Security
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- Index
Table 3‑1. TCP and UDP Ports Used by View (Continued)
Source Port Target Port
Protoc
ol Description
Security server * View
Connection
Server
* ESP AJP13-forwarded Web traffic, when using IPsec
without NAT.
Security server 4500 View
Connection
Server
4500 UDP AJP13-forwarded Web traffic, when using IPsec
through a NAT device.
Security server * View desktop 3389 TCP Microsoft RDP traffic to View desktops.
Security server * View desktop 9427 TCP Windows Media MMR redirection and client drive
redirection.
Security server * View desktop 32111 TCP USB redirection and time zone synchronization.
Security server * View desktop 4172 TCP PCoIP if PCoIP Secure Gateway is used.
Security server * View desktop 22443 TCP HTML Access.
View Agent 4172 Horizon Client Varies UDP PCoIP, if PCoIP Secure Gateway is not used.
NOTE Because the target port varies, see “Notes
and Caveats for TCP and UDP Ports Used by
View,” on page 21.
View Agent 4172 View
Connection
Server or
security server
55000 UDP PCoIP (not SALSA20) if PCoIP Secure Gateway is
used.
View Agent 4172 Access Point
appliance
* UDP PCoIP. View desktops and applications send PCoIP
data back to an Access Point appliance from UDP
port 4172 .
The destination UDP port will be the source port
from the received UDP packets and so as this is
reply data, it is normally unnecessary to add an
explicit firewall rule for this.
Horizon Client * View
Connection
Server or
security server
or Access Point
appliance
80 TCP SSL (HTTPS access) is enabled by default for client
connections, but port 80 (HTTP access) can be used
in certain cases. See “Notes and Caveats for TCP
and UDP Ports Used by View,” on page 21.
Horizon Client * View security
server or
Access Point
appliance
443 TCP HTTPS access. Port 443 is enabled by default for
client connections. Port 443 can be changed on
security servers.
Connection attempts over HTTP to port 80 are
redirected to port 443 by default, but port 80 can
service client connections if SSL is off-loaded to an
intermediate device. You can reconfigure the
redirection rule if the HTTPS port was changed. See
“Notes and Caveats for TCP and UDP Ports Used
by View,” on page 21.
View Security
18 VMware, Inc.