For port 8080 you'll need to create custom policy. Then set it up for NAT on the external Ips to the internal. Since 8080 is a non-standard port, I don't think the WG has a standard policy to cover it. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Tyler Kinchen Sent: Thursday, September 12, 2002 5:02 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Watchguard Call me crazy but is there a rule in the firewall allowing the traffic = on port 8080 through as web traffic (and to the Citrix servers)? If so, = I would definitely eyeball the logs on the firewall when a connection is = being made and figure out what rule is dropping that connection. HTH. Regards, Tyler Kinchen tkinchen@xxxxxxxxxxxxx > -----Original Message----- > From: Carl Arnoult [mailto:CArnoult@xxxxxxxxxxxxxxxxxxxxx] > Sent: Thursday, September 12, 2002 4:54 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Watchguard >=20 >=20 >=20 > I have the regular Citrix services set up in the Watchguard=20 for >ports =3D 1494 and 1604. That part works fine, it's the TCP/IP + >HTTP=20 port 8080 =3D > traffic that is being blocked. >=20 > -----Original Message----- > From: Evan Mann [mailto:emann@xxxxxxxxxxxx] > Sent: Thursday, September 12, 2002 1:48 PM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: Watchguard >=20 >=20 >=20 > Sounds like your not allowing ICA traffic. 1494 TCP. There=20 > is a citrix > service default for this. Add that and setup the appropriate NAT. >=20 > -----Original Message----- > From: Carl Arnoult [mailto:CArnoult@xxxxxxxxxxxxxxxxxxxxx] > Sent: Thursday, September 12, 2002 4:42 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Watchguard >=20 >=20 >=20 > Any Citrix shops out there that are also utilizing a=20 > Watchguard Firebox =3D > =3D3D > for your firewall? We've configured our 2-server Citrix farm=20 > (MF XPa) =3D > =3D3D > to use port 8080 for XML TCP/IP traffic. I need to configure the = =3D3D > firewall to pass this traffic from specific external IP=20 addresses > for =3D =3D3D > users working from home. Thus far I've configured the Citrix=20 > servers =3D > =3D3D > with ALTADDR for the appropriate public IP addresses and=20 > configured the =3D > =3D3D > user's client Firewall setting to use the Alternate Address. I've = =3D3D > created a Watchguard service with a static NAT from the=20 appropriate > =3D3D public IP address to the corresponding internal IP for the > Citrix = =3D3D > servers. However the Watchguard is blocking this traffic=20 when I >attempt =3D =3D3D > to connect from one of the "allowed" remote workstations. =3D3D20 >=20 > Thanks... >=20 > Carl Arnoult > Elder Care Alliance > 510.434.2805 >=20 ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm