This all depends on how well the DMZ and the Citrix box are secured. Also, you didn't
specify whether you were allowing access to all hosts in the DMZ or just the Citrix
box. I wont make any assumptions. Make sure you only allow the IP or IPs of the Citrix
box to connect to those ports.
Be sure to check us out a http://infosec.20m.com
________________________________________________
On Wed, 07 June 2000, [EMAIL PROTECTED] wrote:
>
> Hello,
>
> I was hoping to get some quality answers from all you professionals out
> there about some ports I have been asked to open up on our firewall.
>
> We have a Watchguard Firebox II firewall connected to the Internet
> (External), the corporate LAN (Trusted) and our DMZ (Optional) which is
> locked down tight except for only the essential ports to allow the servers
> to do their job.
>
> The ports I have been asked to open are:
>
> 1494 - ICA
> 1604 - ICABrowser
> 139 - Netbios Session Service
>
> The is to allow a Citrix server in our DMZ to communicate back through to
> our corporate LAN (Trusted) to another Citrix server.
>
> Can you tell me if I'm about to open up a can of worms, or am I ok to open
> up these 3 ports?
>
> What is ICA and ICABrowser anyway? I asume its a Citrix related service?
>
> Please advise
>
> Regards
>
> Simon
>
>
>
> **********************************************************************
> If you are not the intended recipient of this e-mail and have received it
> in error, you are on notice that the e-mail and any attached files are
> confidential. Please notify us immediately by reply e-mail and then delete
> this message from your system. Please do not use, distribute, copy or
> take any action in reliance on it as to do so could be a breach
> of confidence. The sender does not accept any responsibility for any
> loss, disruption or damage to your data or computer system which may occur
> whilst using data contained in, or transmitted with, this e-mail. Thank
> you for your co-operation. If you need assistance, please contact
> Maritz Ltd - tel.: +44 (0)1628 486011 or e-mail: [EMAIL PROTECTED]
> **********************************************************************
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-------------------------------------------------
Join a North Sky Community Today!
http://communities.northsky.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
