• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall Client on Citrix Server - Can it pass authentication?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall Client on Citrix Server - Can it pass authentication? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Firewall Client on Citrix Server - Can it pass authenti... - 22.Jan.2002 1:05:00 AM   
PWizard

 

Posts: 5
Joined: 27.Dec.2001
From: Texarkana, AR, USA
Status: offline
I have Citrix installed on MS Terminal Server (NT4). I am using Websense with ISA to block access to restricted sites. Websense is unable to authenticate (transparently) users coming from the Citrix machines - it sees them all as the same user. If I install the Firewall Client on the Citrix boxes, will it pass user authentication info from each individual session to the ISA server?
Post #: 1
RE: Firewall Client on Citrix Server - Can it pass auth... - 22.Jan.2002 1:32:00 AM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi,

do you mean that the user credentials are not passed to the web proxy server of ISA? That's weird. Have you setup the browser with the necessary proxy settings?
I thought this should work. I actually have not tried it myself, but testing this is planned in the next few weeks.

Concerning the firewall client, I really don't know. I need that functionality too and will definitely give it a try. When testing is completed, I will post a followup.

Tom, if you read this, can you give us some advice?

Regards,
Stefaan


(in reply to PWizard)
Post #: 2
RE: Firewall Client on Citrix Server - Can it pass auth... - 22.Jan.2002 3:46:00 PM   
PWizard

 

Posts: 5
Joined: 27.Dec.2001
From: Texarkana, AR, USA
Status: offline
Yes, I have the browser setup with the ISA Proxy information. And it does go to ISA to get to the Internet, but our filtering software can't identify them properly coming from the Citrix box. it think's everyone is the first (or last) person that logged on the box. I'm not sure if ISA is identifying them or not, but if it is, it's not passing the info along to Websense, and that is my problem.

Everyone using a PC and/or the firewall client is identified correctly. I read in some other newsgroups that installing the firewall client on top of Citrix will pass credentials for each individual user session. I just wanted to get clarification here from the experts before I attempt this in our environment.


(in reply to PWizard)
Post #: 3
RE: Firewall Client on Citrix Server - Can it pass auth... - 22.Jan.2002 5:28:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi,

thanks for the feedback. I will post a followup if our tests are completed.

In the mean time, I hope that the ISA guru Tom can help you further.

Regards,
Stefaan


(in reply to PWizard)
Post #: 4
RE: Firewall Client on Citrix Server - Can it pass auth... - 23.Jan.2002 12:02:00 AM   
PWizard

 

Posts: 5
Joined: 27.Dec.2001
From: Texarkana, AR, USA
Status: offline
Well, just for kicks I installed the firewall client on our Citrix server.

It did not work. The firewall client itself worked, but Websense did not pull the correct users credentials from the client.

Does anyone know of a category-based content filtering software that will work with ISA in a Citrix/Terminal Server environment?


(in reply to PWizard)
Post #: 5
RE: Firewall Client on Citrix Server - Can it pass auth... - 5.Feb.2002 7:40:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi,

as promised, the feedback about our tests. We use Citrix Metaframe XPE with FR1 only on W2K with SP2. The Citrix is a member server of a NT4 domain. ISA sits in a W2K domain with a trust to the NT4 domain (migration phase).

We have tested IExplorer with the web proxy service of ISA and user/group authentication. All authentication works transparently. In the weblogs we see clearly all request comming from the ip-address of the Citrix server but with the correct user info for the different user sessions on Citrix.

We have also installed the firewall client on Citrix and tested it in the same environment and again with good success. All correct user info is passed to the firewall for authentication. This can clearly be verified in the firewall logs.

Conclusion: we have found no problems at all.

Regards,
Stefaan


(in reply to PWizard)
Post #: 6
RE: Firewall Client on Citrix Server - Can it pass auth... - 5.Feb.2002 8:18:00 PM   
PWizard

 

Posts: 5
Joined: 27.Dec.2001
From: Texarkana, AR, USA
Status: offline
We are using Citrix Metaframe v1.0 with a Windows NT4.0 domain. Our only 2000 server is the ISA box and our authentication is not working properly - not on ISA as we found out, but with our Websense software.

We have since switched to a different Web Filtering software that does identify users correctly from ISA.

Anyone attempting to run Citrix with ISA and are using Websense, be warned that it probably won't work. Websense also has no plans to make it work from what I understand. They were very rude to us while trying to find a resolution to this problem.

Out of ALL the web filtering packages we tested, Websense was the ONLY one that didn't work correctly with Citrix.


(in reply to PWizard)
Post #: 7
RE: Firewall Client on Citrix Server - Can it pass auth... - 5.Feb.2002 11:13:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi,

glad you found the problem and neither Citrix or ISA was the culprit ;-)

Greetings,
Stefaan


(in reply to PWizard)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall Client on Citrix Server - Can it pass authentication? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts