You can replace a security server with a Unified Access Gateway appliance.
Prerequisites
To use Unified Access Gateway appliances instead of security servers, you must upgrade the Connection Server instances to Horizon 6 version 6.2 or later before installing and configuring the Unified Access Gateway appliances to point to the Connection Server instances, or the load balancer that fronts the instances.
Procedure
- Uninstall the security server software.
- Remove the IPsec configuration for the security server. See Remove IPsec Rules for the Security Server in the Horizon 7 Installation document.
- Remove the security server's LDAP entry. See Removing the Entry for a Connection Server Instance or Security Server Using the -S Option in the Horizon 7 Administration document.
- In Horizon Administrator, register the Unified Access Gateway appliance.
- At the network firewall between Unified Access Gateway and Connection Server, remove firewall rules associated with the removed security server and add firewall rules associated with the incoming Unified Access Gateway. The Unified Access Gateway needs to communicate with Connection Server on TCP port 443.
The back-end firewall rules for Security Server to Connection Server are as follows:
| Source |
Default Port |
Protocol |
Destination |
Default Port |
Notes |
| Security Server |
UDP 500 |
ISAKMP |
Connection Server |
UDP 500 |
IPsec phase 1 negotiation. |
| Security Server |
UDP 4500 |
NAT-T |
Connection Server |
UDP 4500 |
Encapsulated AJP13 traffic when using NAT. |
| Security Server |
|
ESP |
Connection Server |
|
Encapsulated AJP13 traffic when NAT traversal is not required. ESP is IP protocol 50. Port numbers are not specified. |
| Security Server |
|
AJP13 |
Connection Server |
TCP 8009 |
AJP13 traffic without IPsec and during pairing. |
| Security Server |
|
JMS |
Connection Server |
TCP 4001 |
Message channel for key negotiation. |
| Security Server |
|
JMS-TLS |
Connection Server |
TCP 4002 |
Message channel for management. |
- Configure and start the Unified Access Gateway appliance.
