Solved

Citrix Xenapp 6 external access

Posted on 2011-03-23
17
2,445 Views
Last Modified: 2012-05-11
I want to allow access through our firewall for external access to XenApp6.
Currently internal access works fine. I am unsure of the firewall rules required.
In the environment we have 1 XenApp web interface server and 4 Xenapp servers.

I have natted port 443 and 80 to the web interface server. I can access the login web page, login, view list of published apps. However when I try open an app, it halts through the final step in loading the app (See attached image).

 error
I am not sure if this is a firewall issue or a relay setting that is incorrect on the Web interface that is halting this app from loading.
0
Comment
Question by:Mayogroup
  • 9
  • 4
  • 2
  • +2
17 Comments
 
LVL 36

Expert Comment

by:Carl Webster
ID: 35197167
If you are not using Citrix Secure Gateway, then you need to configure AltAddr (which is not secure in any form).

http://dabcc.com/Webster/AltAddr
0
 
LVL 19

Expert Comment

by:basraj
ID: 35197207
For external access, try this:

To configure internal firewall address translation

If you are using a firewall in your deployment, you can use the Web Interface to define mappings from internal addresses to external addresses and ports. For example, if your Citrix server is not configured with an alternate address, you can configure the Web Interface to provide an alternate address to the Citrix plugin. To do this, use the Edit secure access settings task.

   1. In the Access Management Console, click Manage secure access > Edit secure access settings.
   2. On the Specify Access Methods page, click Add to add a new access route or select an entry from the list and click Edit to edit an existing route.
   3. From the Access method list, select Translated.
   4. Enter the network address and subnet mask that identify the client network. Use the Move Up and Move Down buttons to place the access routes in order of priority in the Client device addresses table and click Next.
   5. On the Specify Address Translations page, click Add to add a new address translation or select an entry from the list and click Edit to edit an existing address translation.
   6. In the Access Type area, select one of the following options:
          * If you want the Citrix plugin to use the translated address to connect to the Citrix server, select Client device route translation
          * If you already configured a gateway translated route in the Client device addresses table and want both the plugin and the gateway server to use the translated address to connect to the Citrix server, select Client device and gateway route translation
   7. Enter the internal and external (translated) ports and addresses for the Citrix server. Plugins connecting to the server use the external port number and address. Ensure that the mappings you create match the type of addressing being used by the Citrix server.

http://support.citrix.com/proddocs/index.jsp

0
 

Author Comment

by:Mayogroup
ID: 35197444
Thanks for that. regarding point 7, as I have used all default settings during the setup, I assume I enter port 443?
0
 
LVL 19

Expert Comment

by:basraj
ID: 35198315
I'm not confident on that.. I would request you to test both  443 and 80, if one doesn't work.
0
 

Author Comment

by:Mayogroup
ID: 35203081
Still no good. Tried both ports.
0
 
LVL 36

Accepted Solution

by:
Carl Webster earned 500 total points
ID: 35203121
Did you open 1494 or 2598 (session reliability)?  Both TCP BTW.
0
 

Author Comment

by:Mayogroup
ID: 35203307
Correct. They both Nat to the Citrix Web interface server.
0
 
LVL 10

Expert Comment

by:Muzafar Momin
ID: 35205600
open ldap and DNS port
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Mayogroup
ID: 35205763
nat to the web interface sserver?
0
 

Author Comment

by:Mayogroup
ID: 35205975
no go.
0
 

Author Comment

by:Mayogroup
ID: 35206036
I think I can rule the firewall out as the issue.
I have natted all ports to the web interface server. Same result. Must an issue with how I can configured the address translation on the web interface.
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 35206344
Are you using AltAddr, CSG or CAG?
0
 

Author Comment

by:Mayogroup
ID: 35211181
neither.
Should I be? I defitinely dont have a CAG and I dont think I am licensed for CSG.
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 35211292
If you aren't using AltAddr or CSG then the external clients are receiving the internal IP address of your server.

http://dabcc.com/Webster/AltAddr
0
 
LVL 2

Expert Comment

by:atigris
ID: 35211379
Well this is how I got it to work, how this will help.

use Traslated

 Secure Access Setup
Then add the required ports:

 Ports
enable ports forwarding in the firewall:

 ports forwarding
You should be able to ping your domain name and telnet to port 80 and 1494 from outside.

Good Luck
0
 

Author Comment

by:Mayogroup
ID: 35230911
still not getting anywhere with this.
0
 

Author Comment

by:Mayogroup
ID: 35230921
FYI I have installed the CSG and still seem to have the same issue. The issue must be on the WI.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
#Citrix #Citrix Policies #XenDesktop #VDI #POC #Citrix Univeral Printer Driver #Citrix UPD
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now