Replace a security server with a Unified Access Gateway appliance.
Procedure
- Uninstall the security server software.
- Remove the security server's LDAP entry. See Removing the Entry for a Connection Server Instance Using the -S Option in the Horizon Administration document.
- In Horizon Console, register the Unified Access Gateway appliance.
- At the network firewall between Unified Access Gateway and Connection Server, remove firewall rules associated with the removed security server and add firewall rules associated with the incoming Unified Access Gateway. The Unified Access Gateway needs to communicate with Connection Server on TCP port 443.
The back-end firewall rules for Security Server to Connection Server are as follows:
Source Default Port Protocol Destination Default Port Notes Security Server UDP 500 ISAKMP Connection Server UDP 500 IPsec phase 1 negotiation. Security Server UDP 4500 NAT-T Connection Server UDP 4500 Encapsulated AJP13 traffic when using NAT. Security Server ESP Connection Server Encapsulated AJP13 traffic when NAT traversal is not required. ESP is IP protocol 50. Port numbers are not specified. Security Server AJP13 Connection Server TCP 8009 AJP13 traffic without IPsec and during pairing. Security Server JMS Connection Server TCP 4001 Message channel for key negotiation. Security Server JMS-TLS Connection Server TCP 4002 Message channel for management. - Configure and start the Unified Access Gateway appliance.
See Deploying and Configuring VMware Unified Access Gateway document in https://docs.vmware.com/en/Unified-Access-Gateway/index.html.