View Agent (for Horizon 6), Horizon Agent (for Horizon 7), and Horizon Client use TCP and UDP ports for network access between each other and various Horizon 7 server components.

Table 1. TCP and UDP Ports Used by View Agent or Horizon Agent

Source

Port

Target

Port

Protocol

Description

Horizon Client

*

View Agent/Horizon Agent

3389

TCP

Microsoft RDP traffic to View desktops if direct connections are used instead of tunnel connections.

Horizon Client

*

View Agent/Horizon Agent

9427

TCP

Windows Media MMR redirection and client drive redirection, if direct connections are used instead of tunnel connections.

Note:

Not needed for CDR when using VMware Blast Extreme.

Horizon Client

*

View Agent/Horizon Agent

32111

TCP

USB redirection and time zone synchronization if direct connections are used instead of tunnel connections.

Horizon Client

*

View Agent/Horizon Agent

4172

TCP and UDP

PCoIP if PCoIP Secure Gateway is not used.

Note:

Because the source port varies, see the note below this table.

Horizon Client

*

Horizon Agent

22443

TCP and UDP

VMware Blast Extreme if direct connections are used instead of tunnel connections.

Note:

UDP is not used on Linux desktops.

Browser

*

View Agent/Horizon Agent

22443

TCP

HTML Access if direct connections are used instead of tunnel connections.

Security server, View Connection Server, or Unified Access Gateway appliance

*

View Agent/Horizon Agent

3389

TCP

Microsoft RDP traffic to View desktops when tunnel connections are used.

Security server, View Connection Server, or Unified Access Gateway appliance

*

View Agent/Horizon Agent

9427

TCP

Windows Media MMR redirection and client drive redirection when tunnel connections are used.

Security server, View Connection Server, or Unified Access Gateway appliance

*

View Agent/Horizon Agent

32111

TCP

USB redirection and time zone synchronization when tunnel connections are used.

Security server, View Connection Server, or Unified Access Gateway appliance

55000

View Agent/Horizon Agent

4172

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Security server, View Connection Server, or Unified Access Gateway appliance

*

View Agent/Horizon Agent

4172

TCP

PCoIP if PCoIP Secure Gateway is used.

Security server, View Connection Server, or Unified Access Gateway appliance

*

Horizon Agent

22443

TCP and UDP

VMware Blast Extreme if Blast Secure Gateway is used.

Note:

UDP is not used on Linux desktops.

Security server, View Connection Server, or Unified Access Gateway appliance

*

View Agent/Horizon Agent

22443

TCP

HTML Access if Blast Secure Gateway is used.

View Agent/Horizon Agent

*

View Connection Server

4001, 4002

TCP

JMS SSL traffic.

View Agent/Horizon Agent

4172

Horizon Client

*

UDP

PCoIP, if PCoIP Secure Gateway is not used.

Note:

Because the target port varies, see the note below this table.

View Agent/Horizon Agent

4172

View Connection Server, security server, or Unified Access Gateway appliance

55000

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Note:

The UDP port number that agents use for PCoIP might change. If port 50002 is in use, the agent will pick 50003. If port 50003 is in use, the agent will pick port 50004, and so on. You must configure firewalls with ANY where an asterisk (*) is listed in the table.

Table 2. TCP and UDP Ports Used by Horizon Client

Source

Port

Target

Port

Protocol

Description

Horizon Client

*

View Connection Server, security server, or Unified Access Gateway appliance

443

TCP

HTTPS for logging in to View. (This port is also used for tunnelling when tunnel connections are used.)

Note:

Horizon Client 4.4 and later supports UDP port 443 (see below).

Horizon Client 4.4 or later

*

Unified Access Gateway appliance 2.9 or later

443

UDP

HTTPS for logging into View, if Blast Secure Gateway is used and UDP Tunnel Server is enabled. (This port is also used for tunnelling when tunnel connections are used.)

Unified Access Gateway appliance 2.9 or later

443

Horizon Client 4.4 or later

*

UDP

HTTPS for logging into View, if Blast Secure Gateway is used and UDP Tunnel Server is enabled. (This port is also used for tunnelling when tunnel connections are used.)

Horizon Client

*

View Agent/Horizon Agent

22443

TCP

HTML Access and VMware Blast Extreme if Blast Secure Gateway is not used.

Horizon Client

*

Horizon Agent

22443

UDP

VMware Blast Extreme if Blast Secure Gateway is not used.

Note:

Not used when connecting to Linux desktops.

Horizon Agent

22443

Horizon Client

*

UDP

VMware Blast Extreme if Blast Secure Gateway is not used.

Note:

Not used when connecting to Linux desktops.

Horizon Client

*

View Agent/Horizon Agent

3389

TCP

Microsoft RDP traffic to View desktops if direct connections are used instead of tunnel connections.

Horizon Client

*

View Agent/Horizon Agent

9427

TCP

Windows Media MMR redirection and client drive redirection, if direct connections are used instead of tunnel connections.

Note:

Not needed for CDR when using VMware Blast Extreme.

Horizon Client

*

View Agent/Horizon Agent

32111

TCP

USB redirection and time zone synchronization if direct connections are used instead of tunnel connections.

Horizon Client

*

View Agent/Horizon Agent

4172

TCP and UDP

PCoIP if PCoIP Secure Gateway is not used.

Note:

Because the source port varies, see the note below this table.

Horizon Client

*

View Connection Server, security server, or Unified Access Gateway appliance

4172

TCP and UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Note:

Because the source port varies, see the note below this table.

View Agent/Horizon Agent

4172

Horizon Client

*

UDP

PCoIP if PCoIP Secure Gateway is not used.

Note:

Because the target port varies, see the note below this table.

Security server, View Connection Server, or Unified Access Gateway appliance

4172

Horizon Client

*

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Note:

Because the target port varies, see the note below this table.

Horizon Client

*

View Connection Server, security server, or Unified Access Gateway appliance

8443

TCP

HTML Access and VMware Blast Extreme if Blast Secure Gateway is used.

Horizon Client

*

View Connection Server, security server, or Unified Access Gateway appliance

8443

UDP

VMware Blast Extreme if Blast Secure Gateway is used.

Note:

Not used when connecting to a Linux desktop.

View Connection Server, security server, or Unified Access Gateway appliance

8443

Horizon Client

*

UDP

VMware Blast Extreme if Blast Secure Gateway is used.

Note:

Not used when connecting to a Linux desktop.

Note:

The UDP port number that clients use for PCoIP and VMware Blast Extreme might change. If port 50002 is in use, the client will pick 50003. If port 50003 is in use, the client will pick port 50004, and so on. You must configure firewalls with ANY where an asterisk (*) is listed in the table.