don't we need to open 443 port from DMZ to private network.
0
amichaellCommented:
If XML is running over 8080 then you'll need 8080 rather than 80 from your DMZ to private network.  I'm fairly certain you don't need 1494/2598 opened between the Internet and your DMZ, though those links should confirm or deny.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.