citrix xenapp published applications

trojan81
trojan81 used Ask the Experts™
on
Hi experts,

Scenario:

Xenapp server is on dmz1

Server1 is on dmz2

Users inside the network need to be able to RDP to server1 via a published citrix Icon on their web interface site.

Assume firewall rules are allowed for users to reach the xenapp server.  Assume dmz1 and dmz2 can only talk to each other after being permitted by an ACL.

Would it just be RDP port 3389 that would need to be allowed between the xenapp server and dmz1 in order to get a rdp icon published?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Your description is a bit confusing and i believe you gave the inverse of the situation at hand in your last sentence. If Xenapp is in DMZ1 and Server1 is in DMZ2 and user's have access to a WI which is populated by Xenapp, then it sounds as though users can launch Xenapp applications just fine. Assuming this, the only RDP communication via port 3389 that will take place is from the Xenapp server to whatever location it needs to go (i.e. Server1), all users will be connected via port 1494 to Xenapp and then the MSTSC.exe application will utilize the Xenapp server network interface to communicate to DMZ2 so you can lock down 3389 between Xenapp and Server1 in their respective DMZ(s).

Author

Commented:
Its_A_V_Trap that was exactly the answer I was looking for.  I apologize if I didn't explain it correctly but you understood and interpreted it perfectly. Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial