Certain ports must be opened on the firewall for Connection Server instances and security servers.

When you install Connection Server, the installation program can optionally configure the required Windows Firewall rules for you. These rules open the ports that are used by default. If you change the default ports after installation, you must manually configure Windows Firewall to allow Horizon Client devices to connect to Horizon 7 through the updated ports.

The following table lists the default ports that can be opened automatically during installation. Ports are incoming unless otherwise noted.

Table 1. Ports Opened During Horizon Connection Server Installation
Protocol Ports Horizon Connection Server Instance Type
JMS TCP 4001 Standard and replica
JMS TCP 4002 Standard and replica
JMSIR TCP 4100 Standard and replica
JMSIR TCP 4101 Standard and replica
AJP13 TCP 8009 Standard and replica
HTTP TCP 80 Standard, replica, and security server
HTTPS TCP 443 Standard, replica, and security server
PCoIP TCP 4172 in;

UDP 4172 both directions

Standard, replica, and security server
HTTPS TCP 8443

UDP 8443

Standard, replica, and security server.

After the initial connection to Horizon 7 is made, the Web browser or client device connects to the Blast Secure Gateway on TCP port 8443. The Blast Secure Gateway must be enabled on a security server or View Connection Server instance to allow this second connection to take place.

HTTPS TCP 8472 Standard and replica

For the Cloud Pod Architecture feature: used for interpod communication.

HTTP TCP 22389 Standard and replica

For the Cloud Pod Architecture feature: used for global LDAP replication.

HTTPS TCP 22636 Standard and replica

For the Cloud Pod Architecture feature: used for secure global LDAP replication.