Citrix XenDesktop, Citrix Netscaler, External Access

Hi guys,

i was just wondering if someone could explain the setup of a Citrix XenDesktop deployment in conjunction with Citrix Netscalers (especially ports used for external access).


Citrix Netscaler and Citrix Web Interface in DMZ; Provisioning Server, Desktop Delivery Controller & Hypervisor is on internal network.


Virtual desktop to be available remotley for users on an untrusted network.

What would be the best practice to set this up? What ports would need to be open and from where to where ?
Who is Participating?
TreyBcoolConnect With a Mentor Commented:
Outside firewall port 443. The internal stuff depends on your dmz structure.  The attached 2 documents should tell you everything you need. Basically an external IP and FQDN. This is your external VIP. But then you will probably need an internal VIP that responds to that to. So internal i could hit and get to my logon page but the = and then external i could hit but now its ip is
Then you will need an NSIP - this is your ip address internally that you will get to the management console of the NS and requires the 3000 range ports in document. Then you need a MIP address to talk to your DDC and VD's which is your 1494, xml port, 2598, 80.  Your best bet is to let the firewalls handle the ip address NATing for the internal and external stuff.
Check out the attached template and checklist. This should help.
kengo007Author Commented:
thanks TreyBCool ;-)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.