What are the appropriate Firewall\VLAN ACL Rules for this situation?
Does this all look correct? The Connection Server is on VLAN 6 172.16.6.166 with the windows firewall on with the default rules. The Virtual Desktops are on VLAN 4, the windows firewall is off. The client access devices running the Horizon View client are on VLAN 2 and VLAN 4 without local firewalls. We dont use MMR or RDP. When a connection is being negotiated, doesnt the agent need to talk back to the client on random ports? Is there a way to configure a range for the pcoip and usb agents to use?
The KB you linked is what we used to come up with the above ACL's. We are using an HP Procurve core switch. Its firewall and ACL's are not statefull. It appears that the USB and some other traffic that returns from the initial connection is on random ports using RPC. Are these RPC port ranges configurable or even documented?