Solved: Firewall Question

bradstaenglen · ‎04-24-2012

Hi Everyone,

Have a quick question. Our environment has Offshore users. These users go through a Site VPN to get to us where our firewall is blocking alot of ports required for VMware. What we are wondering is this, We have to open ports in the firewall, do we open ports for their desktops to hit our Connection Server? We were toying with the idea, but someone mentioned that we may also have to open the same ports for each desktop they have to every possible VM IP.

So in short, will opening the firewall for a set subnet to the connection server, ports 80, 443, and 4172, do the trick? If we do that will we also have to open the firewall for their subnet to connect to each VM? or do we have to look at having the offshore team connect to an in-network Security server where we would open the ports for that instead.

Thanks,

Brad

mittim12 · ‎04-24-2012

No problem at all. If you have any issues or questions just let us know.

View solution in original post

mittim12 · ‎04-24-2012

Check out page 56 of the architecture guide. http://pubs.vmware.com/view-50/topic/com.vmware.ICbase/PDF/view-50-architecture-planning.pdf

bradstaenglen · ‎04-24-2012

They aren't true "external" users in our case. we have the site VPN established so it's just ports blocked on the firewall end. we also won't have the security server in the DMZ, have you seen it be used locally before?

bradstaenglen · ‎04-24-2012

mittim thank you for pointing me in the right direction. I read page 64-66 and it looks like the security server is just another layer. I feel confident that we will be ok just requesting ports be opened for the connection server

mittim12 · ‎04-24-2012

No problem at all. If you have any issues or questions just let us know.

All

Firewall Question