Certain ports must be opened on the firewall for Connection Server instances.
When you install Connection Server, the installation program can optionally configure the required Windows Firewall rules for you. These rules open the ports that are used by default. If you change the default ports after installation, you must manually configure Windows Firewall to allow Horizon Client devices to connect to VMware Horizon through the updated ports.
The following table lists the default ports that can be opened automatically during installation. Ports are incoming unless otherwise noted.
| Protocol | Ports | Horizon Connection Server Instance Type |
|---|---|---|
| JMS | TCP 4001 | Standard and replica |
| JMS | TCP 4002 | Standard and replica |
| JMSIR | TCP 4100 | Standard and replica |
| JMSIR | TCP 4101 | Standard and replica |
| AJP13 | TCP 8009 | Standard and replica |
| HTTP | TCP 80 | Standard, replica |
| HTTPS | TCP 443 | Standard, replica |
| PCoIP | TCP 4172 in; UDP 4172 both directions |
Standard, replica |
| HTTPS | TCP 8443 UDP 8443 |
Standard, replica After the initial connection to VMware Horizon is made, the Web browser or client device connects to the Blast Secure Gateway on TCP port 8443. The Blast Secure Gateway must be enabled on a Connection Server instance to allow this second connection to take place. |
| HTTPS | TCP 8472 | Standard and replica For the Cloud Pod Architecture feature: used for interpod communication. |
| HTTP | TCP 22389 | Standard and replica For the Cloud Pod Architecture feature: used for global LDAP replication. |
| HTTPS | TCP 22636 | Standard and replica For the Cloud Pod Architecture feature: used for secure global LDAP replication. |
