View uses TCP and UDP ports for network access between its components.

During installation, View can optionally configure Windows firewall rules to open the ports that are used by default. If you change the default ports after installation, you must manually reconfigure Windows firewall rules to allow access on the updated ports. See "Replacing Default Ports for View Services" in the View Installation document.

Table 1. TCP and UDP Ports Used by View

Source

Port

Target

Port

Protocol

Description

Security server, View Connection Server, or Access Point appliance

55000

Horizon Agent

4172

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Security server, View Connection Server, or Access Point appliance

4172

Horizon Client

*

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Note:

Because the target port varies, see the note below this table.

Security server

500

View Connection Server

500

UDP

IPsec negotiation traffic.

Security server

*

View Connection Server

4001

TCP

JMS traffic.

Security server

*

View Connection Server

4002

TCP

JMS SSL traffic.

Security server

*

View Connection Server

8009

TCP

AJP13-forwarded Web traffic, if not using IPsec.

Security server

*

View Connection Server

*

ESP

AJP13-forwarded Web traffic, when using IPsec without NAT.

Security server

4500

View Connection Server

4500

UDP

AJP13-forwarded Web traffic, when using IPsec through a NAT device.

Security server, View Connection Server, or Access Point appliance

*

Horizon Agent

3389

TCP

Microsoft RDP traffic to View desktops when tunnel connections are used.

Security server, View Connection Server, or Access Point appliance

*

Horizon Agent

9427

TCP

Windows Media MMR redirection and client drive redirection when tunnel connections are used.

Security server, View Connection Server, or Access Point appliance

*

Horizon Agent

32111

TCP

USB redirection and time zone synchronization when tunnel connections are used.

Security server, View Connection Server, or Access Point appliance

*

Horizon Agent

4172

TCP

PCoIP if PCoIP Secure Gateway is used.

Security server, View Connection Server, or Access Point appliance

*

Horizon Agent

22443

TCP

VMware Blast Extreme if Blast Secure Gateway is used.

Security server, View Connection Server, or Access Point appliance

*

Horizon Agent

22443

TCP

HTML Access if Blast Secure Gateway is used.

Horizon Agent

4172

Horizon Client

*

UDP

PCoIP, if PCoIP Secure Gateway is not used.

Note:

Because the target port varies, see the note below this table.

Horizon Agent

4172

View Connection Server, security server, or Access Point appliance

55000

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Horizon Agent

4172

Access Point appliance

*

UDP

PCoIP. View desktops and applications send PCoIP data back to an Access Point appliance from UDP port 4172 .

The destination UDP port will be the source port from the received UDP packets and so as this is reply data, it is normally unnecessary to add an explicit firewall rule for this.

Horizon Client

*

View Connection Server or security server or Access Point appliance

80

TCP

SSL (HTTPS access) is enabled by default for client connections, but port 80 (HTTP access) can be used in certain cases. See HTTP Redirection in View.

Horizon Client

*

View Connection Server, security server, or Access Point appliance

443

TCP

HTTPS for logging in to View. (This port is also used for tunnelling when tunnel connections are used.)

Horizon Client

*

View Connection Server or security server or Access Point appliance

4172

TCP and UDP

PCoIP if PCoIP Secure Gateway is used.

Horizon Client

*

Horizon Agent

3389

TCP

Microsoft RDP traffic to View desktops if direct connections are used instead of tunnel connections.

Horizon Client

*

Horizon Agent

9427

TCP

Windows Media MMR redirection and client drive redirection, if direct connections are used instead of tunnel connections.

Horizon Client

*

Horizon Agent

32111

TCP

USB redirection and time zone synchronization if direct connections are used instead of tunnel connections.

Horizon Client

*

Horizon Agent

4172

TCP and UDP

PCoIP if PCoIP Secure Gateway is not used.

Note:

Because the source port varies, see the note below this table.

Horizon Client

*

Horizon Agent

22443

TCP and UDP

VMware Blast

Horizon Client

*

View Connection Server, security server, or Access Point appliance

4172

TCP and UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Note:

Because the source port varies, see the note below this table.

Web Browser

*

Security server or Access Point appliance

8443

TCP

HTML Access.

View Connection Server

*

View Connection Server

48080

TCP

For internal communication between View Connection Server components.

View Connection Server

*

vCenter Server or View Composer

80

TCP

SOAP messages if SSL is disabled for access to vCenter Servers or View Composer.

View Connection Server

*

vCenter Server

443

TCP

SOAP messages if SSL is enabled for access to vCenter Servers.

View Connection Server

*

View Composer

18443

TCP

SOAP messages if SSL is enabled for access to View Composer.

View Connection Server

*

View Connection Server

4100

TCP

JMS inter-router traffic.

View Connection Server

*

View Connection Server

4101

TCP

JMS SSL inter-router traffic.

View Connection Server

*

View Connection Server

8472

TCP

For interpod communication in Cloud Pod Architecture.

View Connection Server

*

View Connection Server

22389

TCP

For global LDAP replication in Cloud Pod Architecture.

View Connection Server

*

View Connection Server

22636

TCP

For secure global LDAP replication in Cloud Pod Architecture.

Access Point appliance

*

View Connection Server or load balancer

443

TCP

HTTPS access. Access Point appliances connect on TCP port 443 to communicate with a View Connection Server instance or load balancer in front of multiple View Connection Server instances.

View Composer service

*

ESXi host

902

TCP

Used when View Composer customizes linked-clone disks, including View Composer internal disks and, if they are specified, persistent disks and system disposable disks.

Note:

The UDP port number that clients use for PCoIP might change. If port 50002 is in use, the client will pick 50003. If port 50003 is in use, the client will pick port 50004, and so on. You must configure firewalls with ANY where an asterisk (*) is listed in the table.