Hi I'll look up this information soon. I'm not personally working with Citrix, only Firewall-1. :)
Our services on the other hand is just tcp 1494. No source port range or protocol type and fast mode is not checked. The udp 1604 service does not have a source port range either. I did read a paper on www.citrix.com about adding source port range to the service. And from the Lanze's paper it looks like fast mode could be the sollution. In NG tcp 1494 is called WinFrame and it does not have a source port range. Protocol type here is WinFrame. Udp 1604 is not predefined. Could be a good idea to try this out. :) Regards, Torkel > -----Original Message----- > From: Pulver, Richard [mailto:[EMAIL PROTECTED]] > Sent: 7. oktober 2002 16:26 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Citrix drops connection when we install rulebase > > > Torkel, > > What version of Citrix are you using? How are you > launching the > applications through Citrix - are you using .ica files or Program > Neighborhood? I had the same problem for a while using .ica > files with the > web client. I had to create two new services for ICA traffic > which I called: > > citrix_tcp (TCP Service) > Port: 1494 > Source Port Range: 1024-65356 > Protocol Type: URI > Fast Mode: Checked > > citrix_udp (UDP Service) > Port: 1604 > Source Port Range: 1024-65356 > > This solved some of the other problems I was having as well > as stabilizing > Citrix connections during policy pushes. Not sure if you have > this already > setup or not, but it may help. > > Rich > > > -----Original Message----- > From: Torkel Mathisen [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 07, 2002 9:59 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Citrix drops connection when we install rulebase > > > Hi > > I've read this paper, but I didn't think the users would actually > loose the connection. I know that FW-1 clears the connectiontable > and all that, but it also build it up again when the session > continues. > > From the paper: > > "When you push a new rulebase the state table is cleared. However, > you will not lose any of your established connections while pushing a > new rulebase." > > A bit futher down: > > "... Firewall-1 maintains state of what connection were active prior > to the new rule push. This old state table is maintained as > old_connections." > > We don't have this problems with other protocols. Its just Citrix. > They actually loose the connection. When we use Windows terminal > client we don't get disconnected. I would guess the firewall builds > the connections up again and that this is transparent for the users. > > With Citrix this doesn't happen. Its very frustrating for our users > when they are working with something and suddenly have to reconnect. > And possibly even get connected to a different server than before and > loose their work. > > The sollution you refer to is clicking on "Fast Mode" for ICA > (tcp 1494)? > What about icabrowser (udp 1494)? > > Regards, > Torkel > > > > > -----Original Message----- > > From: Lars Troen [mailto:[EMAIL PROTECTED]] > > Sent: 7. oktober 2002 15:20 > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] Citrix drops connection when we install rulebase > > > > > > Torkel, > > http://www.enteract.com/~lspitz/fwtable.html > > > > This is a nice paper describing what's going on. The state > > table is flushed when you install a policy, but if you read > > further you can see there's still hope. :) > > > > Lars > > > > > > > > > -----Original Message----- > > > From: Torkel Mathisen [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, October 07, 2002 14:18 > > > To: [EMAIL PROTECTED] > > > Subject: [FW-1] Citrix drops connection when we install rulebase > > > > > > > > > We have a problem here with Citrix being dropped when we install > > > the rulebase. > > > > > > The users have Citrix clients up at all time, but whenever we > > > install the rulebase on the firewall the connection is dropped > > > and they have to connect again. > > > > > > Anyone have any experience with this? > > > > > > We haven't done anything special in the firewall. Only a rule that > > > accept Citrix (1604 and 1494). > > > > > > Regards, > > > Torkel > > > > > > ================================================= > > > To set vacation, Out Of Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
