Nope. Tell them to dial up from home. You could publish an html page which has a hyperlink to an ICA file, but then you fire up port 1494/tcp within or outside the browser anyway. You could get restrict all access to port 1494 and use the Secure ICA product for 40/56/128bit RC5 encryption. See: http://www.citrix.com/products/sica/sicawp/start.htm Also see "Using Firewalls With WinFrame": http://www.citrix.com/support/solution/sol00053.htm Some time ago Citrix bought a company which displays the Windows App GUI through a Java interpreter, so hope springs eternal. SCO Taranella could be used to front-end the WTS box to preserve session state, but it then uses ports 3144/tcp and 5307/tcp (SSL). Make sure your 'demo' system is isolated and can't talk to anything else, since once a WTS/Citrix system is on the Internet, it's only a matter of time until someone 'owns' it. None of this solves the problem of punching a hole through the remote firewall. Bill Stout > -----Original Message----- > From: SF BA [mailto:sfba121at_private] > Sent: Thursday, February 10, 2000 5:25 PM > To: firewall-wizardsat_private > Subject: Citrix ICA through port 80? > > > I know that some of you will consider this a bad thing > ... that aside, I still need to figure out my options. > > We have a demo that runs on Windows Terminal Server > and Citrix MetaFrame. Some of our potential customers > have firewalls setup that block their users from going > out on unknown ports (if they don't have Citrix > installed already, then they'll block the ports that > ICA uses). > > I was wondering ... is there a way to set things up so > that people can connect to our terminal server without > having to involve their IS departments? Tunneling > over http on port 80, perhaps? > > Thanks! > > > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:35 PDT