• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Allow Access to Internal Netscaler

Scheduled Pinned Locked Moved NAT
5 Posts 2 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    SlevinKelevra
    last edited by Oct 31, 2016, 8:16 PM

    I'm migrating from a TMG 2012 to pfSense; I have a Netscaler on my LAN to publish XenApp and XenDesktops for external clients. My TMG rule is just to allow from anywhere HTTPS server to the IP interface of the netscaler I have configured. Would I need to create a Firewall RUle on the WAN interface as well as a NAT? I can't figure out how to get the netscaler published through pfsense.

    -SK

    1 Reply Last reply Reply Quote 0
    • K
      KOM
      last edited by Oct 31, 2016, 8:45 PM

      Usually creating the NAT also creates the complimentary firewall rule.  At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.

      1 Reply Last reply Reply Quote 0
      • S
        SlevinKelevra
        last edited by Oct 31, 2016, 8:58 PM

        @KOM:

        Usually creating the NAT also creates the complimentary firewall rule.  At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.

        Would this be a Port Forward NAT or 1:1?

        -SK

        1 Reply Last reply Reply Quote 0
        • K
          KOM
          last edited by Nov 1, 2016, 12:53 AM

          A port forward.  Post your NAT and sanitized WAN rules if you're having problems.

          1 Reply Last reply Reply Quote 0
          • S
            SlevinKelevra
            last edited by Nov 1, 2016, 5:11 AM

            @KOM:

            A port forward.  Post your NAT and sanitized WAN rules if you're having problems.

            Thanks again KOM. Took a bit of trial and error, but I got the Virtual IP created for the public IP, created the Port Forward NAT, and WAN Firewall rule. I also had to modify the default 0.0.0.0 route on the netscaler to point to the pfSense FW instead of TMG. I was able to test from my Azure Windows 10 client and Citrix XEN services all worked like a charm!

            -SK

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received