Allow Access to Internal Netscaler



  • I'm migrating from a TMG 2012 to pfSense; I have a Netscaler on my LAN to publish XenApp and XenDesktops for external clients. My TMG rule is just to allow from anywhere HTTPS server to the IP interface of the netscaler I have configured. Would I need to create a Firewall RUle on the WAN interface as well as a NAT? I can't figure out how to get the netscaler published through pfsense.

    -SK



  • Usually creating the NAT also creates the complimentary firewall rule.  At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.



  • @KOM:

    Usually creating the NAT also creates the complimentary firewall rule.  At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.

    Would this be a Port Forward NAT or 1:1?

    -SK



  • A port forward.  Post your NAT and sanitized WAN rules if you're having problems.



  • @KOM:

    A port forward.  Post your NAT and sanitized WAN rules if you're having problems.

    Thanks again KOM. Took a bit of trial and error, but I got the Virtual IP created for the public IP, created the Port Forward NAT, and WAN Firewall rule. I also had to modify the default 0.0.0.0 route on the netscaler to point to the pfSense FW instead of TMG. I was able to test from my Azure Windows 10 client and Citrix XEN services all worked like a charm!

    -SK


Log in to reply