Or you can change the ICA port to 80, and only use the RSA RC5 128 encryption that comes with MF. Of course that doesn't take care of your browser ports being open and the XML ports will have to be on a different port, etc. Basic rule of thumb is two ports. The remote update works but is not real good in all environments. I don't trust it and instead use updates from an nfuse webpage as much as possible. No. I wont push other software. For printers and drives, Yes they will map like any other connection.=20 In one location I did a funky setup where each Citrix server had two listeners. One for internal one for external. I then used the XML DNS address resolution feature to have external DNS map to the External listeners and internal DNS map to the internal listener. Then when users connected through the CSG from the outside they got a shorter set of time outs and not printers or drives, but internal users got everything with long time outs. I wouldn't suggest trying that for your first setup. It was complicated and required some mappings on the NFuse side and other stuff. Ron Ron Oglesby Senior Technical Architect =20 RapidApp Office 312.372.7188 Mobile 815.325.7618 email roglesby@xxxxxxxxxxxx =20 -----Original Message----- From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]=20 Sent: Wednesday, June 11, 2003 8:28 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Citrix Through Port 80? Well port 80 will be unencrypted unless using something like IPSEC or some kinda VPN type encryption. Neil > -----Original Message----- > From: Jacob Walker [mailto:ctxrulez@xxxxxxxxxxx]=20 > Sent: 11 June 2003 14:23 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Citrix Through Port 80? >=20 > Perhaps someone can enlighten me. We've only ever=20 > administered Citrix=20 > servers internally, so we have no experience with enabling=20 > Citrix through=20 > the Internet. >=20 > We have some employees that want to connect to another=20 > company's Citrix=20 > application, and our security personnel have some concerns. =20 > This external=20 > company says that they can send the traffic solely through=20 > port 80, but I do=20 > not believe they are using CSG. How is this possible? Are there any=20 > security holes? >=20 > Our security personnel also know about Citrix's ability to=20 > force a client=20 > upgrades and have wondered if other software could be pushed=20 > to a client=20 > through this mechanism. And, they have concerns about our=20 > client drives and=20 > printers being mapped to this remote system. Do client=20 > upgrades work from=20 > remote systems and how is it accomplished? Could other software be=20 > distributed through the client upgrade mechanism? Do client=20 > drives and=20 > printers map when using Citrix servers remote to your network? *********************************************************************** This e-mail and its attachments are confidential and are intended for=20 the above named recipient only. If this has come to you in error,=20 please notify the sender immediately and delete this email from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily=20 represent those of Littlewoods. Please note that email communications=20 may be monitored.=20 The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.=20 Registered number of Littlewoods Limited is 262152=20 *********************************************************************** ******************************************************** This weeks sponsor - Emergent Online 99Point9.com Designed to facilitate efficient resolution of your technical server-based questions, issues and incidents, technical support is a few mouse-clicks away: you submit your incident-specific support requests via our online support helpdesk, our certified engineers resolve them while you monitor the progress, and your systems get back to 99.9% up-time in no time. http://www.99point9.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This weeks sponsor - Emergent Online 99Point9.com Designed to facilitate efficient resolution of your technical server-based questions, issues and incidents, technical support is a few mouse-clicks away: you submit your incident-specific support requests via our online support helpdesk, our certified engineers resolve them while you monitor the progress, and your systems get back to 99.9% up-time in no time. http://www.99point9.com ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm