Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: ICA

RE: ICA

From: <Brett_Gardner_at_advantra.com.au>
Date: Wed, 1 Sep 1999 09:24:41 +1000

Stan,

I would go with the previous suggesting of using a program like tcpdump to
monitor the packets at the interface level. If this is not installed, try
adding a world world rule with all logging enabled on the firewall for a couple
of minutes and test the connection in this time, thereby logging the attempted
ports.

Brett Gardner

Network Security Engineer - Advantra Security Services, Advantra Pty Limited
"To be secure is in the eye of the beholder"

---------------------- Forwarded by Brett Gardner/AdvInt/Advantra on 09/01/99
09:15 AM ---------------------------

"Aaron Lewter" <alewter_at_mscfl.com> on 08/30/99 10:33:05 PM

Please respond to "Aaron Lewter" <alewter_at_mscfl.com>

To: "'Stan Anderson'" <Stan_at_iconfitness.com>, firewall-wizards_at_nfr.net
cc: (bcc: Brett Gardner/AdvInt/Advantra)
Subject: RE: ICA

I have enclosed the KB page from the Citrix Solution CD. You need to open a
few more ports.

Summary:
Successfull ICA browsing on segmented networks, WANS and the Internet
If the ICA clients are separated from the WinFrame servers with the
published applications by a router or a firewall (as is common on WAN or
Internet connections), UDP Port 1604 must be open in both directions in
order for the ICA clients to communicate with the ICA Master Browser on
remote subnets. In addition, TCP Port 1494 and the High Ports (i.e. TCP
Ports above 1023) must also be opened according to the specifications in the
tables below.

Aaron Lewter
Enterprise Consulting Group, MSC
954-424-8004*207
alewter_at_mscfl.com
http://www.mscfl.com

-----Original Message-----
From: owner-firewall-wizards_at_lists.nfr.net
[mailto:owner-firewall-wizards_at_lists.nfr.net]On Behalf Of Stan Anderson
Sent: Thursday, August 26, 1999 5:14 PM
To: firewall-wizards_at_nfr.net
Subject: ICA

I have an IBM eNetwork firewall V3.3. I am trying to open up ICA(Citrix
Encryption). I have opened TCP port 1494 and udp 1604, but I can't get
connected through the firewall. I can connect over my LAN, so I know the
Citrix server, and Client are setup. Is there anything I am missing, or can
someone offer me any advise.

     Thanks,

       Stan Anderson
       ICON Health & Fitness, Inc.
       (435) 750-7795

Received on Sep 01 1999
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]