Posts: 5
Joined: 27.Dec.2001
From: Texarkana, AR, USA
Status: offline
I have Citrix installed on MS Terminal Server (NT4). I am using Websense with ISA to block access to restricted sites. Websense is unable to authenticate (transparently) users coming from the Citrix machines - it sees them all as the same user. If I install the Firewall Client on the Citrix boxes, will it pass user authentication info from each individual session to the ISA server?
do you mean that the user credentials are not passed to the web proxy server of ISA? That's weird. Have you setup the browser with the necessary proxy settings? I thought this should work. I actually have not tried it myself, but testing this is planned in the next few weeks.
Concerning the firewall client, I really don't know. I need that functionality too and will definitely give it a try. When testing is completed, I will post a followup.
Tom, if you read this, can you give us some advice?
Posts: 5
Joined: 27.Dec.2001
From: Texarkana, AR, USA
Status: offline
Yes, I have the browser setup with the ISA Proxy information. And it does go to ISA to get to the Internet, but our filtering software can't identify them properly coming from the Citrix box. it think's everyone is the first (or last) person that logged on the box. I'm not sure if ISA is identifying them or not, but if it is, it's not passing the info along to Websense, and that is my problem.
Everyone using a PC and/or the firewall client is identified correctly. I read in some other newsgroups that installing the firewall client on top of Citrix will pass credentials for each individual user session. I just wanted to get clarification here from the experts before I attempt this in our environment.
as promised, the feedback about our tests. We use Citrix Metaframe XPE with FR1 only on W2K with SP2. The Citrix is a member server of a NT4 domain. ISA sits in a W2K domain with a trust to the NT4 domain (migration phase).
We have tested IExplorer with the web proxy service of ISA and user/group authentication. All authentication works transparently. In the weblogs we see clearly all request comming from the ip-address of the Citrix server but with the correct user info for the different user sessions on Citrix.
We have also installed the firewall client on Citrix and tested it in the same environment and again with good success. All correct user info is passed to the firewall for authentication. This can clearly be verified in the firewall logs.
Posts: 5
Joined: 27.Dec.2001
From: Texarkana, AR, USA
Status: offline
We are using Citrix Metaframe v1.0 with a Windows NT4.0 domain. Our only 2000 server is the ISA box and our authentication is not working properly - not on ISA as we found out, but with our Websense software.
We have since switched to a different Web Filtering software that does identify users correctly from ISA.
Anyone attempting to run Citrix with ISA and are using Websense, be warned that it probably won't work. Websense also has no plans to make it work from what I understand. They were very rude to us while trying to find a resolution to this problem.
Out of ALL the web filtering packages we tested, Websense was the ONLY one that didn't work correctly with Citrix.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall Client on Citrix Server - Can it pass authentication? 
Firewall Client on Citrix Server - Can it pass authenti... - 
RE: Firewall Client on Citrix Server - Can it pass auth... - 
RE: Firewall Client on Citrix Server - Can it pass auth... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread