| On the installation CD is a fantastic document called Citrix_Secure_Gateway_Checklist.pdf which will run you through the SG pre-installation checklist. I strongly suggest using this document to assist with your SG deployment. The following section should be used in conjunction with the Citrix_Secure_Gateway_Checklist.pdf. Before you start your SG installation complete the following tasks: 1. Install these server and root certificates: Root certificates on all client devices connecting to the Gateway Server (If you use a commercial CA you can skip this step) Root certificate on the server running the Logon Agent/Gateway Service Root certificate on the internal server running the Authentication Service (this is only necessary if communication between the Gateway and MetaFrame Secure Access Manager box is being secured) 2. On the firewall between the Internet and the Gateway server, ensure that port 443 (the default SSL port) is open. 3. On the Gateway server, configure IIS to use a port other than 443. (The Gateway service needs 443 so IIS must be configured to use a different SSL port.) 4. On the firewall between the DMZ and the secure network: Verify that port 80 is open Verify that port 443 is open (if the Secure Gateway server connects to a secure server in the secure network) Verify that port 80 is open for communication between the Logon Agent and the Citrix XML Service Verify that port 1494 is open for communication between the Secure Gateway Service and MetaFrame XP servers Tip: To use the logging feature of CSG 2.0, you will need to enable DHCP & DNS client service on the Gateway machine even when a fixed IP and standard DNS resolution is used. There is no logging supported within the SG diagnose tool when DHCP & DNS client service is disabled in the OS. See Microsoft Knowledge Base Article 268674 for
|