The View Agent and Horizon Agent installers optionally configure Windows firewall rules on remote desktops and RDS hosts to open the default network ports. Ports are incoming unless otherwise noted.

The View Agent and Horizon Agent installers configure the local firewall rule for inbound RDP connections to match the current RDP port of the host operating system, which is typically 3389.

If you instruct the View Agent or Horizon Agent installer not to enable Remote Desktop support, it does not open ports 3389 and 32111, and you must open these ports manually.

If you change the RDP port number after installation, you must change the associated firewall rules. If you change a default port after installation, you must manually reconfigure Windows firewall rules to allow access on the updated port. See "Replacing Default Ports for View Services" in the View Installation document.

Windows firewall rules for View Agent or Horizon Agent on RDS hosts show a block of 256 contiguous UDP ports as open for inbound traffic. This block of ports is for VMware Blast internal use in View Agent or Horizon Agent. A special Microsoft-signed driver on RDS hosts blocks inbound traffic to these ports from external sources. This driver causes the Windows firewall to treat the ports as closed.

If you use a virtual machine template as a desktop source, firewall exceptions carry over to deployed desktops only if the template is a member of the desktop domain. You can use Microsoft group policy settings to manage local firewall exceptions. See the Microsoft Knowledge Base (KB) article 875357 for more information.

Table 1. TCP and UDP Ports Opened During View Agent or Horizon Agent Installation

Protocol

Ports

RDP

TCP port 3389

USB redirection and time zone synchronization

TCP port 32111

MMR (multimedia redirection) and CDR (client drive redirection)

TCP port 9427

PCoIP

TCP port 4172

UDP port 4172 (bidirectional)

VMware Blast

TCP port 22443

UDP port 22443 (bidirectional)

Note:

UDP is not used on Linux desktops.

HTML Access

TCP port 22443