[THIN] Re: One-Hop Secure Gateway implementation

  • From: kevin.mcphail@xxxxxxxxxxx
  • To: thin@xxxxxxxxxxxxx
  • Date: Fri, 8 Oct 2004 13:47:32 -0400 

Hi Jeff, I have confirmed that connections are going through the Secure
Gateway, although netstat -an is handier then using the IOS sh conn command
at the firewall for getting to the information quickly. Users are able to
use the gateway just fine and the only possible path through the firewall is
from outside to SG to MPS. The only thing that is not working is the display
of active connection in the mmc for SG (a nice feature that I would like to
have working). Any other suggestions.

 

  _____  

From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx] 
Sent: Thursday, October 07, 2004 5:47 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: One-Hop Secure Gateway implementation

 

The first thing to do is verify that the clients are actually connecting to
the MetaFrame servers through the SG. Use 'netstat -an' on each box to
verify the connections you're getting. On the SG/WI, you should see inbound
TCP 443 connections from your clients and outbound connections to TCP 1494
on your MetaFrame servers. On the MetaFrame servers, you should see the TCP
1494 connections from the SG/WI only.

 


  _____  


From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of kevin.mcphail@xxxxxxxxxxx
Sent: Thursday, 7 October 2004 1:07 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] One-Hop Secure Gateway implementation

Hi guys, I finally got around to upgrading to Secure Gateway 2.0 and WI 3.0.
After following the Citrix document of assigning 2 ip addresses to the
server and setting disablesocketpooling = true; then troubleshooting why
that did not work and finding that IIS 6.0 does not use that Boolean and
instead has a support tool for setting IIS to listen to only one address;
then realizing that the Citrix document is outdated and no longer necessary,
then trying to figure out how to undo everything I did, I finally got Secure
Gateway and WI working on the same box and connections work great.
Unfortuantely the Secure Gateway MMC does not seem to work correctly.
Hopefully this is not because of one of the changes I made. Anyway when I
look at http/s or ICA connections in the MMC the list is always empty. If I
look at sh conn on the firewall I can see that the users are establishing
connections to Citrix through the gateway just fine but for some reason the
MMC tool is not registering this. Anyone have any suggestions? One of the
things I was most excited about was the ability to easily see who is
connected through the gateway and it is broken. :-(

Other related posts:

  1. Home
  2. thin
  3. Archive
  4. 10-2004