Specifications
Figure 5-4. Dual Firewall Topology
View Client View Client
HTTPS
traffic
HTTPS
traffic
fault-tolerant
load balancing
mechanism
View
Security
Server
DMZ
internal
network
View
Connection
Server
View
Connection
Server
VMware
vCenter
Active
Directory
VMware
ESX servers
View
Security
Server
back-end
firewall
front-end
firewall
Firewall Rules for DMZ-Based Security Servers
DMZ-based security servers require certain firewall rules on the front-end and back-end firewalls.
Front-End Firewall Rules
To allow external client devices to connect to a security server within the DMZ, the front-end firewall must
allow traffic on certain TCP and UDP ports. Table 5-1 summarizes the front-end firewall rules.
Table 5-1. Front-End Firewall Rules
Source Protocol Port Destination Notes
Any HTTP 80 Security server External client devices use port 80 to connect to a
security server within the DMZ when SSL is
disabled.
Any HTTPS 443 Security server External client devices use port 443 to connect to a
security server within the DMZ when SSL is
enabled (the default).
Any PCoIP TCP 4172
UDP 4172
Security server External client devices use TCP port 4172 to a
security server within the DMZ when SSL is
enabled and also use UDP port 4172 in both
directions.
VMware View Architecture Planning
60 VMware, Inc.