Firewall Configurations for Deploying
Horizon 7
Horizon 7
For a successful deployment of
Horizon 7
, you must follow these
firewall rules.Firewall Rules
The following table describes
firewall rules for the Management Gateway on
VMware Cloud on Dell
:
Rule Name
| Service Name
| Ports
| Action
| Source
| Destination
|
|---|---|---|---|---|---|
Any SSO
| SSO (TCP 7444)
| 7444
| Allow
| Any
| vCenter
|
vCenter (ANY) to
Management-On-Prem | Any (All Traffic) | Any | Allow | vCenter | Compute/On-prem
subnet |
ESXi (ANY) to
Management-On-Prem | Any (All Traffic) | Any | Allow | ESXi | Compute/On-prem
subnet |
Management-On-Prem to vCenter
(HTTPS) | HTTPS (TCP 443)
| 443 | Allow | Compute/On-prem
subnet | vCenter |
Management-On-Prem to vCenter
(ICMP) | ICMP (All ICMP)
| Any | Allow | Compute/On-prem
subnet | vCenter |
Management-On-Prem to ESXi
(Provisioning) | Provisioning (TCP
902) | 902 | Allow | Compute/On-prem
subnet | ESXi |
Management-On-Prem to ESXi
(Remote Console) | Remote Console (TCP
903) | 903 | Allow | Compute/On-prem
subnet | ESXi |
Management-On-Prem to ESXi
(ICMP) | ICMP (All ICMP) | Any | Allow | Compute/On-prem
subnet | ESXi |
Default Deny All | Any (All Traffic)
| Any
| Deny
| Any
| Any
|
Although you can
select Any as the source address in a firewall rule, using Any as the source
address in this firewall rule can enable attacks on your
vCenter
Server
and may lead to compromise of
your SDDC. As a best practice, configure this firewall rule to allow access only
from trusted source addresses. See VMware Knowledge Base article 84154.The following table describes firewall
rules for the Compute Gateway on
VMware Cloud on Dell
.Rule Name | Service Name | Ports | Action | Source | Destination |
|---|---|---|---|---|---|
Compute (ANY) to Uplink
Network | Any (All Traffic) | Any | Allow | Any | Uplink Connection |
Management-On-Prem (ANY) to BackEnd
| Any (All Traffic) | Any | Allow | On-Premises Management subnet
| Management Subnet |
The firewall rule configurations
in the preceding table are generic. However, you can modify the firewall
rules to allow specific ports for
Horizon 7
based on your requirement. For information on
the Horizon Ports, see Network Ports in VMware
Horizon 7. You must configure the application-specific port
details for users to access the specific applications. Obtain the
application-specific port details from the vendor.