12-23-2004 05:39 AM - edited 03-09-2019 09:50 AM
HI...
We have setup a temporary isdn 128k connection to allow 50 users to connect to ERP (based on SQL) servers at the main site over citrix. We use a 1700 series router.
The requirement is to allow these people to use only that application and nothing else. We will install citrix client on each user PC. I have found the following citirix ports
ICA (Default) TCP: 1494
IMA TCP: 2512
CMC TCP: 2513
SSL TCP: 443
STA (IIS) TCP: 80
TCP Browsing UDP: 1604
XML (Default) TCP: 80
I plan to add windows terminal services ports and DNS as well. I plan to test tomorrow.
The thing that's worrying me is that 2 of the citrix ports use 80 which is the same as the upstream internet proxy that is used at the main site. I am affraid people can still access internet if these ports are allowed.
Any help is appreciated
Thanx
12-23-2004 11:06 AM
Hi,
You can prevent this by either having a deny rule at the top of your ACL to specifically deny http to your proxy
e.g.
access-list 101 deny tcp any
access-list 101 permit tcp any
etc...
Or you can have specific destination addresses in your ACL only permitting your clients to talk to specific servers. All other traffic (http to your proxy included) will be denied as its not specifically permitted in your ACL..
HTH
Paddy
12-24-2004 12:04 PM
thanx for the reply
I was thinking of using a static route on the router that points only to the application servers. Any suggestions?
12-25-2004 06:07 PM
Static routes would be a good thing for your security and eliminate routing updates on the link. However, you probably don't want to do this if you have a continually changing topology/services (IOW, the remote access is not changing). For added security, you may also want to combine this with the aforementioned access lists. Don't forget to enable RFC 1918 and 2827 filtering.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide