Reserve Port(s)
|
The port(s) you want the TS
agent to ignore. Enter the ports you want to exclude as a comma-separated list.
The TS
agent automatically populates Reserve Port(s) with default port values for the Citrix MA Client (2598), Citrix Provisioning (6910), and Windows Terminal Server (3389). If you do not exclude the proper ports, applications requiring those ports might fail.
The value you specify in the TS
agent
Reserve Port(s) field must match one of the the Citrix Provisioning First and Last UDP port numbers ports.
Caution
|
Failure to specify the correct port will cause clients to fail to boot.
|
Note
|
If a process on your server is using or listening in on a port that is not in your System Ports range, you must manually exclude that port using the Reserve Port(s) field.
|
Note
|
If there is a client application installed on your server and the application is configured to bind to a socket using a specific
port number, you must use the Reserve Port(s) field to exclude that port from translation.
|
|
Typically one of the following:
-
2598,3389 (the Citrix MA Client and Windows Terminal Server ports)
-
2598,3389, 6910 (the Citrix MA Client, Windows Terminal Server, and Citrix Provisioning ports)
|
Max User Sessions
|
The maximum number of user sessions you want the TS
agent to monitor. A single user can run several user sessions at a time.
This version of the TS
agent supports 29 user sessions by default, up to a maximum of 199 user sessions.
|
29 (the maximum supported value in this version of the TS
agent)
|
Server NIC
|
This version of the TS
agent supports using a single network interface controller (NIC) for port translation and server-system communications. If two
or more valid NICs are present on your server, the TS
agent performs port translation only on the address you specify during configuration.
The TS
agent automatically populates this field with the IPv4 address and/or IPv6 address for each NIC on the server where the TS
agent is installed. A valid NIC must have a single IPv4 or IPv6 address, or one of each type; a valid NIC cannot have multiple
addresses of the same type.
Note
|
If the server's IP address changes, you are prompted to save the configuration and reboot the server to make the change effective.
|
Note
|
You must disable router advertisement messages on any devices connected to your server. If router advertisements are enabled,
the devices may assign multiple IPv6 addresses to NICs on your server and invalidate the NICs for use with the TS
agent.
|
|
Ethernet 2 (192.0.2.1) (a NIC on your server)
|
System Ports
|
The port range you use for system processes. The TS
agent ignores this activity. Configure a Start port to indicate where you want to begin the range. Configure a Range value to indicate the number of ports you want to designate for each individual system process.
Cisco recommends a Range value of 5000 or more. If you notice the TS
agent frequently runs out of ports for system processes, increase your Range value.
Note
|
If a system process requires a port that falls outside your designated System Ports, add the port to the Exclude Port(s) field. If you do not identify a port used by system processes in the System Ports range or exclude it, system processes might fail.
|
The TS
agent automatically populates the End value using the following formula:
( [Start value] + [Range value] ) - 1
If your entries cause the End value to exceed the Start value of User Ports, you must adjust your Start and Range values.
|
Start set to 10000 and Range set to 5000
|
User Ports
|
The port range you want to designate for users. Configure a Start port to indicate where you want to begin the range. Configure a Range value to indicate the number of ports you want to designate for TCP or UDP connections in each individual user session.
Note
|
ICMP traffic is passed without being port mapped.
|
Cisco recommends a Range value of 1000 or more. If you notice the TS
agent frequently runs out of ports for user traffic, increase your Range value.
Note
|
When the number of ports used exceeds the value of Range, user traffic is blocked.
|
The TS
agent automatically populates the End value using the following formula:
[Start value] + ( [Range value] * [Max User Sessions value] ) - 1
If your entries cause the End value to exceed 65535, you must adjust your Start and Range values.
|
Start set to 15000 and Range set to 1000
|
Ephemeral Ports
|
Enter a range of ephemeral ports (also referred to as dynamic ports) to allow the TS
agent to monitor.
|
Start set to 49152 and Range set to 16384
|
Unknown Traffic Communication
|
Check Permit to allow the TS
agent to permit traffic over System ports; however, the TS
agent does not track port usage. System ports are used by the Local System account or other local user accounts. (A local user
account exists only on the TS
agent server; it has no corresponding Active Directory account.) You can choose this option to permit the following types of traffic:
-
Permit traffic run by the Local System account (such as Server Message Block (SMB)) instead of being blocked. The management center identifies this traffic as coming from the Unknown user because the user does not exist in Active Directory.
Enabling this option also enables you to successfully test the connection with the management center if you log in to the TS
agent server using a local system account.
-
When a user or system session exhausts all available ports in its range, the TS
agent allows the traffic over ephemeral ports. This option enables the traffic; the management center identifies the traffic as coming from the Unknown user.
This is especially useful when System ports are needed for keeping system healthy, such as domain controller updates, authentications,
Windows Management Interface (WMI) queries, and so on.
Uncheck to block traffic on system ports.
|
n/a
|