7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Table 1‑1. Front-End Firewall Rules (Continued)
Source
Default
Port Protocol Destination
Destination
Port Notes
Horizon
Client
TCP Any
UDP Any
PCoIP Access Point
appliance
TCP 4172
UDP 4172
External client devices connect to an Access Point
appliance within the DMZ on TCP port 4172 and UDP
port 4172 to communicate with a remote desktop or
application over PCoIP.
Access
Point
appliance
UDP 4172 PCoIP Horizon Client UDP Any Access Point appliances send PCoIP data back to an
external client device from UDP port 4172. The
destination UDP port is the source port from the
received UDP packets. Because these packets contain
reply data, it is normally unnecessary to add an
explicit firewall rule for this traffic.
Back-End Firewall Rules
To allow an Access Point appliance to communicate with a Horizon server or load balancer that resides
within the internal network, the back-end firewall must allow inbound traffic on certain TCP ports. Behind
the back-end firewall, internal firewalls must be similarly configured to allow remote desktops, applications
and Horizon servers to communicate with each other.
Table 1‑2. Back-End Firewall Rules
Source Port
Default
Port Protocol Destination
Destination
Port Notes
Access Point
appliance
TCP Any HTTPS Horizon server
or load
balancer
TCP 443 Access Point appliances connect on TCP port 443 to
communicate with a Horizon server or load
balancer in front of multiple Horizon server
instances.
Access Point
appliance
TCP Any RDP Remote
desktop
TCP 3389 Access Point appliances connect to remote desktops
on TCP port 3389 to exchange RDP traffic.
Access Point
appliance
TCP Any MMR or
CDR
Remote
desktop
TCP 9427 Access Point appliances connect to remote desktops
on TCP port 9427 to receive MMR (multimedia
redirection) or CDR (client drive redirection) traffic.
Access Point
appliance
TCP Any
UDP Any
PCoIP Remote
desktop or
application
TCP 4172
UDP 4172
Access Point appliances connect to remote desktops
and applications on TCP port 4172 and UDP port
4172 to exchange PCoIP traffic.
Remote
desktop or
application
UDP 4172 PCoIP Access Point
appliance
UDP Any Remote desktops and applications send PCoIP data
back to an Access Point appliance from UDP port
4172 .
The destination UDP port will be the source port
from the received UDP packets and so as this is
reply data, it is normally unnecessary to add an
explicit firewall rule for this.
Access Point
appliance
TCP Any USB-R Remote
desktop
TCP 32111 Access Point appliances connect to remote desktops
on TCP port 32111 to exchange USB redirection
traffic between an external client device and the
remote desktop.
Chapter 1 Introduction to Access Point
VMware, Inc. 11