Network Requirements for XDESK Citrix Secure Workspace Access
To ensure a seamless experience when accessing your XDESK Citrix Secure Workspaces, the following outbound firewall and router settings must be enabled at your site. These settings allow users to access all available features, including secure desktop access, Microsoft Teams VDI optimization (SlimCore), Zoom media redirection, HDX Direct, and enhanced Citrix security tools like App Protection.
If your local router blocks outbound traffic, then make exceptions for the following outbound traffic on the ports listed below:
| Service | Firewall | Protocol | Port(s) |
|---|---|---|---|
General Access for:
|
Filter – Allow Outbound | TCP + UDP | 80, 443 |
| Citrix (STUN, Teams Slimcore, Zoom) | Filter – Allow Outbound | UDP | 3478-3481, 19302 |
| Citrix (STUN fallback) | Filter – Allow Outbound | UDP | 443 |
| Citrix (Audio & HDX Direct) | Filter – Allow Outbound | UDP | 1494, 2598, 16500–16509 (Audio), 55xxx–56xxx (HDX Direct per VDA policy) |
| Citrix (ICA, Fallback) | Filter – Allow Outbound | TCP | 1494, 2598, 8008 |
| Zoom VDI | Filter – Allow Outbound | UDP | 8801–8810 |
| Zoom VDI | Filter – Allow Outbound | TCP | 8801–8802 |
| DNS | Filter – Allow Outbound | UDP | 53 |
| NTP (optional) | Filter – Allow Outbound | UDP | 123 |
| Port Summary | TCP | 80, 443, 1494, 2598, 8008, 8801–8802 | |
| UDP | 53, 80, 123, 443, 3478, 19302, 1494, 2598, 16500–16509, 55xxx–56xxx, 3478–3481, 8801–8810 |
Additional Notes:
- No inbound ports need to be opened.
- Deep Packet Inspection (DPI) or HTTPS filtering may interfere with Teams/Zoom and should be bypassed for trusted services.
- For the best experience, ensure your firewall or proxy does not block or inspect UDP traffic on the listed ports.
- If using MikroTik routers, ensure the following hostnames are added to the SAFE HOSTS address list:
- The client’s data center domain (e.g., a-67-0.x.direct) should also be added to the SAFE HOSTS list.
If you’re unsure how to configure these settings, our support team is happy to work with your IT provider to assist with the setup.
Post your comment on this topic.