Search the VMware Knowledge Base (KB)
View by Article ID

VMware View ports and network connectivity requirements (1027217)

  • 46 Ratings

Purpose

This article provides the network connectivity requirements for VMware View Manager 4.5 and later.

Resolution

For successful network connectivity in VMware View Manager 4.5 and later, ensure that:
  • Connection Servers, Replica Servers, and Transfer Servers use Static IPs
  • Replica Server is on the same LAN as the Connection Server. Replication over WAN is not supported
  • Ensure that these required ports allow incoming connections.

    Note: All ports are TCP, unless specified otherwise.


    • TCP Ports for View Connection Server and Replica Server Instances

      Source Destination Port Protocol
      View Desktop Connection Server 4001 JMS
      Replica Connection Servers Connection Server 4100 JMSIR
      Admin Browser Connection Server 80 HTTP
      Admin Browser Connection Server 443 HTTPS
      Client 1 Connection Server 4172 PCoIP
      (TCP and UDP)
      Client 2 Connection Server 443 HTTPS
      Connection Server 1 View Desktop Subnet 4172 PCoIP
      Connection Server 2 View Desktop Subnet 3389 RDP
      Connection Server Virtual Center Server 443 HTTPS
      Connection Server Virtual Center Server 80 HTTP
      Connection Server Virtual Center Server
      (View Composer)
      18443 HTTPS


    • TCP Ports for View Security Server

      Source Destination Port Protocol
      Client Security Server 443 HTTPS
      Client Security Server 80 HTTP
      Client 1 Security Server 4172 PCoIP
      (TCP and UDP)
      Security Server1 View Desktop Subnet 4172 PCoIP
      (TCP and UDP)
      Security Server View Desktop Subnet 3389 RDP
      Security Server View Desktop 9427 MMR
      Security Server Connection Server 8009 AJP13
      Security Server Connection Server 4001 JMS
      Security Server Connection Server 4002 JMS
      Security Server Connection Server 500 IPSec (UDP)
      Security Server Connection Server 4500 NAT-T ISAKMP (UDP)
      Connection Server Security Server 500 IPSec (UDP)
      Connection Server Security Server 4500 NAT-T ISAKMP (UDP)
      Security Server Connection Server
      ESP (IP Protocol 50)

      Note:
      • Port 80 is required if SSL is disabled.

    • TCP Ports for View Agent

      Source Destination Port Protocol
      Client View Desktop 3389 RDP
      Connection Server2 View Desktop 3389 RDP
      Client View Desktop 4172 PCoIP(TCP and UDP)
      Connection Server1 View Desktop 4172 PCoIP(TCP and UDP)
      Security Server1 View Desktop 4172 PCoIP(TCP and UDP)
      Client View Desktop 32111 USB Redirection
      Client View Desktop
      (Physical Only)
      42966 HP RGS
      Client View Desktop 9427 MMR
      View Desktop Connection Server 4001 JMS
      View Desktop Connection Server 4002 JMS


    • TCP Ports for Local Mode

      Source Destination Port Protocol
      Security Server View Transfer Server 80 HTTP
      Security Server View Transfer Server 443 HTTPS
      View Client with Local Mode View Transfer Server 80 HTTP
      View Client with Local Mode View Transfer Server 443 HTTPS
      View Connection Server ESX Host 902 Disk Transfers
      View Connection Server View Transfer Server 80 HTTP
      View Connection Server View Transfer Server 443 HTTPS
      View Transfer Server View Connection Server 4001 JMS
      View Transfer Server ESX Host 902 Disk Transfers
      View Transfer Server Server that hosts the Transfer Server repository network share 445 Configuring and publishing View Composer packages to the Transfer Server repository network share


    • UDP Ports for View Connection Server and RSA SecurID Authentication Manager

      Source Destination Port Protocol
      View Connection Server RSA SecurID Authentication Manager 5500 2-Factor Authentication


    • Firewall rules for DMZ-based Security Servers

      • Front-End Firewall Rules

        Source Destination Port Protocol
        Any External IP Security Server 80 HTTP
        Any External IP Security Server 443 HTTPS
        Any External IP Security Server1 4172 PCoIP
        (TCP and UDP)


      • Back-End Firewall Rules

        Source Destination Port Protocol
        Security Server View Transfer Server 80 HTTP
        Security Server View Transfer Server 443 HTTPS
        Security Server Connection Server 8009 AJP13
        Security Server Connection Server 4001 JMS
        Security Server Connection Server 4002

        JMS (Secure)

        Security Server View Desktop 3389 RDP
        Security Server 1 View Desktop 4172 PCoIP
        (TCP and UDP)
        Security Server View Desktop 32111 USB Redirection
        Security Server Connection Server 500 IPSec (UDP)
        Security Server Connection Server 4500 NAT-T ISAKMP (UDP)
        Connection Server Security Server 500 IPSec (UDP)
        Connection Server Security Server 4500 NAT-T ISAKMP (UDP)
        Security Server 1 Connection Server 4172 PCoIP
        (TCP and UDP)
        Security Server Remote Desktop Services 4172

        PCoIP
        (TCP and UDP)


    • TCP ports for HTML3 access

      Source Destination Port Protocol
      Client
      Connection Server
      443
      HTTPS
      Client 4 Connection Server
      8443 HTML
      Client
      Security Server 443
      HTTPS
      Client 4 Security Server 8443
      HTML
      Connection Server 4 View Desktop 22443
      HTML
      Security Server 4 View Desktop 22443
      HTML
      Client 5 View Desktop 22443
      HTML

    • TCP ports for VMware vRealize Operations Manager (formerly vCenter Operations) for Horizon View

      Source Destination Port Protocol
      View Connection Server vRealize Operations Manager Analytics VM
      3091
      Java RMI 6
      View Desktop
      vRealize Operations Manager Analytics VM 3091
      Java RMI 7
      View Desktop vRealize Operations Manager Analytics VM 3092
      Java RMI 7
      View Connection Server vRealize Operations Manager Analytics VM 3093 Java RMI 6
      View Connection Server vRealize Operations Manager Analytics VM 3094 Java RMI 7
      View Agent vRealize Operations Manager Analytics VM 3099 Java RMI
      View Agent vRealize Operations Manager Analytics VM 3100 Java RMI
      View Agent vRealize Operations Manager Analytics VM 3101 Java RMI
    • Firewall rules for DMZ based Access Point Appliances for Horizon View

      Front-End Firewall Rules
      Source     Destination Port Protocol
      Horizon Client    Access Point Appliance 80 HTTP
      Horizon Client    Access Point Appliance    443 HTTPS
      Horizon Client Access Point Appliance 4172 PCoIP
      (TCP and UDP)
      Access Point Appliance Horizon Client 4172 PCoIP
      (UDP)
      Client Web Browser Access Point Appliance 8443 HTTPS or Blast

      Back-End Firewall Rules
      Source Destination Port Protocol
      Access Point Appliance View Connection Server or Load balancer 443 HTTPS
      Access Point Appliance Remote Desktop 3389 RDP
      Access Point Appliance Remote Desktop 9427 MMR ore CDR
      (TCP)
      Access Point Appliance Remote Desktop or Application 4172 PCoIP
      (TCP or UDP)
      Remote Desktop or Application Access Point Appliance 4172 PCoIP
      (UDP)
      Access Point Appliance Remote Desktop 32111  USB-R
      (TCP)
      Access Point Appliance Remote Desktop     22443 HTTPS
      (TCP)


Notes:
  • 1 In VMware View 4.6 and later, when using PCoIP Secure Gateway on the Connection Server or Security Server.
  • 2 When RDP protocol is tunneled through the Connection Server or Security Server.
  • 3 Only for View 5.2 with Feature pack 1 and later releases of View
  • 4 If using Blast Secure Gateway
  • 5 Not using Blast Secure Gateway
  • 6 Standard encoded RMI
  • 7 RMI over SSL
For large deployments, optimize the ephemeral ports and the TCB hash table size in the Windows operating system.


Notes:
  • Port 902 TCP must be open between View Composer service to each ESXi host. For more information, see the View TCP and UDP Ports section in the VMware Horizon View Security Guide.
  • Port 443 must be opened between vCenter Server and standalone View Composer.
  • Port 4172 UDP must be open in both inbound and outbound directions.
  • Port 4172 TCP needs to be open in an inbound direction only.
  • Port 5443 TCP needs to be open between View Client and Linux Agent, if Blast Secure Gateway is disabled.
  • Port 5443 TCP needs to be open between Security Server/Connection Server and Linux Agent ,If Blast Secure Gateway is enabled.
  • PCoIP also uses UDP port 50002 from Horizon Client (or UDP port 55000 from the PCoIP Secure Gateway) to port 4172 of the remote desktop or application.

Additional Information

For more information on VMware vRealize Operations Manager (formerly known as vCenter Operations) for Horizon View, see the vCenter Operations Manager for Horizon View 1.5 Security Guide.

Tags

view-ports-required

See Also

Update History

06/23/2011 - Added port details for View 4.6 09/07/2011 - Added ports 443, 80 and 18443 between View Connection server and vCenter/Composer 01/07/2012 - Added port details for View 5.0 01/09/2012 - Added View Manager 5.0 to Products 07/25/2012 - Added RSA Secur ID Authentication Manager table 08/14/2012 - Corrected protocol for port 8009 in Back-End Firewall Rules table 10/22/2012 - Added ports 4927 and 500 to Security Server table 04/09/2013 - Added link to the Horizon View Architecture Planning Guide and updated the Products section 04/23/2013 - Added the"TCP ports for VMware vCenter Operations Manager for Horizon View" table in the Resolution section. Also added the lines on Additional Information section for vRealize Operations Manager. 05/17/2013 - Added information on IPSec and NAT-T ISAKMP protocols to the tables. 05/19/2011 - Added latest product version 07/15/2013 - Added note about port 4172. 12/03/2013 - Added Horizon View 5.3 to Product Versions and a note about port 902. 03/06/2015 - Added port 445 to TCP Ports for Local Mode

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 46 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 46 Ratings
Actions
KB: