Would that only affect users connecting to the external broker?  How would I re enable it when they came back into the office?  Thank you!!

Typically you would have a security server for external users and a connection broker for your internal users.

So if you disallowed this port then it should not be possible to connect a USB device when coming from an external connection.

First, thank you for your help!

We have disabled the users from connecting via RDP.  If I was to disable TCP 32111 then I just want to make sure that they will still be able to use the USB devices here in the office.  Another thing, will this disable the USB keyboard and mouse that they could be using while at home?

Yes, if you are disallowing it from the correct server.

Keyboard, mouse and smartcard-readers will not be affected.

// Linjo

We have confirmed over and over that TCP 32111 is blocked on the external security brokers and USB redirection is still working when I try and access it from outside the office.  Any other ideas?

That's strange, maybe fire up a wireshark session to look at how the traffic goes.

This poster is pretty clear about the traffic: VMware KB: Network port diagram for Horizon View

We ended up upgrading our test environment to 5.3.  As soon as we did that I had TCP 32111 blocked on the security servers and after a few minutes USB redirection was no longer working when connecting from outside the office.  Could this possibly be working as needed because of the upgrade?  We were using 5.1.2 on our test environment when we did the USB redirection test the first time and it did not work.  Thanks for your help!