Citrix handles this via TCP port 443. It also depends on if you are using CSG, CAG or NetScaler in the DMZ. No matter what, CSG/CAG/NS pass 443 thru to the Web Interface which is usually in the internal LAN and WI contacts the XML Broker service on your Collector or Controller (XenDesktop or XenApp) which contacts a DC/GC server for auth purposes.
Citrix has docs for single and double firewall setups. I believe they also have docs for WI sitting in the DMZ but Ihave never seen anyone use it in that config. Thanks Webster > -----Original Message----- > From: David Lum [mailto:david....@nwea.org] > Sent: Thursday, March 14, 2013 1:49 PM > To: NT System Admin Issues > Subject: RE: Difference between port forwarding and DMZ > > Correct. How does Citrix handle this? Member server in the DMZ yes? > > -----Original Message----- > From: Webster [mailto:webs...@carlwebster.com] > Sent: Thursday, March 14, 2013 11:43 AM > To: NT System Admin Issues > Subject: RE: Difference between port forwarding and DMZ > > And you make swiss cheese of your firewall. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin