Hi, Yes, Both the rules are there. The Source port range is 1024 -65534
The citrix is going through a 3DES tunnel(cisco) and lands on the firewall. The firewall allows first six sessions and blocks any more sessions. The customer has openend a TAC case with Cisco , Citrix and CP. Regards Rama What rules do you have for Citrix? Do you have services for both TCP 1494 and UDP 1604 with source port ranges from 1024-9999? This what I have setup and I've never had a problem from CP 4.0 thru 4.1 SP4. Also are you also using the /altaddr on the Citrix server when trying this? Rich -----Original Message----- From: Ramakrishnan [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 01, 2001 12:11 AM To: [EMAIL PROTECTED] Subject: [FW-1] A strange problem with citrix connection through CP -1 SP2 Hi all, One of our customers have a strange problem in allowing citrix client through his firewall. The web client of citrix works fine through the firewall. But if the native citirx client is used , the firewall responds requests to 5 to 6 sessions and do not allow sessions there after. Even if the sessions are disconnected and retried , the sessions do not get established. If we restart the firewall , then it allows 6 more sessions. We have changed the source port range, removed NATting . Still the problem continues. We understand that the FW stops dropping packets. Has anybody faced similar problems. Please suggest a solution. THe option of upgrading the SP is ruled out. A ticket has been opened in citrix and CP for the same. Any ideas Rama __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
