Enable the following ports for ICA, Workstation Agent, and CGP services: ports 80,1494,2598. TCP
For HDX Real time audio, open ports 16500-16509 UDP. (check with Citrix Policy’s if they are set)
For shadowing, enable the Windows Predefined “Remote Assistance” Firewall rule.
You may also wan’t to enable the Windows Predefined “Remote Desktop” Firewall rule
For monitoring, enable the Windows Predefined “Remote Management feature” Firewall rule
Besides that you might wan’t to consider the following “Predefined” Firewall rules
- Remote Administration
- Remote Event Log
- Remote Service Management
- Windows Management Instrumentation
For more information regarding port usage of Citrix products have a look here:
Manage your Windows Firewall’s by using a GPO when there is a large quantity of the same type of server/client.