On Mon, 22 Nov 2004 17:17:18 +1300, you wrote: >HI Folks, > has anyone written a helper application like ftpsesame that will allow >citrix metaframe to work through a pf firewall?
Citrix did... ;-) It is called Citrix Secure Gateway(CSG) or their new name of Citrix Secure Access Manager(CSAM). Basically the server sits in the DMZ and only communicates on 443 with SSL for external users and it communicates from the CSG back to the Citrix servers a number of ways including SSL. http://www.citrix.com/site/PS/products/product.asp?familyID=%2019&productID=184 >Citrix first talks on port 1494 and negotiates a high numbered port >which the client then connects back to. You are correct, it depends on how you are setup and what servers need to communicate with external resources. If you require the use of an "alternate address" configuration you could end up having an inane range of ports which must be opened. What versions of Citrix are you using? Is this strictly for external users to access the internal applications? >I am going to be encouraging users to move to RDP but I need a short >term solution. There are a number of options depending on what the requirements are. Links: _HUGE_ resource on Citrix with links, white papers, etc Original web page http://www.dabcc.com/ThinSol/ New web page (click on Citrix Systems on the left) http://www.dabcc.com/DABCC/ CSG document http://support.citrix.com/servlet/KbServlet/download/134-102-7736/Windows_Secure_Gateway_Guide.pdf Mike