When deploying XenApp, there are a few ports that typically need to be open for the solution to work properly. The most common of these are 1603 and 1604, but you may also need to open 1494 and 2598 as well. And of course, 443 and 80 if you’re doing web stuff. So here’s the list and what they do:
- Admin: 135
- Access Gateway Deployment: 443
- App Streaming: 445
- Citrix ICA thin client protocol: 1494
- Citrix ICAbrowser: 1604
- Independent Management Architecture: 2512
- Management Console: 2513
- Citrix Session Reliability Service: 2598
There are also a number of ports that communicate back into your infrastructure, such as LDAP (can be a RODC), RADIUS and DNS. If you’re blocking internal ports (e.g. if your Citrix infrastructure is in a DMZ) then you’ll also need ports 9001, 9002 and 9005 in order to administer your Citrix environment, but only from hosts that will perform administration tasks. Also, if you use AppController, port 9736 between hosts provides the High Availability service, 4443 is for the admin tool and 3820 and 21 are used for log transfers. If you have a separate license server you’ll need the Citrix servers to communicate with it via 27000, 7279, 8082 and 80. If you use a separate SQL Server for any of this stuff, you’ll also need 1433 and 1434 to it.