[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF & Citrix ICA

I have been struggling with this issue for a few days now. I have a Citrix server (customer site) that I cannot connect to through my OpenBSD 3.7 pf firewall. I am able to reach this Citrix server if I go direct (no firewall). I know the Citrix server is open to everyone on the Internet. However, something is happening when my Windows client passes through the OpenBSD pf firewall - I do not receive any packets back from the Citrix server. I have tcpdump running on the outside and inside of the firewall and I see the match rules that allow out from the Inside interface then out the outside interface but I never see any traffic back from the Citrix server.

My rules are simple. I have actually done a pass in log all keep state & pass out log all keep state in my rules with nothing else (no block or pass) and it still fails. I see the traffic go through the pf box but never see anything from the Citrix server.

I do know this Citrix server is being firewalled by a Check Point NG firewall. I do not believe they are running any IDS or anything else that would block my connection attempts.

Has anyone got this to work? If so, what does the rule(s) look like? Thanks.