IMA-Related Traffic and Firewalls
The final type of traffic that you will need to understand, if you are intending to use Citrix MetaFrame servers behind a firewall, is IMA-related traffic. The following is a list of the different ports used and when you would need to open them through your firewall. (Because the IMA service is available only in Citrix MetaFrame XP, this list is relevant only if you are using XP, not 1.8.)
CMC to Citrix MetaFrame server communication (TCP port 2513)If you need to manage your Citrix MetaFrame XP servers across a firewall, you will need to open up this port between the management station and the Citrix MetaFrame servers. TCP port 2513 is used for the establishment of a connection to your server farm by the Citrix Management Console and is used for retrieving management-related information from them, such as a list of connected users. Instead of opening this port, however, consider publishing the CMC. Using CMC as a published application on your Citrix MetaFrame servers, you would have only to open the ports necessary to access the published application (port 1494, 1603, or 80) between the management station and the server farm.
Citrix MetaFrame XP to data collector communication (TCP port 2512)This port must be open both ways between every Citrix MetaFrame XP server in the farm. This port is normally used by the Citrix MetaFrame XP servers to communicate updates to the server acting as the data collector for the zone. Data collectors on different zones, in the same farm also use this port to keep each other updated on changes to the farm.
These port numbers can now be changed using the imaport command available with Feature Release 1 for MetaFrame XP.
Citrix MetaFrame XP to Microsoft SQL data storeIf your Citrix MetaFrame XP server needs to communicate with a Microsoft SQL data store, you need to open up TCP port 1433 in both directions between all the MetaFrame XP servers and the Microsoft SQL Server. If they use domain authentication and not SQL Server authentication, you also might need to open up TCP port 88/137/138/139 (domain logon and NetBIOS browsing) between the MetaFrame XP servers and the SQL Server and between the SQL Server and the domain controllers for the domain that the service authenticates against. It is recommended for the sake of simplicity to use SQL Server authentication instead when creating the ODBC connection to the database. In SQL Server 2000, you can easily change the port used using the SQL Server Network Utility.