Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
216
Views
0
Helpful
1
Replies

Citrix and Pix525

clabatte
Level 1
Level 1

‎12-24-2002 09:30 AM - last edited on ‎03-25-2019 04:59 PM by Community Manager

I am looking for the best practice configuration for Firewalls with Citrix MetaFrameXP.

Any ideas, comments, suggestions , please feel free to reply back.

Thanks in advance for helping out.

Labels:
0 Helpful
1 Reply 1

tvanginneken
Level 4
Level 4

‎12-24-2002 09:56 AM

Hi,

I suppose you want to configure inbound Citrix MetaFrame connections?

All you have to do is to add a static translation for the internal Citrix Server and create an access-list to allow the incoming traffic.

If the private ip address of the citrix server would be A.B.C.D, and the public address W.X.Y.Z. Then add the following lines to your config:

static (inside, outside) W.X.Y.Z A.B.C.D netmask 255.255.255.255

access-list citrix_in permit tcp any host W.X.Y.Z eq citrix-ica

access-group citrix_in in interface outside

This will allow all ica-clients on the internet to connect to the Citrix Server.

If you are using a webbrowser and Citrix NFUSE to connect to your Citrix server, you will have to add this line to allow the incoming http traffic towards the NFUSE server:

access-list citrix_in permit tcp any host ip_address_nfuse_server eq http

This should do it :-)

Kind Regards,

Tom

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents