VMware Horizon components use several different protocols to exchange messages.

The following table lists the default ports that each protocol uses. You can change the port numbers. For example, you might need to change the port numbers to comply with organization policies, or to avoid contention.

Table 1. Default Ports
Protocol Port
JMS TCP port 4001

TCP port 4002

HTTP TCP port 80
HTTPS TCP port 443
MMR/CDR TCP port 9427

The following features use this port.

  • Windows multimedia redirection
  • Client drive redirection
  • Microsoft Teams optimization
  • HTML multimedia redirection
  • VMware printer redirection
  • USB redirection
RDP TCP port 3389
Note: If the connection broker instance is configured for direct client connections, these protocols connect directly from the client to the remote desktop and are not tunneled through the Horizon Secure Gateway Server component.
SOAP TCP port 80 or 443

TCP port 4172

UDP ports 4172, 50002, 55000

USB redirection TCP port 32111. This port is also used for time zone synchronization.
VMware Blast Extreme

TCP ports 8443, 22443

UDP ports 443, 8443, 22443

HTML Access TCP ports 8443, 22443

TCP Ports for Connection Broker Intercommunication

Connection broker instances in a group use additional TCP ports to communicate with each other. For example, connection broker instances use port 4100 or 4101 to transmit JMS inter-router (JMSIR) traffic to each other. Firewalls are typically not used between the connection broker instances in a group.