The View Agent and Horizon Agent installers optionally configure Windows firewall rules on remote desktops and RDS hosts to open the default network ports. Ports are incoming unless otherwise noted.
The View Agent and Horizon Agent installers configure the local firewall rule for inbound RDP connections to match the current RDP port of the host operating system, which is typically 3389.
If you instruct the View Agent or Horizon Agent installer not to enable Remote Desktop support, it does not open ports 3389 and 32111, and you must open these ports manually.
If you change the RDP port number after installation, you must change the associated firewall rules. If you change a default port after installation, you must manually reconfigure Windows firewall rules to allow access on the updated port. See "Replacing Default Ports for View Services" in the Horizon 7 Installation document.
Windows firewall rules for View Agent or Horizon Agent on RDS hosts show a block of 256 contiguous UDP ports as open for inbound traffic. This block of ports is for VMware Blast internal use in View Agent or Horizon Agent. A special Microsoft-signed driver on RDS hosts blocks inbound traffic to these ports from external sources. This driver causes the Windows firewall to treat the ports as closed.
If you use a virtual machine template as a desktop source, firewall exceptions carry over to deployed desktops only if the template is a member of the desktop domain. You can use Microsoft group policy settings to manage local firewall exceptions. See the Microsoft Knowledge Base (KB) article 875357 for more information.
| Protocol | Ports |
|---|---|
| RDP | TCP port 3389 |
| USB redirection and time zone synchronization | TCP port 32111 |
| MMR (multimedia redirection) and CDR (client drive redirection) | TCP port 9427 |
| PCoIP | For RDS hosts, PCoIP uses the following port numbers: TCP port 4172 and UDP port 4172 (bidirectional). For desktops, PCoIP uses port numbers chosen from a configurable range. By default, TCP ports 4172 to 4173 and UDP ports 4172 to 4182. The firewall rules for these do not specify port numbers but dynamically follow the ports opened by each PCoIP Server. The chosen port numbers are communicated to the client via the Connection Server. |
| VMware Blast | TCP port 22443 UDP port 22443 (bidirectional)
Note: UDP is not used on Linux desktops.
|
| HTML Access | TCP port 22443 |
| XDMCP | UDP 177
Note: This port is opened for XDMCP access only at Linux desktops running Ubuntu 18.04. Firewall rules block all external host access to this port.
|
| X11 | TCP 6100
Note: This port is opened for XServer access only at Linux desktops running Ubuntu 18.04. Firewall rules block all external host access to this port.
|
