as900w
Hot Shot
Hot Shot

How to make all ports of Horizon out from port 443

I want to only enable 443 port on firewall.

Client visit Horizon server with internet.

Can I use VMware UAG ?

Labels (1)
0 Kudos
3 Replies
markbenson
VMware Employee
VMware Employee

Yes. With Unified Access Gateway support access to Horizon from the Internet, everything can be done with just TCP 443.

Other ports are optional. i.e.:

PCoIP on TCP/UDP 4172

Blast on TCP 8443 and UDP 8443

UDP Tunnel on UDP 443

It is normal to allow TCP port 80 as well as TCP port 443. This is just so that Horizon user's don't have to enter https:// http port 80 will redirect to https 443.

0 Kudos
as900w
Hot Shot
Hot Shot

Is it configure like this PcoIP use 443?

1.PNG

But, When connection UAG, after user name and password.

show a error:

Could not establish tunnel connection

0 Kudos
BenFB
Virtuoso
Virtuoso

Your configuration looks correct. You will need to troubleshoot what is getting blocked. It's likely one of the following.

  • Are DNS queried allowed from the UAG to the DNS server to resolve the connection server URL?
  • Is TCP 443 allowed from the UAG to the connection server.
  • Is TCP 22443 allowed from the UAG to the Horizon Agent.
  • Verify the Blast/PCoIP tunnel is disabled on the connection server.
  • Verify routing is correct from the UAG to the connection server/Horizon Agent.
0 Kudos