View Agent (for Horizon 6), Horizon Agent (for Horizon 7), and Horizon Client use TCP and UDP ports for network access between each other and various server components.
| Source | Port | Target | Port | Protocol | Description |
|---|---|---|---|---|---|
| Horizon Client | * | View Agent/Horizon Agent | 3389 | TCP | Microsoft RDP traffic to remote desktops if direct connections are used instead of tunnel connections. |
| Horizon Client | * | View Agent/Horizon Agent | 9427 | TCP | Windows Media MMR redirection and client drive redirection, if direct connections are used instead of tunnel connections.
Note: Not needed for client drive redirection when using VMware Blast.
|
| Horizon Client | * | View Agent/Horizon Agent | 32111 | TCP | USB redirection and time zone synchronization if direct connections are used instead of tunnel connections. |
| Horizon Client | * | View Agent/Horizon Agent | 4172 | TCP and UDP | PCoIP if PCoIP Secure Gateway is not used.
Note: Because the source port varies, see the note below this table.
|
| Horizon Client | * | Horizon Agent | 22443 | TCP and UDP | VMware Blast if direct connections are used instead of tunnel connections.
Note: UDP is not used on Linux desktops.
|
| Browser | * | View Agent/Horizon Agent | 22443 | TCP | HTML Access if direct connections are used instead of tunnel connections. |
| Security server, Connection Server, or Unified Access Gateway appliance | * | View Agent/Horizon Agent | 3389 | TCP | Microsoft RDP traffic to remote desktops when tunnel connections are used. |
| Security server, Connection Server, or Unified Access Gateway appliance | * | View Agent/Horizon Agent | 9427 | TCP | Windows Media MMR redirection and client drive redirection when tunnel connections are used. |
| Security server, Connection Server, or Unified Access Gateway appliance | * | View Agent/Horizon Agent | 32111 | TCP | USB redirection and time zone synchronization when tunnel connections are used. |
| Security server, Connection Server, or Unified Access Gateway appliance | 55000 | View Agent/Horizon Agent | 4172 | UDP | PCoIP (not SALSA20) if PCoIP Secure Gateway is used. |
| Security server, Connection Server, or Unified Access Gateway appliance | * | View Agent/Horizon Agent | 4172 | TCP | PCoIP if PCoIP Secure Gateway is used. |
| Security server, Connection Server, or Unified Access Gateway appliance | * | Horizon Agent | 22443 | TCP and UDP | VMware Blast if Blast Secure Gateway is used.
Note: UDP is not used on Linux desktops.
|
| Security server, Connection Server, or Unified Access Gateway appliance | * | View Agent/Horizon Agent | 22443 | TCP | HTML Access if Blast Secure Gateway is used. |
| View Agent/Horizon Agent | * | Connection Server | 4001, 4002 | TCP | JMS SSL traffic. |
| View Agent/Horizon Agent | 4172 | Horizon Client | * | UDP | PCoIP, if PCoIP Secure Gateway is not used.
Note: Because the target port varies, see the note below this table.
|
| View Agent/Horizon Agent | 4172 | Connection Server, security server, or Unified Access Gateway appliance | 55000 | UDP | PCoIP (not SALSA20) if PCoIP Secure Gateway is used. |
Note: The UDP port number that agents use for PCoIP might change. If port 50002 is in use, the agent will pick 50003. If port 50003 is in use, the agent will pick port 50004, and so on. You must configure firewalls with
ANY where an asterisk (*) is listed in the table.
| Source | Port | Target | Port | Protocol | Description |
|---|---|---|---|---|---|
| Horizon Client | * | Connection Server, security server, or Unified Access Gateway appliance | 443 | TCP | HTTPS for logging in to Horizon 6 or Horizon 7. (This port is also used for tunnelling when tunnel connections are used.)
Note: Horizon Client 4.4 and later supports UDP port 443 (see below).
|
| Horizon Client 4.4 or later | * | Unified Access Gateway appliance 2.9 or later | 443 | UDP | HTTPS for logging into Horizon 6 or Horizon 7, if Blast Secure Gateway is used and UDP Tunnel Server is enabled. (This port is also used for tunnelling when tunnel connections are used.) |
| Unified Access Gateway appliance 2.9 or later | 443 | Horizon Client 4.4 or later | * | UDP | HTTPS for logging into Horizon 6 or Horizon 7, if Blast Secure Gateway is used and UDP Tunnel Server is enabled. (This port is also used for tunnelling when tunnel connections are used.) |
| Horizon Client | * | View Agent/Horizon Agent | 22443 | TCP | HTML Access and VMware Blast if Blast Secure Gateway is not used. |
| Horizon Client | * | Horizon Agent | 22443 | UDP | VMware Blast if Blast Secure Gateway is not used.
Note: Not used when connecting to Linux desktops.
|
| Horizon Agent | 22443 | Horizon Client | * | UDP | VMware Blast if Blast Secure Gateway is not used.
Note: Not used when connecting to Linux desktops.
|
| Horizon Client | * | View Agent/Horizon Agent | 3389 | TCP | Microsoft RDP traffic to remote desktops if direct connections are used instead of tunnel connections. |
| Horizon Client | * | View Agent/Horizon Agent | 9427 | TCP | Windows Media MMR redirection and client drive redirection, if direct connections are used instead of tunnel connections.
Note: Not needed for CDR when using VMware Blast.
|
| Horizon Client | * | View Agent/Horizon Agent | 32111 | TCP | USB redirection and time zone synchronization if direct connections are used instead of tunnel connections. |
| Horizon Client | * | View Agent/Horizon Agent | 4172 | TCP and UDP | PCoIP if PCoIP Secure Gateway is not used.
Note: Because the source port varies, see the note below this table.
|
| Horizon Client | * | Connection Server, security server, or Unified Access Gateway appliance | 4172 | TCP and UDP | PCoIP (not SALSA20) if PCoIP Secure Gateway is used.
Note: Because the source port varies, see the note below this table.
|
| View Agent/Horizon Agent | 4172 | Horizon Client | * | UDP | PCoIP if PCoIP Secure Gateway is not used.
Note: Because the target port varies, see the note below this table.
|
| Security server, View Connection Server, or Unified Access Gateway appliance | 4172 | Horizon Client | * | UDP | PCoIP (not SALSA20) if PCoIP Secure Gateway is used.
Note: Because the target port varies, see the note below this table.
|
| Horizon Client | * | Connection Server, security server, or Unified Access Gateway appliance | 8443 | TCP | HTML Access and VMware Blast if Blast Secure Gateway is used. |
| Horizon Client | * | Connection Server, security server, or Unified Access Gateway appliance | 8443 | UDP | VMware Blast if Blast Secure Gateway is used.
Note: Not used when connecting to a Linux desktop.
|
| View Connection Server, security server, or Unified Access Gateway appliance | 8443 | Horizon Client | * | UDP | VMware Blast if Blast Secure Gateway is used.
Note: Not used when connecting to a Linux desktop.
|
Note: The UDP port number that clients use for PCoIP and VMware Blast might change. If port 50002 is in use, the client chooses 50003. If port 50003 is in use, the client chooses port 50004, and so on. You must configure firewalls with
ANY where an asterisk (*) is listed in the table.
