Citrix XenApp AD and firewall configurations

Posted on 2009-12-22
Medium Priority
Last Modified: 2012-05-08
Hi all,
We are now venturing in to Citrix XenApp 5 for Win2k3.  We have a disagreement as to which way our firewall should be setup(I am not the fw admin).

Now I have bound the Windows 2003 boxes to AD so that GPO's can apply to the users upon login and so they can gain access to other network resources.

I was then preparing to place ONLY the Web and access gateway box into our DMZ when the firewall admin during implementation stepped up and said no, ALL of the citrix environment must be placed into the DMZ.  

The problem with this, is that even though ports have been opened up for the DMZ back to the LAN, I am still having communication issues with the Windows 2003 server box applying the Windows group policy.

So which is the way to go?  only the web and access gateway in the DMZ and everything else on the LAN or All servers, for Citrix(XenApp and Access Gateways) in the DMZ?

Please provide me with some links to documented info on the Citrix site.

Question by:nappy_d
  • 2
LVL 18

Accepted Solution

mgcIT earned 2000 total points
ID: 26107813
you are correct.  Web & Access Gateway should be in the DMZ.  The XenApp servers themselves should be on the LAN with your other file & app servers.

The documentation you are looking for would be in the Admin guides for Web INterface & Secure Gateway.  See here and then locate your specific versions and products:

LVL 32

Author Comment

ID: 26125015
One other quetion.  If my compny's firewall admin chooses can he block the firewall traversal of the ica client that is granted via the Citrix Secure Gateway?
LVL 32

Author Closing Comment

ID: 31669083
Thanks.  Got them to see it the Citrix way

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question