7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Figure 1‑2. Dual Firewall Topology
DMZ
Internal
Network
HTTPS
Traffic
HTTPS
Traffic
Fault-tolerant
load balancing
mechanism
Client
Device
Access
Point
Appliance
Access
Point
Appliance
Horizon
Server
Horizon
Server
VMware
vCenter
Active
Directory
VMware
ESXi servers
back-end
firewall
front-end
firewall
Client
Device
Front-End Firewall Rules
To allow external client devices to connect to an Access Point appliance within the DMZ, the front-end
firewall must allow traffic on certain TCP and UDP ports.
Table 1‑1. Front-End Firewall Rules
Source
Default
Port Protocol Destination
Destination
Port Notes
Horizon
Client
TCP Any HTTP Access Point
appliance
TCP 80 (Optional) External client devices connect to an
Access Point appliance within the DMZ on TCP port
80 and are automatically directed to HTTPS.
Horizon
Client or
Client Web
browser
TCP Any HTTPS Access Point
appliance
TCP 443
UDP 443 (for
Blast)
External client devices and external Web clients
(HTML Access) connect to an Access Point appliance
within the DMZ on TCP port 443.
Deploying and Configuring Access Point
10 VMware, Inc.