citrix firewall issue

Do the users connect via Web Interface or directly to the server?

If Web Interface you will need to open TCP ports 80 or 443.

If they are using Session Reliability, then you need TCP 2598 open.

Port 1494 is the standard ICA port.

Yes it is web portal. Can get on the site but when I click the desktop app, the client app launches but met with error described above

Will try that, here is the latest log, it is trying to connect and failing on 6101, what service is on that port? Why is it trying to connect on that, I though it was port 10000

[4004] 03/09/11 05:45:40 BETCPConnection::LoopThroughListAndConnect: Could not connect to remote address "192.168.32.201" Error:10061.
[4004] 03/09/11 05:45:40 @@@@@@@MyCloseSocket called with sockfd = 640(0x280)      retval = 0
[4004] 03/09/11 05:45:40 BETCPConnection::CreateConnectionFromHostAndPort: Remote Host: "SQLBU": There were no addresses returned, belonging to family: IPv6
[4004] 03/09/11 05:45:40 BETCPConnection::CreateConnectionFromHostAndPort: Could not create a connection to "IASSQLBU" because attempts with both IPv4 and IPv6 protocols failed
[4004] 03/09/11 05:45:40 Could not create a BETCPConnection object from address: SQLBU error=An error occurred during a socket connect operation: Error Code: 10061, System Error Message: No connection could be made because the target machine actively refused it.
[4004] 03/09/11 05:45:40 NrdsAdvertiserThread: connect to target=SQLBU port=6101 failed

disregard previous post , wrong thread, sorry

I am able to get on thru the program neighborhood application set creation process, however cannot get on via the web portal . The ports that are open where i am trying to connect is ;

8080/tcp open   http          Citrix Metaframe ICA Browser
1494/tcp open   citrix-ica    Citrix Metaframe XP ICA
443/tcp  open   ssl/http      Microsoft IIS webserver 5.0
80/tcp   open   http          Microsoft IIS webserver 5.0
541/tcp  open   osiris        osiris host IDS agent
3389/tcp open   microsoft-rdp Microsoft Terminal Service

He was merely changing the fw, the metaframe server did not change. However,  cannot get on via web browser now that the new fw is in place. Here is the contents of the ICA file from web browser ,scrubbed version. Again, I can log into the sight , but when i click the application icon "admin desktop" the web error is "cannot connect to citrix xenapp server, no server configured on specified address" .

[Encoding]
InputEncoding=ISO8859_1
[WFClient]
Version=2
ClientName=domain-user9999

RemoveICAFile=yes


[ApplicationServers]
Admin Desktop=

[Admin Desktop]
Address=192.168.1.6:1494
InitialProgram=#Admin Desktop
LongCommandLine=
DesiredColor=2
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0



AutologonAllowed=ON
Username=user9999
Domain=\ENCRYPTED
ClearPassword=\ENCRYPTED



DesiredHRES=800
DesiredVRES=600
TWIMode=Off


EncryptionLevelSession=EncRC5-128


SessionsharingKey=2-rc5-128-none-domain-user9999-citrixFarm

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

Can the user get to your server at IP 192.168.1.6 from their location?  I seriously doubt it.

Good point, why is the ica file being generated have adderess as Address=192.168.1.6:1494 . i checked that against a working ica file to another site and address= a proper public ip. The ica file is telling my client to connect to 192.168.1.6 , which obviously i will not be able to connect to across the net.So how is this resolved?

further info , NFuse_IPv4AddressAlternate I set the correct external ip in the template.ica file on web, that corrected it. In my case, we do not use the secure gateway.