Horizon Agent and Horizon Client use TCP and UDP ports for network access between each other and certain server components.
| Source | Port | Target | Port | Protocol | Description |
|---|---|---|---|---|---|
| Horizon Client | * | Horizon Agent | 3389 | TCP | Microsoft RDP traffic to remote desktops when direct connections are used instead of tunnel connections. |
| Horizon Client | * | Horizon Agent | 9427 | TCP | Windows multimedia redirection, client drive redirection, Microsoft Teams optimization, HTML5 multimedia redirection, VMware printer redirection, and USB redirection when direct connections are used instead of tunnel connections.
Note: Not needed for client drive redirection when using VMware Blast.
|
| Horizon Client | * | Horizon Agent | 32111 | TCP | USB redirection and time zone synchronization when direct connections are used instead of tunnel connections. |
| Horizon Client | * | Horizon Agent | 4172 | TCP and UDP | PCoIP when PCoIP Secure Gateway is not used.
Note: Because the source port varies, see the note below this table.
|
| Horizon Client | * | Horizon Agent | 22443 | TCP and UDP | VMware Blast when direct connections are used instead of tunnel connections.
Note: UDP is not used on Linux desktops.
|
| Browser | * | Horizon Agent | 22443 | TCP | HTML Access when direct connections are used instead of tunnel connections. |
| Connection Server or Unified Access Gateway appliance | * | Horizon Agent | 3389 | TCP | Microsoft RDP traffic to remote desktops when tunnel connections are used. |
| Connection Server or Unified Access Gateway appliance | * | Horizon Agent | 9427 | TCP | Windows multimedia redirection, client drive redirection, Microsoft Teams optimization, HTML5 multimedia redirection, VMware printer redirection, and USB redirection when tunnel connections are used. |
| Connection Server or Unified Access Gateway appliance | * | Horizon Agent | 32111 | TCP | USB redirection and time zone synchronization when tunnel connections are used. |
| Connection Server or Unified Access Gateway appliance | 55000 | Horizon Agent | 4172 | UDP | PCoIP (not SALSA20) when PCoIP Secure Gateway is used. |
| Connection Server or Unified Access Gateway appliance | * | Horizon Agent | 4172 | TCP | PCoIP when PCoIP Secure Gateway is used. |
| Connection Server or Unified Access Gateway appliance | * | Horizon Agent | 22443 | TCP and UDP | VMware Blast when Blast Secure Gateway is used.
Note: UDP is not used on Linux desktops.
|
| Connection Server or Unified Access Gateway appliance | * | Horizon Agent | 22443 | TCP | HTML Access when Blast Secure Gateway is used. |
| Horizon Agent | * | Connection Server | 4001, 4002 | TCP | JMS SSL traffic. |
| Horizon Agent | 4172 | Horizon Client | * | UDP | PCoIP when PCoIP Secure Gateway is not used.
Note: Because the target port varies, see the note below this table.
|
| Horizon Agent | 4172 | Connection Server or Unified Access Gateway appliance | 55000 | UDP | PCoIP (not SALSA20) when PCoIP Secure Gateway is used. |
Note: The UDP port number that agents use for PCoIP might change. If port 50002 is in use, the agent uses port 50003. If port 50003 is in use, the agent uses port 50004, and so on. You must configure firewalls with
ANY where an asterisk (*) is listed in the table.
| Source | Port | Target | Port | Protocol | Description |
|---|---|---|---|---|---|
| Horizon Client | * | Connection Server or Unified Access Gateway appliance | 443 | TCP | HTTPS for logging in to VMware Horizon. This port is also used for tunneling when tunnel connections are used.
Note:
Horizon Client supports UDP port 443.
|
| Horizon Client | * | Unified Access Gateway appliance | 443 | UDP | HTTPS for logging into VMware Horizon when Blast Secure Gateway is used and UDP Tunnel Server is enabled. This port is also used for tunneling when tunnel connections are used. |
| Unified Access Gateway appliance | 443 | Horizon Client | * | UDP | HTTPS for logging into VMware Horizon when Blast Secure Gateway is used and UDP Tunnel Server is enabled. This port is also used for tunneling when tunnel connections are used. |
| Horizon Client | * | Horizon Agent | 22443 | TCP | HTML Access and VMware Blast when Blast Secure Gateway is not used. |
| Horizon Client | * | Horizon Agent | 22443 | UDP | VMware Blast when Blast Secure Gateway is not used.
Note: Not used when connecting to Linux desktops.
|
| Horizon Agent | 22443 | Horizon Client | * | UDP | VMware Blast when Blast Secure Gateway is not used.
Note: Not used when connecting to Linux desktops.
|
| Horizon Client | * | Horizon Agent | 3389 | TCP | Microsoft RDP traffic to remote desktops if direct connections are used instead of tunnel connections. |
| Horizon Client | * | Horizon Agent | 9427 | TCP | Windows multimedia redirection, client drive redirection, Microsoft Teams optimization, HTML5 multimedia redirection, VMware printer redirection, and USB redirection when direct connections are used instead of tunnel connections.
Note: Not needed for client drive redirection when using VMware Blast.
|
| Horizon Client | * | Horizon Agent | 32111 | TCP | USB redirection and time zone synchronization when direct connections are used instead of tunnel connections. |
| Horizon Client | * | Horizon Agent | 4172 | TCP and UDP | PCoIP if PCoIP Secure Gateway is not used.
Note: Because the source port varies, see the note below this table.
|
| Horizon Client | * | Connection Server or Unified Access Gateway appliance | 4172 | TCP and UDP | PCoIP (not SALSA20) when PCoIP Secure Gateway is used.
Note: Because the source port varies, see the note below this table.
|
| Horizon Agent | 4172 | Horizon Client | * | UDP | PCoIP if PCoIP Secure Gateway is not used.
Note: Because the target port varies, see the note below this table.
|
| Connection Server or Unified Access Gateway appliance | 4172 | Horizon Client | * | UDP | PCoIP (not SALSA20) when PCoIP Secure Gateway is used.
Note: Because the target port varies, see the note below this table.
|
| Horizon Client | * | Connection Server or Unified Access Gateway appliance | 8443 | TCP | HTML Access and VMware Blast when Blast Secure Gateway is used. |
| Horizon Client | * | Connection Server or Unified Access Gateway appliance | 8443 | UDP | VMware Blast when Blast Secure Gateway is used.
Note: Not used when connecting to a Linux desktop.
|
| Connection Server or Unified Access Gateway appliance | 8443 | Horizon Client | * | UDP | VMware Blast when Blast Secure Gateway is used.
Note: Not used when connecting to a Linux desktop.
|
Note: The UDP port number that clients use for PCoIP and VMware Blast might change. If port 50002 is in use, the client selects port 50003, and if port 50003 is in use, the client selects port 50004, and so on. You must configure firewalls with
ANY where an asterisk (*) is listed in the table.
