This is the website of an IT geek, technologist, freelance writer, photographer, musician, rock climber, classic mini enthusiast, iPad and Mac zealot.
You have been warned.

VMware View Security Server Firewall Config

Submitted by daemonchild on Mon, 2010-12-20 - 12:35
daemonchild's picture

This article aims to answer a question that I couldn't easily find in the View installation manual, namely which firewall ports do you need to open to get a security server working from a DMZ? It's a simple question, but the View manual doesn't provide a simple answer. I created a demo setup and then checked my firewall logs to find out for sure. The results are below.

The environment I'm working with looks like the following diagram. There are no IP addresses shown because there is no need; you'll substitute 'Security Server' for the IP address(es) of yours in your own network.

View Data Flow

  • From the View client on the Internet to the DMZ based Security Server, you'll need to provide address translation and allow the following ports: https(443/tcp).
  • From the Security Server to the Connection Server, you'll want no address translation and the following ports: 4001/tcp, 8009/tcp.
  • From the Security Server to the Desktops, you'll want no address translation and the following ports: RDP(3389/tcp), 32111/tcp.

    The following shows a grab from the firewall in my test lab:

    Firewall grab

    Note that the Security server will probably need to talk to DNS and ActiveDirectory too, but that is not shown in my diagram. You'd be looking at allowing DNS(53,udp), MSDirectory(445/tcp), Kerberos(88/tcp) and LDAP(389/udp) to any Domain controllers. You might possibly need NTP(123/udp) too.

    • Tags: 
    vmware
    view
    Hello