There are ports which needs to be open on a firewall when installing VMware Horizon View. The best way to get started with Horizon View is to follow an excellent VMware PDF called – VMware Horizon View 6 Evaluator's guide. However keep in mind that good knowledge of required firewall ports for VMware Horizon View deployments is a must.
VMware Horizon View Firewall ports has to be open to pass the traffic for SSH, DNS, HTTP, Https, vSphere Client, ESXi heart beat… Quite a few components must works together to provide functions that are expected. In fact the ports gest opened on the View connection server during the installation – automatically.
It makes some part of the installation perhaps more easier, but this is not to forget that other parts of the infrastructure has to communicate together. In between three is perhaps a firewall, so knowing which ports has to be opened is quite crucial. There is quite a lot of ports to think of.
There is a nice “utility” which might help, it's a PDF poster which has all the ports listed. In addition you get the details which ports needs to get configured where (outside, DMZ, LAN). The poster is present in this KB: VMware KB 2061913
Screenshot from VMware KB 1027217 regularly updated:
View Connection/Security servers are usually deployed in DMZ and acts as proxy for horizon view clients. As a best practices for both Security Servers and Connection Servers is to keep the Windows Firewall turned on. During the install process the installer notifies you that your firewall isn't On. The installer opens the ports during install.
If the firewall on either server is turned off, View will not be able to use IPSEC when communicating. Security servers has to be paired with connection servers. Static IP is a requirement here.
The front-end security servers needs to have following ports opened:
- HTTP – TCP 80 In
- HTTPS – TCP 443 In
- PCoIP – TCP 4172 In, UDP 4172 both directions
Even if planning small deployment, the View Connection Server must be installed on its own dedicated server. It must NOT be installed on the vCenter server or a domain controller. So the smallest view infrastructure needs four components:
- ESXi
- vCenter
- View Connection Server
- Active Directory
VMware Horizon View 6 dropped the local mode which allowed to do some work done without network connection.
There is also VCOPS for View 6 which brings new enhancements to monitoring View desktops and architecture from within VCOPS. As a result, other ports needs to be opened. Check the VMware KB bellow.
VMware horizon View 6 documentation links:
- Firewall Rules for View Connection Server
- Firewall Rules for View Agent
- Firewall Rules for Active Directory
Those are ports between the virtual desktop and VMware View client:
TCP ports
32111 (TCP) – in and out. Facilitates USB redirection between your View Client and Virtual Desktop.
9427 (TCP) – Multimedia Redirection (MMR) is supported by View Client
PCoIP Ports
4172 (TCP/UDP) – View 4.5 and later, required for the PCoIP display protocol.
RDP Ports
3389 (TCP) – in and out. Microsoft Remote Desktop Protocol (RDP)
Connection Server Ports
4001 (TCP) – in and out. View agent reporting.
All the ports and requirements can be found in this VMware KB – link.
