Make Appropriate Destination URLs Reachable to Deploy a Horizon Edge Gateway in a Horizon 8 Environment

To create a Horizon Edge deployment and install or update appliance modules, you must allow the appropriate URLs on the respective ports.

For the following table, the listed purposes are in the context of a Horizon Edge Gateway with Horizon Connection Server.

Allow URLs for the Management Subnet

Allow the appropriate URLs according to your site location and needs.


Destination (DNS name)	Port	Protocol	Purpose
*.blob.core.windows.net horizonedgeprod.azurecr.io	443	TCP	Used for programmatic access to the Azure Blob Storage. Used to download application icons if WorkspaceOne is integrated. Used to download the Docker images from those DNS addresses that the appliance's module requires.
*.azure-devices.net, or one of the region-specific names that follows, depending on which regional control plane applies to your tenant account: North America: edgehubprodna.azure-devices.net Europe: edgehubprodeu.azure-devices.net Australia: edgehubprodap.azure-devices.net Japan: edgehubprodjp.azure-devices.net	443	TCP (requirement means HTTP, HTTPS, and WSS)	Used to connect the appliance to the Horizon Cloud control plane, to download configurations for the appliance's module, and to update the appliance's module's runtime status.
*.data.vmwservices.com, or one of the region-specific names that follow, depending on which regional Workspace ONE Intelligence target applies to your tenant account: eventproxy.na1.data.vmwservices.com eventproxy.eu1.data.vmwservices.com eventproxy.eu2.data.vmwservices.com eventproxy.uk1.data.vmwservices.com eventproxy.ca1.data.vmwservices.com eventproxy.ap1.data.vmwservices.com eventproxy.au1.data.vmwservices.com	443	TCP	Used for sending events or metrics to Workspace ONE Intelligence. See Workspace ONE Intelligence.