Why not make the users that are using citrix authenticate against the firewall and build your firewall policies on a per-user basis? This should do the trick. And then let the Citrix's IP address access only that site that it needs access to. Tiago de Aviz SoftSell - Curitiba (41) 340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. -----Mensagem original----- De: Don McCall [mailto:DMcCall@xxxxxxxxxx] Enviada em: sexta-feira, 21 de janeiro de 2005 09:49 Para: [ISAserver.org Discussion List] Assunto: [isalist] Access to a single web site from a Citrix server http://www.ISAserver.org I have racked my brains on this one (not that there is that many in the first place) however I have not as yet come up with a solution. The scenario is as follows: For all intensive purposes domain users have access to HTTP and HTTPS. As a matter of principle I block all servers from access to the internet except the necessary DNS MAIL etc. I have had a request to allow some Citrix Servers access to a single WEB site. It is simple enough to allow users access to the WEB through the Citrix server by removing the block on that IP address. However that also gives them access to all WEB sites through the Citrix server, (this is not desirable). If I restrict HTTP to a single site, then it also restricts their access from their work stations (also not desirable). I know I have got to be missing something simple... I am running both ISA 2000 and 2004 (I am egarly waiting the book I have ordered) If any one has a simplton plan please let me know. Thanks Don McCall Infrastructure Manager Baptist Community Services O: 02 9023 2602 M: 0403082854 F: 02 9023 2502 Email dmccall@xxxxxxxxxx Don McCall Infrastructure Manager Baptist Community Services O: 02 9023 2602 M: 0403082854 F: 02 9023 2502 Email dmccall@xxxxxxxxxx This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Baptist Community Services. 3 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx