Allow Access to Internal Netscaler

SlevinKelevra · Oct 31, 2016, 8:16 PM

I'm migrating from a TMG 2012 to pfSense; I have a Netscaler on my LAN to publish XenApp and XenDesktops for external clients. My TMG rule is just to allow from anywhere HTTPS server to the IP interface of the netscaler I have configured. Would I need to create a Firewall RUle on the WAN interface as well as a NAT? I can't figure out how to get the netscaler published through pfsense.

-SK

KOM · Oct 31, 2016, 8:45 PM

Usually creating the NAT also creates the complimentary firewall rule. At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.

SlevinKelevra · Oct 31, 2016, 8:58 PM

@KOM:

Usually creating the NAT also creates the complimentary firewall rule. At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.

Would this be a Port Forward NAT or 1:1?

-SK

KOM · Nov 1, 2016, 12:53 AM

A port forward. Post your NAT and sanitized WAN rules if you're having problems.

SlevinKelevra · Nov 1, 2016, 5:11 AM

@KOM:

A port forward. Post your NAT and sanitized WAN rules if you're having problems.

Thanks again KOM. Took a bit of trial and error, but I got the Virtual IP created for the public IP, created the Port Forward NAT, and WAN Firewall rule. I also had to modify the default 0.0.0.0 route on the netscaler to point to the pfSense FW instead of TMG. I was able to test from my Azure Windows 10 client and Citrix XEN services all worked like a charm!

-SK