Answer from the engineering team:
In general the Horizon functionality is unchanged, although there are differences with gateways. For example, using a security server, there is no automatic configuration of IPsec and the administrator must configure this himself. When UAG is installed in FIPS mode, it will do no pre-authentication, passing all authentication traffic straight through.
When installing in FIPS mode, it is important to understand that all components must be installed in FIPS mode, including clients. If this is not done, there is a high likelihood that communication will fail. (Since vSphere 6.5, vCenter and ESX always install in FIPS mode.) One particular difference is that in FIPS mode only TLSv1.2 can be used.
If the intention of installing in FIPS mode is to be Common Criteria compliant, it is important to know that we have not certified every component and feature. For details of what is certified, see https://www.commoncriteriaportal.org/files/epfiles/383-4-441%20VMware_Horizon%207_3_3_ST_v1.1.pdf
Finally, be aware that Horizon will not scale the same in FIPS mode because of a considerable performance overhead.
