Summary
This document describes Citrix Access Gateway 8.0 Enterprise Edition ports and the respective configuration of ports on firewalls.
Port Considerations
The diagram below shows some sample firewall rules that must be enabled if the Access Gateway IP addresses are all in a demilitarized zone (DMZ).
Administration ports:
• Port 80 for HTTP to the Configuration Utility
• Port 3010 for the Java applet connection to the Configuration Utility
• Port 22 for SSH and file transfers using the Configuration Utility
Authentication ports:
• The default Lightweight Directory Access Protocol (LDAP) port is 389 for Plaintext and STARTTLS
• The default LDAP+SSL port is 636
• The default RADIUS User Datagram Protocol (UDP) authentication port is 1812
Web Interface ports:
• Web Interface makes an HTTPS call to an SSL VPN virtual server during the initial handshake
STA:
• STA validation traffic and monitoring traffic originates from the mapped IP address (MIP) (TCP port 80 or 443)
• ICA connections originate from the MIP or intranet IP (TCP port 1494)
• If you use Session Reliability, open TCP port 2598
More Information
CTX113250 – Citrix Access Gateway Enterprise Edition Port Configuration
CTX112727 – Access Gateway Enterprise Edition Quick Installation and Configuration
