Firewall and Load Balancing Considerations
CAS Manager and the Cloud Access Connector require certain ports to be open to enable connections between the CAS Manager, Cloud Access Connector, Remote Workstations, as well as other components.
Ports and Component Connections
|Cloud Access Connector||Inbound||80 TCP||From administrative web browsers.||For accessing the Management Interface, redirects to port 443.|
|Cloud Access Connector||Inbound||443 TCP||From PCoIP Clients and administrative web browsers.||For users to negotiate connections to their remote workstations. For accessing the Management Interface for (legacy) management of CAS Manager.|
|Cloud Access Connector||Outbound||443 TCP||To CAM Service, PCoIP Cloud License Server and to SumoLogic.||To sync AD information to the CAM service and call CAS Manager APIs related to negotiating PCoIP sessions. To verify license activation code during the Cloud Access Connector installation. For log aggregation for support purposes.|
|Cloud Access Connector||Outbound||60443 TCP||To remote workstations.||Prepares PCoIP Agents for a new user session.|
|Cloud Access Connector||Inbound||4172 TCP/UDP||From PCoIP Clients.||For PCoIP Sessions with users that are outside of the corporate network.|
|Cloud Access Connector||Outbound||4172 TCP/UDP||To remote workstations.||For PCoIP Sessions with users that are outside of the corporate network.|
|Cloud Access Connector||Outbound||636 TCP||To Domain Controllers.||To authenticate users, and query user and computer information.|
|Cloud Access Connector||Outbound||1812 UDP (This port is configurable)||To RADIUS Server.||For authentication against RADIUS Server.|
|Cloud Access Connector||Outbound||53 UDP||To DNS.||Domain name resolution.|
|PCoIP License Server||Inbound||7070 TCP (This port is configurable)||From remote workstations.||For license activation and verification from PCoIP Agent if the PCoIP License Server is used instead of the Cloud License Server.|
Port and Component Notes:¶
- Port 80 TCP can be blocked and is not required to be open if users all use port 443 instead.
- Port 443 TCP is not required if the PCoIP License Server is used in place of the Cloud License Server.
- The RADIUS Server is optionally configured.
- See the PCoIP License Server guide for changing port and configuring TLS encryption.