Answer to #1: It's highly recommended to use SG. There is no additional cost (except labor). WI/SG only requires 1 Internet IP exposed and 1 SSL Cert. Answer to #2: Yes, you can setup WI to by pass SG when access internally. Setting the ICA to force 128-bit is redundant as the SSL is already 128 encrypted. The RC5-128 Logon only setting is set on the server and/or the ica client. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Matthew Shrewsbury Sent: Wednesday, August 04, 2004 6:29 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Web Interface 2.0 I am slightly out of touch with Citrix XP Web Interface (I have used NFuse not Web Interface). My goal is to have a company portal all users can hit both internal and external to access Citrix applications. Solution: 1) Single web server running Windows 2003, IIS6 and Citrix Web Interface. 2) Purchase SSL cert to secure all web traffic to and from Citrix Web Interface. 3) Open 1494 ports into to each Citrix server from the internet. 4) Configure Web Interface for "128Bit only" for ICA traffic Questions: 1) Do I need secure gateway? What is secure gateway all about? 2) Can I configure Citrix Web Interface to force "128bit only" for external users and only use "128bit logon only" for internal users? I don't want to publish applications twice. I was planning to read up on this but now I have been told this needs to be done right now.(my manager never sticks to the schedule). Thanks for any help!!! Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Network Administrator Coscan Homes LLC C 5555 Anglers Avenue, Suite 1A Ft. Lauderdale, Florida 33312 * Direct 954.620.1052 * mshrewsbury@xxxxxxxxxxxxxxx