New Member

Question

FSSO Citrix Terminal Agent Port Allocation Pool

Forum|Forum|9 years ago
August 15, 2016
2 replies
12667 views

Hi,

I have a question about the port allocation pool in FSSO Terminal Server Agent for Citix.

The default port range is 20000-49000.

What port range is used by the citrix server? What if a user will have a source port 65000 allocatted by the citrix server? Will the FSSO recognize that?

It is not a question to this forum but how can I find the port range configured on the Citrix server itself?

Or it does mean that the FSSO TS will do something like a Source Port NAT to fit the sessions to the port range configured on it?

I have a Citrix 7.9 set up in the LAB and playing around the settings bud did not find anything whether the FSSO TS agent port range and the Citrix server port range has to match or not.

Citrix.JPG

Fishbone_FTNT

Staff

Hi!

> What port range is used by the citrix server?

Port range is based on system allocation pool. System pool is used by OS. TSagent will use ports out of this range.

> What if a user will have a source port 65000 allocatted by the citrix server? Will the FSSO recognize that?

Newer versions (build >= 249) of TSAgent can detect it, and should not alter it.

> how can I find the port range configured on the Citrix server itself?

It's the system allocation pool, if I understand the question well.

> Or it does mean that the FSSO TS will do something like a Source Port NAT to fit the sessions to the port range configured on it?

No, it's not NATting, TSAgent is really allocating those ports to applications. You can check yourself with netstat command, you should see user applications are using ports from range you configured.

Cheers,

Fishbone )(

AtiTAuthor

New Member

Hello Fishbone,

Thank you very much!

So it means that the System Dynamic Allocation Port Range (on the picture above) means that these ports will be used by the OS - Windows 2012 R2 in my case.

It seems to be correct according to https://support.microsoft.com/en-us/kb/832017

[ul]

If your computer network environment uses only Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista, you must enable connectivity over the high port range of 49152 through 65535.[/ul]

Should I set the Port Allocation Pool to this range? If I leave the defaults I can see on the FSSO Agent the the ports starting from 20000 are used. Netstat also shows source ports from 20000.

How it is possible if the OS port range is 49152 through 65535?

I do not understand.

Citrix2.JPG

Fishbone_FTNT

Staff

Hi,

> So it means that the System Dynamic Allocation Port Range (on the picture above) means that these ports will be used by the OS

yes, exactly.

> Should I set the Port Allocation Pool to this range?

No, keep it as it is. Your port range is OK, it is outside of system allocation port range. Basically you are telling the system to use port 49152 through 65535, and the rest is kept for applications.

> How it is possible if the OS port range is 49152 through 65535?

The range itself differs across OS versions and is predefined, but still configurable. You can use netsh to change it (if there is a reason for this -- don't think it's your case).

As you see on FSSO CA screenshot, you received TSAgent logons with ports starting at 20000. That's correct, expected behavior. You should see also user traffic coming from those ports on Fortigate.

I don't know exactly why has TSAgent chosen to start at 20000 and not for example at 1024, but you can adjust the setting yourself. Just keep in mind you don't want to overlap with system allocation pool range detected by TSAgent.

Fishbone )(

Fishbone_FTNT

Staff

I see you are located in Czech Republic. Me too! :)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded