Firstly, Citrix are now standardising on port 7279 for licensing server 11.5 and above, and it's already a static port. If you are using earlier versions of the licensing server, use this port instead of 27001, or whatever. Less firewall work to worry about when you upgrade.
Secondly, you should read the licensing admin guides and whitepapers, as they explain in detail how it all works. The Citrix product first communicates with the licensing server on TCP 27000. Then depending on the VENDOR CITRIX options settings, it will determine what port to use from there. If this is not set, it will use a port in the range of 27001 to 27009.
Cheers,
Jeremy.
________________________________
From: thin-bounce@freelists.org on behalf of James Scanlon
Sent: Fri 20/03/2009 4:12 PM
To: Thin
Subject: [THIN] Re: Citrix License Server - Firewall
I have found this article http://support.citrix.com/article/CTX103356
It mentions changing the citrix daemon port which all seems easy enough, but what i dont understand is how the connecting server (requesting the license) knows the new port to it is to converse on?? or does the LMGRD send this detail after the initial contact?
Thanks again!
James
________________________________
From: joe.shonk@gmail.com
To: thin@freelists.org
Subject: [THIN] Re: Citrix License Server - Firewall
Date: Thu, 19 Mar 2009 22:03:38 -0700
Not sure about the AG, but the other products also connect on a high port. This can be set statically on the license server.
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of James Scanlon
Sent: Thursday, March 19, 2009 9:59 PM
To: Thin
Subject: [THIN] Citrix License Server - Firewall
Greetings List Champions!
Hopefully here is another easy one.
We are trying to get our Access Gateway 4.5.7 to talk to our inside citrix license server.
Setup:
Internet Firewall > Access Gateway > DMZ Firewall > License Server
Naively I assumed that it would be as easy as opening TCP port 27000 on Firewall2 into the license server? End of story..
We have currently just opened TCP 27000 from AG to License Server without any success thus far...
Is there a reverse rule that will need to be allowed for the return traffic from the license server to the AG?
Cheers
James
________________________________
Explore the new Windows Live. Looking for a place to manage all your online stuff? <http://www.microsoft.com/australia/windows/windowslive/>
________________________________
Find car news, reviews and more Looking to change your car this year? <http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F859641&_t=762955845&_r=tig_OCT07&_m=EXT>
#####################################################################################
Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you.
#####################################################################################
No comments:
Post a Comment