Citrix web over proxy

Unanswered Question
Oct 5th, 2009
User Badges:

I have several websites which host an application using Citrix protocol. From access logs, I see them allowed but they got another popup screen asking for authentication. Anyone have technical brief/docs to allow Citrix?

Example:
1254347830.691 476 10.13.128.45 TCP_CLIENT_REFRESH_MISS/200 14358 CONNECT tunnel://desktop.graincorp.com.au:443/ "GAS\[email protected]-AD-DOMAIN" DIRECT/desktop.graincorp.com.au application/octet-stream OTHER-NONE-AD_AUTH-NONE-NONE-DefaultRouting <Busi> - "6" "0" "0" "0" "0" "5" "4" "0"

1254347830.691 12 10.13.128.45 TCP_CLIENT_REFRESH_MISS/200 40 CONNECT tunnel://desktop.graincorp.com.au:443/ "GAS\[email protected]-AD-DOMAIN" DIRECT/desktop.graincorp.com.au - OTHER-NONE-AD_AUTH-NONE-NONE-DefaultRouting <Busi> - "5" "0" "0" "0" "0" "4" "4" "0"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
khoanguy Mon, 10/05/2009 - 22:43
User Badges:

Disable authentication for specific clients and test again, you might need to disalbe authenticaiton for such third-party app.

If the accesslogs show that connection to the Citrix ip ranges get a "504", then network administrator need to modify firewall to allow ports: 8200, 443, 80 from the Ironport.

From Citrix White Paper:

In addition, for connectivity optimization tasks, the endpoint software initiates one or more short-lived TCP connections on ports 8200, 443 or 80 that are not SSL protected. These network “probes” do not contain any sensitive or exploitable information and present no risk of sensitive information disclosure.

Citrix Online Server / Datacenter IP Addresses for Use in Firewall Configurations
Equivalent Specifications in 3 Common Formats
Citrix Online Assigned Range by Block*
Numeric IP Address Range Netmask Notation CIDR Notation
Block 1 216.115.208.0 - 216.115.223.255 216.115.208.0 255.255.240.0 216.115.208.0 / 20
Block 2 216.219.112.0 - 216.219.127.255 216.219.112.0 255.255.240.0 216.219.112.0 / 20
Block 3 66.151.158.0 - 66.151.158.255 66.151.158.0 255.255.255.0 66.151.158.0 / 24
Block 4 66.151.150.160 - 66.151.150.191 66.151.150.160 255.255.255.224 66.151.150.160 / 27
Block 5 66.151.115.128 - 66.151.115.191 66.151.115.128 255.255.255.192 66.151.115.128 / 26
Block 6 64.74.80.0 - 64.74.80.255 64.74.80.0 255.255.255.0 64.74.80.0 / 24
Block 7 202.173.24.0 - 202.173.31.255 202.173.24.0 255.255.248.0 202.173.24.0 / 21
Block 8 67.217.64.0 - 67.217.95.255 67.217.64.0 255.255.224.0 67.217.64.0 /19
Block 9 78.108.112.0 - 78.108.127.255 78.108.112.0 255.255.240.0 78.108.112.0 /20

Actions

This Discussion