NetMAXFAQ: How do I use a Citrix ICA client behind a NetMAX firewall?

NetMAXFAQ :

Non-NetMAX Application Hints :
How do I use a Citrix ICA client behind a NetMAX firewall?

Applies to: All versions of NetMAX
address-suppressed

This FAQ is for allowing Citrix ICA clients to pass through a NetMAX firewall.

Overview
In order for the Citrix ICA client to access the winframe server your internal machines must have routable IP addresses. This means, in short, that the machine running the ICA client MUST NOT have an IP address that starts with 10. or one that starts with 192.168., or one that starts with 172.16.0.This can be accomplished by configuring NetMAX as a proxy ARP. Please refer to the FAQ on setting up Proxy ARP on our knowledge base under Advanced Configuration. Seriously. To allow Citrix ICA client traffic to pass through the firewall you must open these ports:

TCP/IP outbound 1494
65535 UDP outbound 1604
UDP inbound from 1023 to 65535
Firewall Rules Required for an Internal Citrix ICA client
1. Firewall Rule for TCP/IP outbound 1494
  1. In the NetMAX interface go to |Home|Network|Interface
  2. In interfaces click on the pencil for the NIC card which has your external (routable) IP address.
  3. Scroll down to Firewall configuration and select the radio button for "Use independent Configuration." Then click on the Configure button.
  4. In editing your firewall click on the "Custom" tab and click the "CREATE" button.
  5. Make sure that "Enable Rule" is selected and give the rule a description like, "ICA outbound 1494."
  6. Select "Output" for category with the action of "accept."
  7. Click the "Address" tab and select "TCP" for the protocol.
  8. For the source address select "Use Network(s) of this NetMAX server" without any source port.
  9. For destination address select "Any" and enter "1494" and click the "+" for Destination Port.
  10. Now yo have entered all necessary items for the custom rule "ICA outbound 1494." Click "Return"
2. Firewall Rule for UDP outbound 1604
  1. Still editing firewall rules under the "Custom" tab click the "CREATE" button.
  2. Make sure that "Enable Rule" is selected and give the rule a description like "ICA outbound 1604."
  3. Select "Output" for the category with the action of "accept"
  4. Click the "Address" tab and select "UDP" for the protocol.
  5. For the source address select "Use Network(s) of this NetMAX server" without any source port.
  6. Select any for the destination address and add "1604" and click the "+" for Destination Port.
  7. You have now entered all necessary items for the custom rule "ICA outbound 1604." Click "Return"
3. Firewall Rule for UDP inbound from 1023 to 65535
  1. Still editing firewall rules under the "Custom" tab click the "CREATE" button.
  2. Make sure that "Enable Rule" is selected and give the rule a description like, "ICA inbound from 1023 to 65535."
  3. Select "Input" for the category with the action of "accept."
  4. Click the "Address" tab and select "UDP" for the protocol.
  5. Select "Any" for the source address without any source port.
  6. Select "Use Network(s) of this NetMAX server" for the destination address.
  7. For Destination Port enter "1023 - 65535" and click the "+" button to add it.
  8. You now have all the necessary items for the custom rule "ICA inbound from 1023 to 65535." Click the "Return" button and once you get back to the "Custom" tab under editing firewall click the "Store" button. After you click the "Store" you will be brought back to editing your external interface. Click the "Store" button once more then click "Commit." After you commit the changes you have made to your firewall you will be able to use your Citrix ICA client behind the NetMAX firewall which is doing proxy ARP.
  address-suppressed

How do I use Microsoft FrontPage® to maintain the web site on my NetMAX WebServer product?

This document is: http://www.netmax.org/cgi-bin/fom.cgi?file=405

	[Search]	[Appearance]
This is a Faq-O-Matic 2.721.

This FAQ administered by ...Cybernet Systems Corp.