VMware Horizon Community
OleWeel
Enthusiast
Enthusiast
Jump to solution

Ports open back to the view client

Hi,

I have seen many different information regarding ports and what needs to be open for a vmware view client that connects to a security server behind a firewalll.

What I need to confirm is the following

Do the firewall need to open port UDP 4172 from the source security server and out to the internett since this is reply UDP pack?

I have seen links that inform about this, and links that doesnt... problem is related to black screen and disconnect when we use pcoip and works ok with rdp.

Thanks for answers.

/R

Ole

Regards Andreas
Reply
0 Kudos
1 Solution

Accepted Solutions
markbenson
VMware Employee
VMware Employee
Jump to solution

All the ports required for View for Security Servers in the DMZ etc. are listed in the View 5.2 Security Guide. http://pubs.vmware.com/view-52/topic/com.vmware.ICbase/PDF/horizon-view-52-security.pdf

You can look at the specific rules for Security Server here - View 5.2 and 5.3 Firewall Rules for DMZ-Based Security Servers

It is best to just look at the VMware official documentation for the particular version of View you are using.

It is certainly true that if you block any of the ports needed for PCoIP (in a firewall or proxy etc.) you will get a black screen. There are other reasons as well if it is not configured correctly. There are three important config steps for PCoIP remote access and these are described here https://communities.vmware.com/docs/DOC-14974

In answer to your specific question about ports back to the client, the firewall rules for PCoIP state:

PCoIP between View Client and Security Server

  • TCP destination port 4172 from Client to Security Server
  • UDP destination port 4172 from Client to Security Server
  • UDP source port 4172 from Security Server to Client (this is the reply UDP data)

PCoIP between Security Server and virtual desktop

  • TCP destination port 4172 from Security Server to virtual desktop
  • UDP destination port 4172 from Security Server to virtual desktop
  • UDP source port 4172 from virtual desktop to Security Server (this is the reply UDP data)

It is the third line of each of these rule sets that refers to ports back to the client. In general though, when you allow UDP data through the firewall (e.g. for UDP port 4172 from the Internet to the DMZ) the rule for the reply UDP data from UDP source port 4172 back to the client is implied and doesn't need to be set up explicitly.

Double check the three steps and it should resolve your problem. If you still can't set it up, go through the video at the bottom of the above link as it talks you through the correct setup for PCoIP remote access.

Let us know what it was.

Mark

View solution in original post

Reply
0 Kudos
2 Replies
vcpguy
Expert
Expert
Jump to solution

Check this link, I think it will help you - VMware KB: Network port diagram for Horizon View

----------------------------------------------------------------------------- Please don't forget to reward Points for helpful hints; answers; suggestions. My blog: http://vmwaredevotee.com
markbenson
VMware Employee
VMware Employee
Jump to solution

All the ports required for View for Security Servers in the DMZ etc. are listed in the View 5.2 Security Guide. http://pubs.vmware.com/view-52/topic/com.vmware.ICbase/PDF/horizon-view-52-security.pdf

You can look at the specific rules for Security Server here - View 5.2 and 5.3 Firewall Rules for DMZ-Based Security Servers

It is best to just look at the VMware official documentation for the particular version of View you are using.

It is certainly true that if you block any of the ports needed for PCoIP (in a firewall or proxy etc.) you will get a black screen. There are other reasons as well if it is not configured correctly. There are three important config steps for PCoIP remote access and these are described here https://communities.vmware.com/docs/DOC-14974

In answer to your specific question about ports back to the client, the firewall rules for PCoIP state:

PCoIP between View Client and Security Server

  • TCP destination port 4172 from Client to Security Server
  • UDP destination port 4172 from Client to Security Server
  • UDP source port 4172 from Security Server to Client (this is the reply UDP data)

PCoIP between Security Server and virtual desktop

  • TCP destination port 4172 from Security Server to virtual desktop
  • UDP destination port 4172 from Security Server to virtual desktop
  • UDP source port 4172 from virtual desktop to Security Server (this is the reply UDP data)

It is the third line of each of these rule sets that refers to ports back to the client. In general though, when you allow UDP data through the firewall (e.g. for UDP port 4172 from the Internet to the DMZ) the rule for the reply UDP data from UDP source port 4172 back to the client is implied and doesn't need to be set up explicitly.

Double check the three steps and it should resolve your problem. If you still can't set it up, go through the video at the bottom of the above link as it talks you through the correct setup for PCoIP remote access.

Let us know what it was.

Mark

Reply
0 Kudos