Allow Access to Internal Netscaler
-
I'm migrating from a TMG 2012 to pfSense; I have a Netscaler on my LAN to publish XenApp and XenDesktops for external clients. My TMG rule is just to allow from anywhere HTTPS server to the IP interface of the netscaler I have configured. Would I need to create a Firewall RUle on the WAN interface as well as a NAT? I can't figure out how to get the netscaler published through pfsense.
-SK
-
Usually creating the NAT also creates the complimentary firewall rule. At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.
-
@KOM:
Usually creating the NAT also creates the complimentary firewall rule. At the bottom of the NAT definition, there should be a Filter rule association field that has the linked rule.
Would this be a Port Forward NAT or 1:1?
-SK
-
A port forward. Post your NAT and sanitized WAN rules if you're having problems.
-
@KOM:
A port forward. Post your NAT and sanitized WAN rules if you're having problems.
Thanks again KOM. Took a bit of trial and error, but I got the Virtual IP created for the public IP, created the Port Forward NAT, and WAN Firewall rule. I also had to modify the default 0.0.0.0 route on the netscaler to point to the pfSense FW instead of TMG. I was able to test from my Azure Windows 10 client and Citrix XEN services all worked like a charm!
-SK
