Specifications
Figure 5-4. Dual Firewall Topology
View Client View Client
HTTPS
traffic
HTTPS
traffic
fault-tolerant
load balancing
mechanism
View
Security
Server
DMZ
internal
network
View
Connection
Server
View
Connection
Server
VMware
vCenter
Active
Directory
VMware
ESX servers
View
Security
Server
firewall
firewall
Firewall Rules for DMZ-Based Security Servers
DMZ-based security servers require certain firewall rules on the front-end and back-end firewalls.
Front-End Firewall Rules
To allow external client devices to connect to a security server within the DMZ, the front-end firewall must
allow inbound traffic on certain TCP ports. Table 5-1 summarizes the front-end firewall rules.
Table 5-1. Front-End Firewall Rules
Source Protocol Port Destination Notes
Any HTTP 80 Security server External client devices use port 80 to connect to a
security server within the DMZ when SSL is
disabled.
Any HTTPS 443 Security server External client devices use port 443 to connect to a
security server within the DMZ when SSL is
enabled (the default).
Back-End Firewall Rules
To allow a security server to communicate with each View Connection Server instance that resides within the
internal network, the back-end firewall must allow inbound traffic on certain TCP ports. Behind the back-end
firewall, internal firewalls must be similarly configured to allow View desktops and View Connection Server
instances to communicate with each other. Table 5-2 summarizes the back-end firewall rules.
Chapter 5 Planning for Security Features
VMware, Inc. 59