Mallesons Stephen Jaques www.mallesons.com Confidential communication i'll agree having just gone thru a rollout of 2000 users on unknown home computers = coming in thru CSG NFUSE 1.7 and williamette, my helpdesk hates me. so many things that need to go on a pc somethime like the 128bit = encryption pack for IE , or the ica client wont push fast enuf down a = crap modem line. etc etc. but i guarentee 100% connection success as long as the user installs the = required patches /updates. we support win 95 / ie4 and up, mac os9 and osx either thru local = client or java client. we also can get our users in from our client companies networks which is = always the biggest challenge using java with hacked ini files with proxy = connection info.. but... IT WORKS :D roll on v7 java client=20 John -----Original Message----- From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx] Talk about a good post. The only piece I "disagree" with is this: - Traversing proxies and firewalls on the client side is much easier. Can you get to https://www.hotmail.com? Yes? You're set. And I don't think it is a disagreement really. More like a problem with the rev's of the ICA client that support the CSG up to the 7.0 production rev. Since the ICA client up to that point doesn't support NTLM authentication against a proxy you will not be able traverse a MS proxy using authentication to a CSG but you might get to the Hotmail site... Of course I get your point, and just wanted to raz you a bit by showing you a "disagreement" while not really disagreeing with you :-) Enjoy the weekend guys. As always, you guys smoke the other lists. Ron Ron Oglesby Senior Technical Architect =3D20 RapidApp Office 312.372.7188 Mobile 815.325.7618 email roglesby@xxxxxxxxxxxx =3D20 -----Original Message----- From: Carlos Sanabria [mailto:csanabria@xxxxxxx]=3D20 Sent: Friday, May 09, 2003 5:59 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CSG really necessary? Guys, I am truly amazed. I have seen the most admirable wisdom reading through the hundreds of messages I get in my inbox everyday, and though sometimes I do not agree with some opinions, well... That is the best thing of this list, getting a second opinion apart from yours is always valuable. Having said that, I think CSG is the best thing to come around since Velcro and burguers with guacamole on them! Here's my view on the topic: Pros ----- - More secure. No man-in-the-middle attacks, MF boxes in the Trusted networks, PKI Certificates, Hidden Ips. - Citrix Licensing cost: $0 - Hardware + M$ licensing cost: $0 to begin with, but you could build a more robust infrastructure with very little money.(see note below). - Traversing proxies and firewalls on the client side is much easier. Can you get to https://www.hotmail.com? Yes? You're set. Cons ---- - If you're paying a consultant to help you out, she will probably add a couple of $$ for the extra time. - If you're using a private CA, installing the CA Root certificate on the clients, if you have the dough, go with public CA certificates. - Nfuse will be your only client option, unless you choose Relay Mode, but your MF box's Ips would not be hidden. - No Automatic Client Reconnect, again, unless you choose Relay Mode. Note ---- You're probably wondering about the $O hardware choice... Here's how: - Nfuse/CSG Box on the DMZ. - MF/STA boxes on the trusted network. The down side, of course, is that you end up with a single point of failure on the NFuse/CSG, but you could fix it with another Nfuse/CSG box and an external load balancer for the Nfuse page....=3D20 Anyway, we had quite an interesting discussion a couple of weeks back, whichs show another option to mix boxes... Oh well, I've rambled on to long... It's Friday, 6PM over here, so I am off. You guys have a very very good weekend... I think I will :) Carlos Sanabria, CCA, MCSA IT Consultant -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Scott Reichardt Sent: Thursday, May 08, 2003 1:05 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] CSG really necessary? Im using MF XP 1.0. If I have NFUSE 1.7 running on a DMZ using SSL encryption and everyone connecting to the published apps using secureica RC5 128 bit encryption, is a Citrix Secure Gateway really necessary? I'd rather not have to dedicate another box for a CSG if everything is already getting encrypted. ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.474 / Virus Database: 272 - Release Date: 4/18/2003 =3D20 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.474 / Virus Database: 272 - Release Date: 4/18/2003 =3D20 ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm