Hi all-
I'd like to know how this ends up working out for you, we use Citrix through a
firewall too. In fact, it was just recently that I punctured our firewall to
allow Citrix traffic through, explicitly from the Citrix servers ports' 1494,
1604 to our local machines. This breaks if people can spoof themselves as the
servers, and it allows our users to use any services available on the servers.
> You know, that hadn't really occurred to me; I don't know how it does it.
> Obviously the client has to send information about what application it wants
> to connect to. Perhaps this happens before encryption is established. The
> reason I'm stubbornly holding on to this concept is that I actually read the
> Packeteer docs about doing this very thing.
AFAIK the services available are requested cleartext from the servers via one
port, and the connections are (optionally) encrypted and sent over the other.
Take that with a grain of salt though, I'm no Citrix guru.
Is there some reason you want to limit the services people can access at a
firewall? It seems like a problem that should be fixed on the Citrix servers.
And even a proxy would fall prone to spoofed IPs... I guess the question is 'who
do you trust'?
-Eric
--------------------------------------------
Eric H. Weigle CCS-1, RADIANT team
[EMAIL PROTECTED] Los Alamos National Lab
(505) 665-4937 http://home.lanl.gov/ehw/
--------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
