[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Firewall ports on DMZ

Posted on 2009-07-13
4
Medium Priority
?
550 Views
Last Modified: 2012-05-07
Hi Eperts,
could you please tell me which are the ports need to open on firewall in my dmz setup for citrix farm. Our users will be accessing applications through Web interface 5.1.1 and Secure Gateway 3.1, server hosting the WI nd SG will be on DMZ.
So tell me which port no. on which firewall need to open. If we could categoris first firewall and 2nd firewall. First firewall is from the public end.

Thanks in advance.
0
Comment
Question by:anupam1983
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 14

Expert Comment

by:amichaell
ID: 24845809
1494 = ICA
2598 = Session Reliability
80 = HTTP
443= HTTPS

You'll need to allow HTTP/HTTPS (whichever you are using...hopefully HTTPS) from the Internet to the CSG/WI server in your DMZ.  You'll need to allow 80 and 1494/2598 (depending upon whether you use Session Reliability) from your DMZ to private network.

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html

and

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part2.html
0
 

Author Comment

by:anupam1983
ID: 24850420
Hi Amichaell,

thanks for your replpy, i would like to confirm that we are using HTTPS so we need to open 443 only from internet to DMZ. And we are using XML service port 8080 so do we need to open only 1494/2598 and 8080 from DMZ to private network. I would like to confirm that we don't need to open port 80 on either way. Just confirm.
0
 

Author Comment

by:anupam1983
ID: 24850436
Hi,

one more doubt don't we need to open 443 port from DMZ to private network.
0
 
LVL 14

Accepted Solution

by:
amichaell earned 1500 total points
ID: 24850508
If XML is running over 8080 then you'll need 8080 rather than 80 from your DMZ to private network.  I'm fairly certain you don't need 1494/2598 opened between the Internet and your DMZ, though those links should confirm or deny.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenDesktop, Citrix Studio, Citrix Policies, Citrix XenApp
Several part series to implement Internet Explorer 11 Enterprise Mode
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question