0HWD)UDPH$GPLQLVWUDWRUªV*XLGH
8VLQJ,&$ZLWK1HWZRUN)LUHZDOOV
Network firewalls can allow or block packets based on the destination address and
port. If you are using ICA through a network firewall, use the information
provided in this section to configure the firewall.
,&$7&3,3&RQQHFWLRQ6HTXHQFH
1. The Citrix ICA Client sends a packet to port 1494 on the Citrix server
requesting a response to a randomly selected port above 1023.
2. The Citrix server responds by sending packets to the Citrix ICA Client with the
destination port set to the port requested in Step 1.
If you have a firewall or other TCP/IP network security, configure it to allow
TCP/IP packets on port 1494 to pass to Citrix servers on your network.
Configure the firewall to allow TCP/IP packet on ports above 1023 to pass to
Citrix ICA Clients.
If the firewall is not configured to pass ICA packets, users may receive the error,
“There is no route to the specified address.”
You can configure the Citrix server to use a different port number than
1494. Use the icaport command-line utility to change the default port number on
the server. For information about the icaport utility, see Appendix A, “MetaFrame
Command Reference.”
Citrix ICA Clients must be configured to use the new port. See the Citrix ICA
Client Administrator’s Guides for the clients you plan to deploy.
7KH,&$%URZVHU
The ICA Browser service uses UDP port 1604. ICA Browser responses are sent to
a high port number above 1023.
The firewall must be configured to allow inbound UDP port 1604 connections to
Citrix servers for load balancing, server farms, and ICA server browsing to
function correctly.
Allowing untrusted access to the ICA Browser service entails some
security risk. Configure the firewall to pass ICA Browser data only if load
balancing and server browsing across the firewall are essential.
1RWH
:DUQLQJ