Connect through a firewall
Network firewalls can allow or block packets based on the destination address and port. If you are using a firewall in your deployment, Citrix Receiver for Windows must be able to communicate through the firewall with both the Web server and Citrix server.
Common Citrix Communication Ports
|Citrix Receiver||TCP||80/443||Communication with StoreFront|
|ICA/HDX||TCP||1494||Access to applications and virtual desktops|
|ICA/HDX with Session Reliabilit||TCP||2598||Access to applications and virtual desktops|
|ICA/HDX over SSL||TCP||443||Access to applications and virtual desktops|
|ICA/HDX from HTML5 Receiver||TCP||8008||Access to applications and virtual desktops|
|ICA/HDX Audio over UDP||TCP||16500 - 16509||Port range for ICA/HDX audio|
|IMA||TCP||2512||Independent Management Architecture (IMA)|
|Management Console||TCP||2513||Citrix Management Consoles and *WCF services Note: For FMA based platforms 7.5 and later, port 2513 is NOT used.|
|Application/Desktop Request||TCP||80/8080/443||XML Service|
|STA||TCP||80/8080/443||Secure Ticketing Authority (embedded into XML Service)|
In XenApp 6.5 port 2513 is used by XenApp Command Remoting Services through WCF.
If the firewall is configured for Network Address Translation (NAT), you can use the Web Interface to define mappings from internal addresses to external addresses and ports. For example, if your XenApp or XenDesktop server is not configured with an alternate address, you can configure the Web Interface to provide an alternate address to Receiver. Citrix Receiver for Windows then connects to the server using the external address and port number. For more information, see the Web Interface documentation.