Paul,=20 As a caveat to what Joe said about CSG, I know that newer versions of Nfuse get around the issue you've mentioned, so that you can publish your apps to all servers still, but only set one server up with an altaddr and allow users to connect to it securely. Used in conjunction with CSG you only end up exposing your SSL, (and in the future TLS) ports to the public. =20 There are some very well known published application hacks that you should be aware of with your current setup however. Crafty hackers, can get the ability to run the app of their choice on your servers, just because you are allowing the XML and ICA ports directly to a terminal server.=20 I've found the following document to give a pretty good overview of both what hackers can do to gain access, and what you can do to secure your Citrix servers better. It's not bullet proof, but there are some good tips in here that you should keep in mind.=20 http://sh0dan.org/files/hackingcitrix.txt J -----Original Message----- From: Joe Shonk [mailto:JShonk@xxxxxxxxxxxxxx]=20 Sent: Friday, December 27, 2002 7:06 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: published apps through firewall. Yup... All 8 servers would need an external address and altaddr =3D setup... If you need all 8 servers external, I would suggest using CSG to =3D minimize your exposure. Joe -----Original Message----- From: Paul Beckman [mailto:pbeckman@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, December 27, 2002 8:00 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: published apps through firewall. I can not run altaddr /query... but when I run altaddr I get the =3D3D default xxx.xxx.xxx.xxx I do have it working for now... I have 8 servers total and had all = =3D3D eight server running the published app, so I unmapped 7 of them so that =3D =3D3D the only server that was running the app would be the one that had the = =3D =3D3D translated address. so far so good. =3D3D20 Thanks to everyone that has helped... -----Original Message----- From: Magnus [mailto:magnus@xxxxxxxx] Sent: Friday, December 27, 2002 8:49 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: published apps through firewall. When you type in altaddr /query from a cmd line are you getting the below Default 209.20.130.33 Or are you getting=3D3D20 192.168.111.23 209.20.130.33 magnus -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Beckman Sent: Friday, December 27, 2002 9:48 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: published apps through firewall. yeup -----Original Message----- From: Magnus [mailto:magnus@xxxxxxxx] Sent: Friday, December 27, 2002 8:41 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: published apps through firewall. Did you set the altaddr on the server. Also you stated that you changed the XML port, did you ensure that the new port was open on the firewall as well? =3D3D3D20 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Beckman Sent: Tuesday, December 24, 2002 10:13 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] published apps through firewall. I am running XP on W2k. I have 1494, 1604, and 80 with a public address translated to my internal Citrix IP. I can browse the apps but get an I/O error when trying to connect. If I put the public address in the server box on a custom ICA connection I can connect to the desktop. If I stop and restart the IMA service I can connect to the published apps once, but if I disconnect I can not reconnect. I have also put the XML port on a different port # We do not have IIS running on this server. and I also created open ports for another server and the same thing happens. I have been on the phone with Citrix and no luck. =3D3D3D20 Does anyone have = any ideas? =3D3D3D20 Thanks, Paul ***********************************************=3D3D3D20 This Weeks Sponsor: 99point9.com The 99Point9.com Online Tech Support=3D3D3D20 Helpdesk is the one-stop solution for all=3D3D3D20 your server-based computing needs.=3D3D3D20 http://www.99point9.com ************************************************ For Archives, to Unsubscribe, Subscribe or=3D3D3D20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ***********************************************=3D3D3D20 This Weeks Sponsor: 99point9.com The 99Point9.com Online Tech Support=3D3D3D20 Helpdesk is the one-stop solution for all=3D3D3D20 your server-based computing needs.=3D3D3D20 http://www.99point9.com ************************************************ For Archives, to Unsubscribe, Subscribe or=3D3D3D20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ***********************************************=3D3D20 This Weeks Sponsor: 99point9.com The 99Point9.com Online Tech Support=3D3D20 Helpdesk is the one-stop solution for all=3D3D20 your server-based computing needs.=3D3D20 http://www.99point9.com ************************************************ For Archives, to Unsubscribe, Subscribe or=3D3D20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ***********************************************=3D3D20 This Weeks Sponsor: 99point9.com The 99Point9.com Online Tech Support=3D3D20 Helpdesk is the one-stop solution for all=3D3D20 your server-based computing needs.=3D3D20 http://www.99point9.com ************************************************ For Archives, to Unsubscribe, Subscribe or=3D3D20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ***********************************************=3D20 This Weeks Sponsor: 99point9.com The 99Point9.com Online Tech Support=3D20 Helpdesk is the one-stop solution for all=3D20 your server-based computing needs.=3D20 http://www.99point9.com ************************************************ For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ***********************************************=20 This Weeks Sponsor: 99point9.com The 99Point9.com Online Tech Support=20 Helpdesk is the one-stop solution for all=20 your server-based computing needs.=20 http://www.99point9.com ************************************************ For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm *********************************************** This Weeks Sponsor: 99point9.com The 99Point9.com Online Tech Support Helpdesk is the one-stop solution for all your server-based computing needs. http://www.99point9.com ************************************************ For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm