[THIN] Re: Citrix Secure Gateway on trusted network ?

  • From: "Claudio Rodrigues" <crodrigues@xxxxxxxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Mon, 8 Mar 2004 13:59:29 -0500

The CSG can be used with as many Citrix servers as you want, using one
single external IP for the CSG AND one port.
If you setup rules like:
External to DMZ, allows 443 from anywhere to CSG DMZ IP address.
DMZ to Internal, allows 1494 from CSG DMZ IP address to MetaFrames
internal IP addresses.
Usually you end up using two external IPs, one for the webserver (ports
80 and 443) and one for the CSG (port 443) and as pointed, does not
matter how many Citrix servers you have.


-----Original Message-----
From: Steve Greenberg [mailto:steveg@xxxxxxxxxxxxxx]=20
Sent: March 8, 2004 1:21 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix Secure Gateway on trusted network ?



Using NAT in various scenarios is common for CSG, there is no problem to
have the outside DNS address NAT to CSG on an inside address. When you =
=3D
go
the outside DNS name/ip it forwards to the inside address and works just
fine. In fact, since the recommended solution is to have a true DMZ with
=3D
two
firewalls, this is often done.

The issue this won't address is if you have enough outside IP addresses.
=3D
If
not, you can subdivide servers by assigning unique ports for each one on
=3D
a
shared IP address. That can definitely work, but much more complicated =
=3D
to
manage.

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax=3D20
steveg@xxxxxxxxxxxxxx



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
=3D
Behalf
Of Alex Marguth
Sent: Monday, March 08, 2004 7:51 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix Secure Gateway on trusted network ?


Hi Jan,

If you're mapping the public IP to the private one, you're still using =
=3D
an IP
address so this may defeat the purpose for you.

I believe that using the alternate address command from a dos prompt =3D
will
set the server to hand out the external IP which should resolve and
certificate problems.

_________________________________________
Alex Marguth
AVM Technical Solutions, Inc.

503.799.3372
alex@xxxxxxxxxxxxxxxx


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
=3D
Behalf
Of Jan Homan
Sent: Monday, March 08, 2004 2:04 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Citrix Secure Gateway on trusted network ?


Is it possible to have Citrix Secure Gateway on
the trust network (local) or a DMZ zone which has NAT IP-adresses (e.g
10.10.10.x).

We would map the public IP-address of the Secure Gateway either to the =
=3D
local
IP-adress or to the IP-addres on the DMZ zone.

We need to do this because we do not have enough public IP-addresses.

The issue I can think of is that the Certificate for CSG will not work,
because it is based on a public IP-adress en a FQD name. Meaning how do
=3D
you
configure DNS (lookup) such that this work.

Any comments/suggestions are very much appreciated.

Jan
********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application =3D
management
problems. http://www.triCerat.com=3D20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application =3D
management
problems. http://www.triCerat.com=3D20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com=20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: