PS4 .............which ports to open?, in the Citrix XenApp / Presentation Server forum on BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.

PS4 .............which ports to open?, in the Citrix XenApp / Presentation Server forum on BrianMadden.com

rated by 0 users
Not Answered This post has 0 verified answers | 3 Replies | 0 Followers

Not Ranked
Points 480
N M posted on Sun, Aug 12 2007 7:18 AM
I'm doing some testing with Web Interface and currently getting a bit stuck in regards to which ports to open.

Internally the Web INterface works fine and the apps run without any problems.

Externally, I can get to the WI page with the apps, but the Apps won't actually run. Once I click on the App and launch it, the citrix splash screen gets stuck on "Connection in Progress", eventually which leads to an error popup saying that there is no Presentation Server configured on the specified address.


I am thinking that maybe its an issue with the ports on the firewall ...so far I have ports 1494, 1604, and 80 open. Thanks.

  • | Post Points: 20

All Replies

Top 10 Contributor
Points 88,220
I would highly, HIGHLY recommend using Citrix Secure Gateway (it's free on your downloads/CD's). You are exposing your internal network and this is a huge security hole. The only port you need open then to your dmz is 443 from the outside. Very very secure.

As to your problem, you need to assign an altaddr to each presentation server. This means each server needs it's own external IP address. As well, you need to create rule in WI that specifies external IP addresses will use NAT'd addresses. This typically doesn't always work because many companies use the 10. and 192. private addresses the same as home networks do. So your solution is to setup a secondary WI box that will be used for external users only. Then you change the default rule to use NAT addresses only.

again, bad idea, use CSG.
  • | Post Points: 20
Not Ranked
Points 480
N M replied on Mon, Aug 13 2007 8:38 AM
thanks for the advice. yes indeed CSG is definitely what we need.

I am just trying to do some testing, and I find it easier after hours (from home) then actually internally.

If we don't use a CSG and Web Interface: can we have remote sites connect via VPN and just instruct users to browse the program neighbourhood application set?? if so, this will still use the native load balancing right?

thanks.
  • | Post Points: 20
Top 10 Contributor
Points 48,811
Yes, load balancing should work regardless of how you connect. Depending on the connection speed, you may find a bit of a performance hit using the VPN. I have seen degradation in the past, simply because of the double compression and double encryption going on.

Why is it called "Common Sense"? It doesn't seem all that common!

  • | Post Points: 5
Page 1 of 1 (4 items) | RSS