Table of Contents
Advertisement
Figure 5-4. Dual Firewall Topology
DMZ
Connection
internal
network
Firewall Rules for DMZ-Based Security Servers
DMZ-based security servers require certain firewall rules on the front-end and back-end firewalls.
Front-End Firewall Rules
To allow external client devices to connect to a security server within the DMZ, the front-end firewall must
allow inbound traffic on certain TCP ports.
Table 5-1. Front-End Firewall Rules
Source
Protocol
Any
HTTP
Any
HTTPS
Back-End Firewall Rules
To allow a security server to communicate with each View Connection Server instance that resides within the
internal network, the back-end firewall must allow inbound traffic on certain TCP ports. Behind the back-end
firewall, internal firewalls must be similarly configured to allow View desktops and View Connection Server
instances to communicate with each other.
VMware, Inc.
View Client
HTTPS
traffic
firewall
HTTPS
traffic
View
Security
Server
firewall
View
Server
VMware
vCenter
VMware
ESX servers
Port
Destination
80
Security server
443
Security server
Table 5-2
View Client
fault-tolerant
load balancing
mechanism
View
Security
Server
View
Connection
Server
Active
Directory
Table 5-1
summarizes the front-end firewall rules.
Notes
External client devices use port 80 to connect to a
security server within the DMZ when SSL is
disabled.
External client devices use port 443 to connect to a
security server within the DMZ when SSL is
enabled (the default).
summarizes the back-end firewall rules.
Chapter 5 Planning for Security Features
59
Advertisement
Table of Contents
