trojan81
asked on
citrix web interface source
Experts,
Follow me here.
Behind Firewall 1, I have a citrix web interface and xenapp servers. I log into the web interface and get presented my applications. Application-1 is published on a xenapp server behind firewall 2.
If I click on application-1, traffic needs to be permitted inbound on firewall 2 to reach the xenapp server. My question is, what is traffic going to source out of? Will it source out of the WI server behind F1, the Xenapp behind Fw1, the client's own IP?
I'm a network engineer, not a citrix guy. This is just a question I've been wondering.
Follow me here.
Behind Firewall 1, I have a citrix web interface and xenapp servers. I log into the web interface and get presented my applications. Application-1 is published on a xenapp server behind firewall 2.
If I click on application-1, traffic needs to be permitted inbound on firewall 2 to reach the xenapp server. My question is, what is traffic going to source out of? Will it source out of the WI server behind F1, the Xenapp behind Fw1, the client's own IP?
I'm a network engineer, not a citrix guy. This is just a question I've been wondering.
If you have firewall between your clients and XenApp servers then you need to open the ports 1494 and 2598 (session reliability) [I think basraj made a typo with 1498 instead of 1494] as the clients will be passed the direct IP through ICA of the XenApp servers. In addition you will require to open port 80 for communication with the Web Interface. However if the communication is over SSL then port 443 will need to be opened.
If you have a firewall between your XenApp servers and Licensing server then you will also need to open port 7279 (Citrix vendor deamon port) to be able to acquire Citrix licenses. and port 27000 (for license management).
If you have a firewall between your XenApp servers and Licensing server then you will also need to open port 7279 (Citrix vendor deamon port) to be able to acquire Citrix licenses. and port 27000 (for license management).
ASKER
yes guys I'm aware of the ports. My question is about the source IP. What will it be sourcing from? Sourcing from the wi server, client's IP?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you guys. Yes indeed traffic sources from the client after it receives the ica file.
One thing to add..
basraj put up a quote here..
This is not accurate. The STA ticket is always used and has been for a long time (since the XML broker was first introduced).
The ticket is 120 bit number that is unique and generated for each session. The STA records the ticket generated, and the WI server embeds the ticket in the ICA file. When the client initiates the session, it sends the ticket to the server which in turn sends it to the STA for validation.
Coralon
basraj put up a quote here..
If https is used, it also gives out a STA ticket along with ica file.
This is not accurate. The STA ticket is always used and has been for a long time (since the XML broker was first introduced).
The ticket is 120 bit number that is unique and generated for each session. The STA records the ticket generated, and the WI server embeds the ticket in the ICA file. When the client initiates the session, it sends the ticket to the server which in turn sends it to the STA for validation.
Coralon
Thanks for correcting Coralon..
1498
2598 (is session reliability is enabled)
2. WI gives out the Citrix IP directly to the client devices in form of ICA, so client will get connected using the xenapp ip. Even if WI goes down, the existing sessions will not get affected as. If https is used, it also gives out a STA ticket along with ica file.
If NAT is used to translate between WI and Xenapp Servers, then additionally you have to go to Citrix web interface control, manage secure access section, which gives out an option to enter the translation information such external IP and external port, internal ip and internal port.