Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow Access to Internal Netscaler

    NAT
    2
    5
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SlevinKelevra
      last edited by

      I'm migrating from a TMG 2012 to pfSense; I have a Netscaler on my LAN to publish XenApp and XenDesktops for external clients. My TMG rule is just to allow from anywhere HTTPS server to the IP interface of the netscaler I have configured. Would I need to create a Firewall RUle on the WAN interface as well as a NAT? I can't figure out how to get the netscaler published through pfsense.

      -SK

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Usually creating the NAT also creates the complimentary firewall rule.  At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.

        1 Reply Last reply Reply Quote 0
        • S
          SlevinKelevra
          last edited by

          @KOM:

          Usually creating the NAT also creates the complimentary firewall rule.  At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.

          Would this be a Port Forward NAT or 1:1?

          -SK

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            A port forward.  Post your NAT and sanitized WAN rules if you're having problems.

            1 Reply Last reply Reply Quote 0
            • S
              SlevinKelevra
              last edited by

              @KOM:

              A port forward.  Post your NAT and sanitized WAN rules if you're having problems.

              Thanks again KOM. Took a bit of trial and error, but I got the Virtual IP created for the public IP, created the Port Forward NAT, and WAN Firewall rule. I also had to modify the default 0.0.0.0 route on the netscaler to point to the pfSense FW instead of TMG. I was able to test from my Azure Windows 10 client and Citrix XEN services all worked like a charm!

              -SK

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.