Hey guys, man have I had a hellish week. My citrix servers just died this week, applications kept crashing, and citrix would lock up on Running logon scripts. Citrix support had no idea what was going on so I had to completely uninstall Citrix and rebuild the servers, new farm, everything... Now I'm back up things seem to be working okay but while we rebuilt the servers I moved my Web Interface to a new location (off my Citrix servers) so now my firewall is not set to allow remote access. I was wondering how the firewall should be set for the new way I have my servers setup. Here's the setup: Webserver.domain.local (hosts WI) Sql.domain.local (hosts the DSN or whatever that things called) Citrix.domain.local (the actual citrix server) Before I had the firewall forward requests for citrix.domain.local to port 80 on the citrix server and I left 1494 open for ICA connections. I'm going to change it so port 80 forwards to the WI server but do I still leave port 1494 open to all my citrix servers in my farm? I don't have secure gateway and all that crap, I'm running PS 4.0 (in 3.0 mode) Windows 2000 Servers. Gunnar ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________