LeighO2
Contributor
Contributor

Block VMware Horizon Admin Console from outside the network

I believe in earlier versions of Horizon View (5.3) there was an option to limit access to the Horizon Console for remote users.  I have looked at the Horizon Config and the UAG settings and can not find an easy way to do this anymore.  Does anyone have a good solution for this since that is a security hole or do I need to request an enhancement? 

0 Kudos
3 Replies
sjesse
Leadership
Leadership

If you consider this a security hole, which I agree, you should put the connection servers behind a firewall. Everyone can access them through a uag, thats the way we do it. Outside of that there really isn't an option. If you use the secure gateway on the uag you can't get to the /admin console.because those redirect the connections directly to the vm from the uag, you just need a rule to allow the uag to talk to the connection server.

0 Kudos
NathanosBlightc
Commander
Commander

What's your network structure? How did you setup the local servers and protect them against the external access? You can restrict the view connection server by putting it behind a firewall or define firewall rules inside the windows built-in firewall and limit the vmware view web access (80,443) by allow only local subnets.

Please mark my comment as the Correct Answer if this solution resolved your problem
0 Kudos
markbenson
VMware Employee
VMware Employee

Access from outside the network should go through UAG. This is for Horizon client user access, not for admin access.

UAG already blocks access to Horizon /admin. This is the default. Admin access from outside should not be allowed via UAG so leave the settings as default.

0 Kudos