CIRTIX PORTS TO KNOW ABOUT

It is good to know as much of the ports used by Citrix XenApp – the new name for Citrix Presentation Server.
There are other ports too but I felt they weren’t important
. Many of these are not Citrix ports but rather the service ports that we use to communicate into the infrastructure (such as LDAP). Hope this helps someone.

Definitely nice to see that regardless of all of these ports, all clients/users need to connect are HTTP(S)-TCP ports 80 or 443.

NOTE: For more information on commonly known ports, visit http://www.iana.org/assignments/port-numbers.

Application Performance Monitoring (powered by Citrix EdgeSight)
EdgeSight Agent to Edgesight Server – TCP 80/443 (Payload and alerts)
EdgeSight Web console (non-IMA) to RSCorSvc on EdgeSight Agent – TCP 9035
EdgeSight Agent internal communication – TCP 9036 (client-side database) NOTE: After EdgeSight 4.5, replaced with IPC)
EdgeSight database – SQL 1433 (configurable)
Client-side Application Virtualization –
Streaming Client to Application Hub (File Server/Share) – SMB 445
EasyCall –
To client – HTTP(S)-TCP 8443 (PSync)
To Admin console (non-IMA) – TCP 443
To LDAP Directory- TCP 389
To PBX – port varies by vendor
Independent Management Architecture (IMA) Services – TCP 2512, 2513
Licensing Service – TCP 27000, 27009 (configurable)
Server-side Application Virtualization
Management Console (Using IMA) – TCP 2512, 2513
Application requests – TCP XML 80, 8080 or 443 (configurable)
Access to Applications Virtualized on the Server – ICA-TCP 1494, 2598 (Session Reliability)
Single Sign-on (powered by Citrix Password Manager)
Management Console (non-IMA) or Agent to Password Manager Service – TCP-443
Management Console (non-IMA), Agent or Service to credential store
Network File Share Credential Store – TCP/UDP 445 (CIFS) or TCP/UDP 135-139 (NetBIOS)
Active Directory Credential Store – TCP/UDP – 389, 636, TCP – 3268, 3269
Novell File Share Credential Store – TCP/UDP – 524
SmartAccess (powered by Citrix Access Gateway)
Standard and Advanced Edition
Client connections- TCP-SSL 443 (configurable)
Advanced Access Control (AAC) to Appliance communication – TCP 80 or 443 (configurable), 9001, 9002, 9005
Management Console
to Appliance (non-IMA) – 9001, 9002, 9005
to AAC – IMA-TCP-2513
Enterprise Edition
To client – SSL-TCP 443
To internal network – SSL-TCP 443, Native Authentication port (i.e. RADIUS 1812, LDAP 389), Native application ports (i.e. ICA-1494)
Management console (non-IMA) – SSH-TCP 22, HTTP(S)-TCP 80/443
SmartAuditor –
Management (non-IMA) – Use local console on Agent or on Server.
Agent to Broker (Recording and Policy Check) – TCP 80/443 (configurable)
Player to Broker – TCP 80/443 (configurable)
Agent to Server (Metadata and Video)- Microsoft Message Queuing,
Default – TCP: 1801; RPC: 135, 2101*, 2103*, 2105*; UDP: 3527, 1801 (*These port numbers may be incremented by 11 if the initia choice of RPC port is being used when Message Queuing initializes. A connecting QM queries port 135 to discover the 2xxx ports.)
Over SSL- TCP 80,443
WAN Optimizer -Guidance provided was to get it from Admin Guide
Appliance to Appliance – Pass-through native application port (e.g. ICA-1494, HTTP-80, LDAP-389)
Management Console (non-IMA) – TCP 80
Client to Appliance – TCP 443
Web Interface
Client connections – TCP 80/443 (configurable)
Server-to-server – TCP XML 80/8080, 443 (using SSL Relay)
Management console (partially IMA) – DCOM 135 (+ configurable high port range), IMA-TCP 2513, TCP 80/443
Brian Madden created a webinar that helped to explain some core communications processes. That might also be useful and you can find it here (called Understanding and Designing Presentation Server Farms).