Checklist for Connecting to a Citrix Server by ICA Link on Web Page

Synopsis:
The recommended set up for this Web Computing Solution is to have your Web server outside the firewall and have your Citrix servers inside the firewall.

Details:

Checklist

Firewall

1. A valid external IP address(es) has been mapped to the Citrix server(s) inside the firewall.

2. Port 1494 for TCP/IP is opened.

3. Port 1604 for UDP is open Inbound on the firewall.

4. Port 1023 and above (The High Ports) are opened for TCP and UDP outbound.

Citrix Server

Run the ALTADDR utility on the Citrix server(s). Each Citrix server that is mapped from the firewall must be mapped to the corresponding address on the firewall. This is done from the command line and must be done from each Citrix server that is mapped to an alternate address.

Example: ALTADDR /SET InternalIPAddress ExternalIPAddress

Given that the internal IP address of a Citrix server is 10.3.2.1 and the firewall has mapped an External IP address of 208.140.11.10, from that Citrix server you would specify at a command line:

ALTADDR /SET 10.3.2.1 208.140.11.10 The ICA File

After you publish the application and select to write an ICA file, you must make the necessary modifications in order to connect to the published application.


Example of an ICA File That Has Not Been Modified

[WFClient]
Version=2
TcpBrowserAddress=10.3.2.1 (internal IP address of the server)
TcpBrowserAddress2=10.3.2.218 (internal IP address of another server on network)
IpxBrowserAddress=0:000C04C7F09C
IpxBrowserAddress=0:009987CF80FD
NetBiosBrowserAddress=WHATEVER
NetBiosBrowserAddress2=DAKOTA
[ApplicationServers]
PubAppName=

[PubAppName]
Address=PubAppName
InitialProgram=#PubAppName
DesiredHRES=640
DesiredVRES=480
DesiredColor=2
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0

The Same ICA File Modified to Work

[WFClient]
Version=2
TcpBrowserAddress=208.140.11.10 (External IP Address of the Citrix Server)
UseAlternateAddress=1 (this has been added for address translation)


[ApplicationServers]
PubAppName=

[PubAppName]
Address=PubAppName
InitialProgram=#PubAppName
DesiredHRES=640
DesiredVRES=480
DesiredColor=2
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0

NOTE: We have removed the NetBiosBrowserAddress, NetBiosBrowserAddress2, and both the IpxBrowserAddress and IpxBrowserAddress2. These are not needed and it is recommended that these be removed, leaving only one TcpBrowserAddress entry.

Security is always an issue with Web computing. Citrix offers SecureICA Services that can be used to encrypt data that is transported between the client and the server. This is an excellent solution for this type of computing environment.


Other related notes that can be found on the Citrix on-line Knowledge Base
Empowering Your Web Site with WinFrame
Using Firewalls with WinFrame
SecureICA Technical Review
ICA Browsing with Firewall Address Translation (NAT)
File Name: None at this time Posted on FTP/BBS: Not Posted

Product: All Ver. All Build All:English US
Category: Citrix ALE ; General Information
Date: 09/16/99 12:36:22 PM
Date Updated: 09/24/99