We have a similar setup and had a few similar issues. What ports did you open up and to what boxes? Do you have the only Zone DC's enumerate program neighbourhood checked on the Farm properties on the Zones tab ? _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rosa,Steve,BRUSSELS,GLOBE Center EUR-ITOC Sent: 04 November 2004 08:19 To: thin@xxxxxxxxxxxxx Subject: [THIN] Clients behind firewalls Hi there, Environment: MF XP1.0 on Windows 2000 We have a couple of users who connect from a 3rd party site. Between this site and the server farm, firewalls have been put in place and rules have been created to allow the Citrix traffic. Our farm consists of 20 servers. These clients should only connect to 6 of the servers (2 are dedicated data collectors and 4 are actual load balanced application servers), therefore firewall is open only to these 4 boxes. When the users connect via the Program Neighbourhood, they get the error message "Cannot connect to the Citrix MetaFrame server. There is no route to the specified subnet address". The issue is not critical as refreshing 3 times usually clears the issue however it is annoying. I received some network trace logs which clearly show that the clients try to connect to servers where they should not. I assume a quick workaround would be to add all the servers in the firewall rules, but I would rather know what is really going on. Has anyone a clear view on this? Thanks! Steve Rosa Platform Services - Technology - Senior System Engineer Nestlé European Information Technology Operations Center (ITOC) S.A. Rue de Birmingham, 221 - B-1070 Brussels (Belgium) Phone : +32 2 529 68 35 - Fax : +32 2 529 55 95 Mobile : +32 477 770 772 E-Mail : mailto:steve.rosa@xxxxxxxxxxxxxx <mailto:steve.rosa@xxxxxxxxxxxxxx> *********************************************************************************** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM http://www.rbsmarkets.com ********************************************************************************