Firewall Requirements By default a 2X Remote Application Server will install with a 2X Secure Client Gateway and a 2X Publishing Agent. There can only be one master 2X Publishing Agent in a farm, however multiple 2X Client Secure Gateway access points and resource publishing agents (2X Terminal Server Agent) can be deployed where needed.

The below are the firewall requirements for each of the separate 2X functions:

2X Secure Client Gateway

External Ports:

The ports below should be enabled and allow incoming traffic from all network nodes.

TCP 80
UDP 80 (if RDP-UDP is enabled)
TCP 443 (if SSL is enabled)
UDP 443 (if SSL and RDP-UDP is enabled)

Optional:

TCP 3389 (if RDP Load Balancing is enabled)

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for 2X functions and modules.

UDP 20000 (Gateway Lookup)

Optional:

UDP 20009 (if Client Manager is enabled)

2X HALB Appliance

External Ports:

The ports below should be enabled and allow incoming traffic from all network nodes.

TCP 80

Optional:

TCP 443 (if SSL is enabled)

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for 2X functions and modules.

TCP 31006
UDP 31006
RAW 112 (VRRP)

2X Publishing Agent

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for 2X functions and modules.

TCP 20002 (Publishing Agent Service Port - Communications with 2XSecureClientGateway and UI Console)
TCP 20003 (Terminal Server Agent Port - Communications with 2X Terminal Server agents)

2X MS Terminal Server Agent

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for 2X functions and modules.

TCP 30004 - 2x Terminal Server Agent Communication Port
UDP 30004 - 2x Terminal Server Agent Communication Port
TCP 3389 - Standard RDP Connections
UDP 3389 - Standard RDP Connections

2X VDI Agent

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for 2X functions and modules.

TCP 30006 - 2x VDS Agent Communication Port
UDP 30006 - 2x VDS Agent Communication Port
TCP 30007 - 2x VDS Agent Communication Port
TCP 30009 - 2x VDS Agent Communication Port

2X Remote PC Agent

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for 2X functions and modules.

UDP 30004



Leave a Reply