There were some posts back in January about proxying Citrix ICA, which are a
topic of particular concern for me lately.
The previous posts indicated that there aren't any real proxies or ALGs for
ICA, which I'm basically in agreement with. However what about a product
like Packeteer Packetshaper that can actually differentiate between
different protocols regardless of what port the run on. It can also
actually differentiate between published apps by inspecting the packets as
they are forwarded. If you can block/control traffic based on application
information isn't that an ALG?
I'm thinking about utilizing a Packeteer or similar solution as a security
measure to ensure not only that connections are only made over port 1494 (or
whatever port we end up using...)but that the connections are actually ICA
traffic. Anyone have any thoughts about using this kind of a solution as a
security measure?
Thanks...
Clayton
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
