To allow client Web browsers to use HTML Access to make connections to security servers, View Connection Server instances, and remote desktops, your firewalls must allow inbound traffic on certain TCP ports.

HTML Access connections must use HTTPS. HTTP connections are not allowed.

By default, when you install a View Connection Server instance or security server, the VMware Horizon View Connection Server (Blast-In) rule is enabled in the Windows Firewall, so that the firewall is automatically configured to allow inbound traffic to TCP port 8443.

Table 1. Firewall Rules for HTML Access
Source Default Source Port Protocol Target Default Target Port Notes
Client Web browser TCP Any HTTPS Security server or View Connection Server instance TCP 443 To make the initial connection to View, the Web browser on a client device connects to a security server or View Connection Server instance on TCP port 443.
Client Web browser TCP Any HTTPS Blast Secure Gateway TCP 8443 After the initial connection to View is made, the Web browser on a client device connects to the Blast Secure Gateway on TCP port 8443. The Blast Secure Gateway must be enabled on a security server or View Connection Server instance to allow this second connection to take place.
Blast Secure Gateway TCP Any HTTPS HTML Access agent TCP 22443 If the Blast Secure Gateway is enabled, after the user selects a remote desktop, the Blast Secure Gateway connects to the HTML Access agent on TCP port 22443 on the desktop. This agent component is included when you install View Agent.
Client Web browser TCP Any HTTPS HTML Access agent TCP 22443 If the Blast Secure Gateway is not enabled, after the user selects a View desktop, the Web browser on a client device makes a direct connection to the HTML Access agent on TCP port 22443 on the desktop. This agent component is included when you install View Agent.