Firewall Policy - Citrix Client use

Hi! This is my 1st post as I am finally starting to set up my FG100A & FA100B (after 3 months of looking at them on my desk and being afraid... lol). I am sure I will have a few questions in the near future but please be patient with me as I am totally new to this stuff. I am in the process of setting all of the firewall policies and I was looking into what I need to do for allowing the Citrix ICA Client application to work. The server I am connecting to is external (WAN). I understand that I need to allow INTERNAL --> WAN - tcp port 1494 (or use the default winframe setting as described here: http://kc.forticare.com/default.asp?SID=&Lang=1&id=1568 What I don' t understand is where everwhere else I look for information (internet) I find that the consensus is that you also need to allow WAN --> INTERNAL - udp port range 1023 to 65535. Is this correct? Also, do I need to do this same thing INTERNAL --> WAN??? This seems crazy that I am going through all of this work to create firewall policies only to allow the essential stuff, then I am going to go and set the thing wide open on the top end so that I can connect to a Citrix server? Any help or suggestions in regards to this would be greatly appreciated. Maybe I am making the setup into more of a monster than it should be. I think that I am confusing myself actually. Thanks! Marc Jones