Certain ports must be opened on the firewall for Connection Server instances and security servers.
When you install Connection Server, the installation program can optionally configure the required Windows Firewall rules for you. These rules open the ports that are used by default. If you change the default ports after installation, you must manually configure Windows Firewall to allow Horizon Client devices to connect to Horizon 7 through the updated ports.
The following table lists the default ports that can be opened automatically during installation. Ports are incoming unless otherwise noted.
|Protocol||Ports||Horizon Connection Server Instance Type|
|JMS||TCP 4001||Standard and replica|
|JMS||TCP 4002||Standard and replica|
|JMSIR||TCP 4100||Standard and replica|
|JMSIR||TCP 4101||Standard and replica|
|AJP13||TCP 8009||Standard and replica|
|HTTP||TCP 80||Standard, replica, and security server|
|HTTPS||TCP 443||Standard, replica, and security server|
|PCoIP||TCP 4172 in;
UDP 4172 both directions
|Standard, replica, and security server|
|Standard, replica, and security server.
After the initial connection to Horizon 7 is made, the Web browser or client device connects to the Blast Secure Gateway on TCP port 8443. The Blast Secure Gateway must be enabled on a security server or View Connection Server instance to allow this second connection to take place.
|HTTPS||TCP 8472||Standard and replica
For the Cloud Pod Architecture feature: used for interpod communication.
|HTTP||TCP 22389||Standard and replica
For the Cloud Pod Architecture feature: used for global LDAP replication.
|HTTPS||TCP 22636||Standard and replica
For the Cloud Pod Architecture feature: used for secure global LDAP replication.