I am trying to setup a basic Secure Gateway service to allow port 80/443 access to our farm (rather than 1494) Would someone mind checking my logic for which stuff to put on which servers I have tried to explain what I think is the right way to go about this in the list below, with each server (egSRV1) listed with its functions, and the firewall ports I have open. Client = Built-in Cert. trust / ICA Client **** Outside **** ______1st Firewall (443,80 TCP Outside -> DMZ => Webserver) _______ **** DMZ **** SRV1 = Web Server / Trusted Cert / CSG **** DMZ **** ______2nd Firewall (1494 TCP DMZ->SN => MF Server) (80 TCP DMZ->SN => IIS Server) _______ **** Secure Network ***** SRV1 = SQL Server / Farm Data Store SRV2 = Domain Controller / Shared Documents for MF Farm / IIS 5 / STA SRV3 = MetaFrame XP FR3 **** Secure Network ***** Thanks Nick Nick Crisp Network Manager www.pinnaclesoftware.com.au ******************************************************** This weeks sponsor - RTOSoft TScale Complaints about applications response time - DO SOMETHING ABOUT IT! TScale 2.0 improves applications response time and increases terminal server capacity. Really get MORE from your existing servers! Free eval: http://www.rtosoft.com/enter.asp?id=130 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm