Jump to content
Welcome to our new Citrix community!

One-arm vs Two-arm and DMZ's

Simon Smith

Recommended Posts

Scenario:  2 DataCentre's, CVAD 7.x and VPX appliances in both

Intention: To provide Citrix gateway and load balancing citrix services (storefront and XML)

Question: Are only 2 VPX instances (1 in each DC) running in 2 arm mode secure? or should i be running 2 VPX instances in the DMZ for gateway and 2 for internal load balancing? whats best practice? I've seen it done both ways but if we can use only 2 VPX's and use for external gateway and provide load balancing for internal clients that we'd go with that option. 



Link to comment
Share on other sites

If you connect your ADC to two different security zones, then traffic can enter in one zone and exit in a different zone, thus bypassing a firewall. More specifically, traffic enters a DMZ VIP and exits an internal SNIP thus bypassing the DMZ-to-internal firewall. I always recommend separate appliances for DMZ and Internal.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...