These
filter exceptions will allow the Citrix ICA client traffic and the
Citrix browser-based client traffic out of the BorderManager
firewall. Because Citrix has used two different client technologies,
one a stand-alone based client (ICA) and the other a snap-in
component of a web browser, different filter exceptions may be
required.
Figure 1 - FILTCFG -
Citrix Filter Exception for TCP Port 1494
This
filter exception allows the stand-alone ICA client to communicate
with a remote Citrix WinFrame / MetaFrame host outside the
BorderManager firewall. This stateful filter exception allows
protocol TCP, source ports 1024-65535, destination port 1494 to any
IP address. The filter exception is applied with a Source Interface
of the BorderManager private interface, and a Destination Interface
of the BorderManager public interface.
Figure 2 - FILTCFG -
Citrix Filter Exception for TCP port 1604
This
filter exception allows the browser-based (and later versions of the
stand-alone ICA) client to communicate with a remote Citrix WinFrame
/ MetaFrame host outside the BorderManager firewall. This stateful
filter exception allows protocol TCP, source ports 1024-65535,
destination port 1604 to any IP address. The filter exception is
applied with a Source Interface of the BorderManager private
interface, and a Destination Interface of the BorderManager public
interface.
|