Friday, March 13, 2009

[THIN] Re: Citrix WI/CSG in the DMZ.

exactly.

WI/CSG can talk to the lan through a route set on the FW enabling traffic to pass from the DMZ to LAN.

I then use policies to only allow certain ports/services to communicate from the DMZ to the LAN.

On Fri, Mar 13, 2009 at 5:12 PM, Steve Greenberg <steveg@thinclient.net> wrote:

I think in this case, if I understand it correctly, your WI needs to
reference the FQDN of the CAG instance and set the appropriate mode which I
think here is "Gateway Direct", that is, the web interface uses the SSL
encryption of the Gateway and can communicate to the gateway directly
without NAT-this assumes that the CSG and WI can talk the Citrix servers via
the LAN


Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale, AZ 85266
(602) 432-8649
www.thinclient.net
steveg@thinclient.net


-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of Harry Singh
Sent: Friday, March 13, 2009 12:56 PM
To: thin@freelists.org
Subject: [THIN] Re: Citrix WI/CSG in the DMZ.

What specifically inside WI should I look for ?

It's been a while since I tinkered with a WI config.

Thanks,


On 3/13/09, Joe Shonk <joe.shonk@gmail.com> wrote:
> Should work just fine..  Just make sure your WI rules are defined
correctly.
>
>
>
> Joe
>
>
>
> From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On
Behalf
> Of Harry Singh
> Sent: Friday, March 13, 2009 12:15 PM
> To: thin@freelists.org
> Subject: [THIN] Citrix WI/CSG in the DMZ.
>
>
>
> All --
>
> I'm changing the topology of our current DMZ environment and want to make
> sure that CSG works with NAT
>
> Below are hypothetical IP ranges.
>
> Incoming Connection >>> External IP >> DST-NAT >> 192.168.88.x
>
> There will be a route to allow traffic from DMZ to the Internal Network so
> Traffic originating from the DMZ can talk to the Citrix servers.
>
>
> External IP's
>
> 66.111.115.x/27
>
> Private IP's assigned to WI/CSG
>
> 192.168.88.10 + 192.168.88.11
>
> Citrix servers in Internal Network
>
> 192.168.5.1
>
>
>
>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
Thinlist MOBILE Feed
http://thinlist.net/mobile
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
Thinlist MOBILE Feed
http://thinlist.net/mobile
************************************************

No comments: