Network Address Translation (NAT) and port mapping configuration are required if Horizon Clients connect to virtual machine-based desktops on different networks.

In the examples included here, you must configure external addressing information on the desktop so that Horizon Client can use this information to connect to the desktop by using NAT or a port mapping device. This URL is the same as the External URL and PCoIP External URL settings on Horizon 7 Connection Server and security server.

When Horizon Client is on a different network and a NAT device is between Horizon Client and the desktop running the plug-in, a NAT or port mapping configuration is required. For example, If there is a firewall between the Horizon Client and the desktop the firewall is acting as a NAT or port mapping device.

An example deployment of a desktop whose IP address is 192.168.1.1 illustrates the configuration of NAT and port mapping. A Horizon Client system with an IP address of 192.168.1.9 on the same network establishes a PCoIP connection by using TCP and UDP. This connection is direct without any NAT or port mapping configuration.

Figure 1. Direct PCoIP from a Client on the Same Network

This graphic illustrates the connection between a PCoIP client and PCoIPserver on the same network.

If you add a NAT device between the client and desktop so that they are operating in a different address space and do not make any configuration changes to the plug-in, the PCoIP packets will not be routed correctly and will fail. In this example, the client is using a different address space and has an IP address of 10.1.1.9. This setup fails because the client will use the address of the desktop to send the TCP and UDP PCoIP packets. The destination address of 192.168.1.1 will not work from the client network and might cause the client to display a blank screen.

Figure 2. PCoIP From a Client via a NAT Device Showing the Failure

This graphic illustrates a failure on a connection between the PCoIP client and server using a NAT Device.

To resolve this problem, you must configure the plug-in to use an external IP address. If externalIPAddress is configured as 10.1.1.1 for this desktop, the plug-in gives the client an IP address of 10.1.1.1 when making desktop protocol connections to the desktop. For PCoIP, the PCoIP Secure Gateway service must be started on the desktop for this setup.

For port mapping, when the desktop uses the standard PCoIP port 4172, but the client must use a different destination port, mapped to port 4172 at the port mapping device, you must configure the plug-in for this setup. If the port mapping device maps port 14172 to 4172, the client must use a destination port of 14172 for PCoIP. You must configure this setup for PCoIP. Set externalPCoIPPortin the plug-in to 14172.

In a configuration which uses NAT and port mapping, the externalIPAdress is set to 10.1.1.1, which is network translated to 192.168.1.1, and externalPColPPort is set to 14172, which is port mapped to 4172.
Figure 3. PCoIP From a Client via a NAT Device and Port Mapping

This graphic illustrates setting up PCoIP client, security gateway, and server using a NAT Device and Port Mapping.

As with the external PCoIP TCP/UDP port configuration for PCoIP, if the RDP port (3389) or the Framework Channel port (32111) is port mapped, you must configure externalRDPPort and externalFrameworkChannelPort to specify the TCP port numbers that the client will use to make these connections through a port mapping device.