VMware Horizon Community
BearHuntr
Contributor
Contributor
Jump to solution

A bit confused about port 32111

So, I'm testing out View 4.6 with PCoIP Security Gateway setup and the documentation mentions using port 32111 for USB redirection.  It's not very clear about where to open this port and between what devices.  Our security server is inside of a DMZ and we have firewalls on both the inside and the outside.  Can anyone clearly explain where exactly to open this port, specifically when using PCoIP remotely?  Thanks!

Reply
0 Kudos
1 Solution

Accepted Solutions
mittim12
Immortal
Immortal
Jump to solution

32111 from security server to VM is a given.  I think that maybe the 32111 from client to security server is being tunneled even when using PCOIP.   As I said earlier we don't have the port open to the public and I can redirect just fine when using PCOIP. 

View solution in original post

Reply
0 Kudos
14 Replies
mittim12
Immortal
Immortal
Jump to solution

Page 61 of the following link should give you all the firewall rules needed.  http://www.vmware.com/pdf/view-46-architecture-planning.pdf

Reply
0 Kudos
BearHuntr
Contributor
Contributor
Jump to solution

That's the page where it doesn't seem to be very clear.  For every other port, it has a nice chart of the source, destination, port, and protocol.  the mention of port 32111 is just a footnote without defining the source and destination.  Is it identical to what is listed for port 4172?  So, it would only be needed on the back-end firewall and it would need to be between the security server and the View Desktop?

Reply
0 Kudos
mittim12
Immortal
Immortal
Jump to solution

So from the way I read it 32111 from Security server to VDI desktop for RDP and for PCOIP 32111 from client to VDI desktop.  

BearHuntr
Contributor
Contributor
Jump to solution

Can anyone confirm that this is indeed the case?  Thanks!

Reply
0 Kudos
mittim12
Immortal
Immortal
Jump to solution

To be honest that is just the way I read it.  I do not remember requested 32111 for any DMZ devices after we started using PCOIP for external access.  I also just verified I could redirect a usb headset from outside of our network with PCOIP as the protocol.  It worked without any problems.

Reply
0 Kudos
cerick01
Contributor
Contributor
Jump to solution

Port 32111 is used for USB on RDP and PCoIP connections from a non PCoIP hardware based device. An example would be a Windows client with View Client installed running PCoIP to a VM. The Client would use port 32111 (USB) and 4172 (PCoIP). A hardware based PCoIP client (WYSE p20) would just use 4172 for USB and PCoIP.

Hope this helps.

Chad

Reply
0 Kudos
mittim12
Immortal
Immortal
Jump to solution

Chad, the question is in regards to a Security server setup.  If you read everything it implies that when using PCOIP that 32111 needs to be open for the path from client to vdi desktop.

My only guess is that the USB redirection traffic being tunneled through the security server even when using PCOIP.  

Reply
0 Kudos
BearHuntr
Contributor
Contributor
Jump to solution

Chad's response wasn't exactly what I was looking for, but it is helpful to know.  So, if I'm connecting via PCoIP from a Windows client, you think that I would need to have have port 32111 open from that PC to the Security server and then also from the Security server to the VM?  I have my Network Admins set to open port 32111 between the Security server and the VM network shortly, so I will hopefully know whether that is enough, or if we have to also open that port to the public from the security server as well.  It's so odd that every other port is so clearly defined within the VMware documentation, but not this one.

Reply
0 Kudos
mittim12
Immortal
Immortal
Jump to solution

32111 from security server to VM is a given.  I think that maybe the 32111 from client to security server is being tunneled even when using PCOIP.   As I said earlier we don't have the port open to the public and I can redirect just fine when using PCOIP. 

Reply
0 Kudos
BearHuntr
Contributor
Contributor
Jump to solution

I'm hoping that is what is required, I'll report my findings when I get confirmation of the port opening by my network team.  Thanks for the responses!

Reply
0 Kudos
markbenson
VMware Employee
VMware Employee
Jump to solution

I agree it could be clearer in the documentation. The Windows and Linux View Client will tunnel TCP 32111 through the HTTPS connection to the Security Server (or Connection Server if you don't have a Security Server). This means you don't need to allow TCP 32111 in to the Security Server from the Internet. The Security Server will then use TCP 32111 to the virtual desktop.

Mark.

BearHuntr
Contributor
Contributor
Jump to solution

So, everything is set and I can confirm that only the port opening between the security server and the VMs was needed.  This could definitely be made clearer in the documentation.  Thanks for all of the replies!

Reply
0 Kudos
markbenson
VMware Employee
VMware Employee
Jump to solution

Glad you got it working. Thanks for the update. We'll get the documentation improved.

Mark.

Reply
0 Kudos
alexanderjn
Enthusiast
Enthusiast
Jump to solution

Oddly enough the answer is in the documentation, but not where you might expect. If you look at the Architecture Planning Guide (p. 51) under the section "Tunneled Client Connections with Microsoft RDP" it says:

"Clients that use the PCoIP display protocol can use the tunnel connection for USB redirection and multimedia redirection (MMR) acceleration, but for all other data, PCoIP uses the PCoIP Secure Gateway on a security server."

In that statement "tunnel connection" here refers to the RDP over HTTPS tunnel.

Reply
0 Kudos