Comparing ports 1494 and 2598 in a Citrix Session

When a user connects to a Citrix Session using a Citrix ICA Client (Citrix Receiver, Online Plugin or PNA Agent), the ICA client will utilize either port 1494 or port 2598 on the server to establish the connection. Port 1494 is the default port of an ICA connection and it was granted to Citrix by IANA back in the early days of the Internet.
However as part of the Citrix evolution, the company developed a project to create the Citrix Gateway Protocol (CGP), which included Session Reliability.

Session Reliability contains a secure communication over SSL and it also has the ability to maintain sessions when the SSL link fails. So think of Session Reliability as a VPN for the virtual channels used by Citrix and with a “built-in UPS battery” called buffer that allows a session to continue “active” even if the connection fails temporarily

One of Session reliability (SR) most common use cases is for hospitals and WI-FI hot spots. Some even say, that is the main reason why SR was originally designed for.

Let’s say you are doctor and you are at a hospital, reading a chart of your patient and you lose the Wi-FI connection as you move from point A to point B. The Citrix client (Receiver or Online Plugin or PNA agent) will hold the session on a buffer, so the user (in this case you, the doctor) can still read the chart, or another document, or a spreadsheet, so you can even continue to type the document without the active connection to the server. The Citrix client has a built-in buffer that will hold the session active and will store the keystrokes you typed (up to the limit of the buffer size. Once it reaches the limit you won’t be able to type anymore). Once the session is reestablished (you now move to another location where the WI-FI connection is established and your session is able to reconnect) the Citrix Client will send the buffered information or updates to the server via the CGP tunnel. The XTE service on the XenApp server is in charge of keeping the communication with the Citrix client so the ICA communication keeps going.

In the event of a XTE service failure (on the XenApp server) your connection no longer happens on port 2598 and falls back to port 1494 which is the default ICA connection port. When you have an issue with SR, you will see on the XenApp server event viewer error messages pertaining to CGP. That’s when you know SR/port 2598 is having problems.

Note that if your users connect via a Netscaler appliance or Access Gateway/Secure Gateway externally, and you did not specified Session Reliability for the external connections, you need to make sure you have port 1494 opened on your firewall. Ideally you always want to have both ports (1494 and 2598) opened, when you have a Citrix environemnt in place. Having SR and blocking port 1494 creates an issue where there is no fall back option in case of XTE service goes down, crashes or stops or is terminated. So, your network admin team should always be aware of maintaining both ports open internally and externally

Additional reading recommended:

Citrix Blogger – Very good reading material


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: