Getting firewall rules correct for View can be one of the more tedious tasks to do right. If things aren’t done right, you can run into lots of odd issues. It seems like the majority of installation problems arise due to firewall rules not being exactly as needed. The following is a list of all of the firewall rules that need to be created which was gathered from various sources by VMware Employee/Author of That’s My View (http://www.thatsmyview.net); all credit for the below should go to his original article.
Also, be sure to follow the great Setting up PCoIP Remote Access with View 4.6 guide if you run into further PCoIP issues after ensuring the firewall rules are configured as below.
Perimeter Firewall Rules
| Source IP |
Source Port |
Direction |
Destination IP |
Transport Protocol |
Dest. Port |
Application Protocol |
Comment |
Type |
| <EXTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<SECURITYSERVER> |
TCP |
80 |
HTTP |
Used if SSL/HTTPS is not used on the Security Server |
Optional |
| <EXTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<SECURITYSERVER> |
TCP |
443 |
HTTPS |
Communication between View Client and View Security Server. Authentication etc. |
Mandatory |
| <EXTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<SECURITYSERVER> |
TCP |
4172 |
PCoIP |
PCoIP Connection Establishment |
Mandatory |
| <EXTERNALCLIENT> |
<CLIENTPORT> |
Both |
<SECURITYSERVER> |
UDP |
4172 |
PCoIP |
PCoIP Data Transmission |
Mandatory |
DMZ Firewall Rules
| Source IP |
Source Port |
Direction |
Destination IP |
Transport Protocol |
Dest. Port |
Application Protocol |
Comment |
Type |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
8009 |
AJP13 |
AJP-Data Traffic |
Mandatory |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
4001 |
JMS |
Java Messanging |
Mandatory |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
80 |
HTTP |
Used if SSL/HTTPS is not used on the Transfer Server |
HTTPS prefered |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
443 |
HTTPS |
Communication with Transfer Server for the Offline Usage of VDIs |
| <SECURITYSERVER> |
<CLIENTPORT> |
Both |
<VIEWAGENT> |
UDP |
4172 |
PCoIP |
PCoIP Data Transmission |
Mandatory |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
3389 |
RDP |
Remote Desktop Protocol |
Optional |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
4172 |
PCoIP |
PCoIP Connection Establishment |
Mandatory |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
32111 |
|
USB-Redirection |
Optional |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
9427 |
|
Multi Media Redirection, RDP-Connections only |
Optional |
Connection Server Rules
| Source IP |
Source Port |
Direction |
Destination IP |
Transport Protocol |
Dest. Port |
Application Protocol |
Comment |
Type |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<ACTIVEDIRECTORYSERVER> |
TCP |
389 |
LDAP |
Active Directory Authentication |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<ACTIVEDIRECTORYSERVER> |
UDP |
389 |
LDAP |
Active Directory Authentication |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Both |
<CONNECTIONSERVER> |
TCP |
4100 |
JMSIR |
Inter-Server Communication |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Both |
<CONNECTIONSERVER> |
TCP |
389 |
LDAP |
ADAM |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Both |
<CONNECTIONSERVER> |
TCP |
636 |
LDAPS |
AD LDS |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Both |
<CONNECTIONSERVER> |
TCP |
1515 |
|
Microsoft Endpoint Mapper |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Both |
<CONNECTIONSERVER> |
TCP |
4001 |
JMS |
Java Messanging |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Both |
<CONNECTIONSERVER> |
TCP |
8009 |
AJP13 |
AJP-Data Traffic |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Both |
<TRANSFERSERVER> |
TCP |
8009 |
AJP13 |
AJP-Data Traffic |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<TRANSFERSERVER> |
TCP |
80 |
HTTP |
Used if SSL/HTTPS is not used on the Transfer Server |
HTTPS prefered |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<TRANSFERSERVER> |
TCP |
443 |
HTTPS |
Communication with Transfer Server for the Offline Usage of VDIs |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<TRANSFERSERVER> |
TCP |
4001 |
JMS |
Java Messanging |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<TRANSFERSERVER> |
TCP |
4100 |
JMSIR |
Inter-Server Communication |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<TRANSFERSERVER> |
TCP |
8009 |
AJP13 |
AJP-Data Traffic |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<VCENTERSERVER> |
TCP |
18443 |
SOAP |
View Composer Communication |
Mandatory |
| <CONNECTIONSERVER> |
lt;CLIENTPORT> |
Outbound |
<VCENTERSERVER> |
TCP |
443 |
HTTPS |
vCenter Communication |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Both |
<VIEWAGENT> |
TCP |
4001 |
JMS |
Java Messanging |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Outbound |
<RSASERVER> |
UDP |
5500 |
|
RSA Secure ID Authentication |
Optional |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Outbound |
<CONNECTIONSERVER> |
TCP |
80 |
HTTP |
Used if SSL/HTTPS is not used on the Connection Server |
HTTPS prefered |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Outbound |
<CONNECTIONSERVER> |
TCP |
443 |
SSL |
Communication between View Client and View Connection Server. Authentication etc. |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
8009 |
AJP13 |
AJP-Data Traffic |
Mandatory |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
4001 |
JMS |
Java Messanging |
Mandatory
|
Transfer Server Rules
| Source IP |
Source Port |
Direction
|
Destination IP |
Transport Protocol |
Dest. Port |
Application Protocol |
Comment |
Type |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
80 |
HTTP |
Used if SSL/HTTPS is not used on the Transfer Server |
HTTPS prefered |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
443 |
HTTPS |
Communication with Transfer Server for the Offline Usage of VDIs |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
80 |
HTTP |
Used if SSL/HTTPS is not used on the Transfer Server |
HTTPS prefered |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
443 |
HTTPS |
Communication with Transfer Server for the Offline Usage of VDIs |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
8009 |
AJP13 |
AJP-Data Traffic |
Mandatory |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
4100 |
JMSIR |
Inter-Server Communication |
Mandatory |
| <SECURITYSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
4001 |
JMS |
Java Messanging |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
4001 |
JMS |
Java Messanging |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
4100 |
JMSIR |
Inter-Server Communication |
Mandatory |
| <CONNECTIONSERVER> |
<CLIENTPORT> |
Inbound |
<TRANSFERSERVER> |
TCP |
8009 |
AJP13 |
AJP-Data Traffic |
Mandatory |
| <TRANSFERSERVER> |
<CLIENTPORT> |
Outbound |
<VSPHEREHOST> |
TCP |
902 |
|
Used if SSL/HTTPS is not used on the Connection Server |
Mandatory |
View Agent Rules
| Source IP |
Source Port |
Direction |
Destination IP |
Transport Protocol |
Dest. Port |
Application Protocol |
Comment |
Type |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
3389 |
RDP |
Remote Desktop Protocol |
Optional |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Both |
<VIEWAGENT> |
UDP |
4172 |
PCoIP |
PCoIP Data Transmission |
Mandatory |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
4172 |
PCoIP |
PCoIP Connection Establishment |
Mandatory |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
9472 |
|
Multi Media Redirection, RDP-Connections only |
Optional |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
32111 |
|
USB-Redirection |
Optional |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
42966 |
HP RGS |
HP Remote Graphics Server |
Optional |
| <VIEWAGENT> |
<CLIENTPORT> |
Outbound |
<CONNECTIONSERVER> |
TCP |
4001 |
JMS |
Java Messanging |
Mandatory |
View Client Rules (internal / without using Security Server)
Source IP
|
Source Port |
Direction |
Destination IP |
Transport Protocol |
Dest. Port |
Application Protocol |
Comment |
Type |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
3389 |
RDP |
Remote Desktop Protocol |
Optional |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Both |
<VIEWAGENT> |
UDP |
4172 |
PCoIP |
PCoIP Data Transmission |
Mandatory |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
4172 |
PCoIP |
PCoIP Connection Establishment |
Mandatory |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
9472 |
|
Multi Media Redirection, RDP-Connections only |
Optional |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
32111 |
|
USB-Redirection |
Optional |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<VIEWAGENT> |
TCP |
42966 |
HP RGS |
HP Remote Graphics Server |
Optional |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
80 |
HTTP |
|
HTTPS Prefred |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
443 |
HTTPS |
|
View Client Rules (external / using Security Server)
| Source IP |
Source Port |
Direction |
Destination IP |
Transport Protocol |
Dest. Port |
Application Protocol |
Comment |
Type |
| <EXTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
80 |
HTTP |
|
HTTPS Prefred |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
443 |
HTTPS |
|
| <INTERNALCLIENT> |
<CLIENTPORT> |
Both |
<CONNECTIONSERVER> |
UDP |
4172 |
PCoIP |
PCoIP Data Transmission |
Mandatory |
| <INTERNALCLIENT> |
<CLIENTPORT> |
Inbound |
<CONNECTIONSERVER> |
TCP |
4172 |
PCoIP |
PCoIP Connection Establishment |
Mandatory |