Skip to content

Firewall and Load Balancing Considerations

CAS Manager and the Cloud Access Connector require certain ports to be open to enable connections between the CAS Manager, Cloud Access Connector, Remote Workstations, as well as other components.

Ports and Component Connections

Component            Allow Port/Protocol Source/Destination Component Descriptions
Cloud Access Connector Inbound 80 TCP From administrative web browsers. For accessing the Management Interface, redirects to port 443.
Cloud Access Connector Inbound 443 TCP From PCoIP Clients and administrative web browsers. For users to negotiate connections to their remote workstations. For accessing the Management Interface for (legacy) management of CAS Manager.
Cloud Access Connector Outbound 443 TCP To CAM Service, PCoIP Cloud License Server and to SumoLogic. To sync AD information to the CAM service and call CAS Manager APIs related to negotiating PCoIP sessions. To verify license activation code during the Cloud Access Connector installation. For log aggregation for support purposes.
Cloud Access Connector Outbound 60443 TCP To remote workstations. Prepares PCoIP Agents for a new user session.
Cloud Access Connector Inbound 4172 TCP/UDP From PCoIP Clients. For PCoIP Sessions with users that are outside of the corporate network.
Cloud Access Connector Outbound 4172 TCP/UDP To remote workstations. For PCoIP Sessions with users that are outside of the corporate network.
Cloud Access Connector Outbound 636 TCP To Domain Controllers. To authenticate users, and query user and computer information.
Cloud Access Connector Outbound 1812 UDP (This port is configurable) To RADIUS Server. For authentication against RADIUS Server.
Cloud Access Connector Outbound 53 UDP To DNS. Domain name resolution.
PCoIP License Server Inbound 7070 TCP (This port is configurable) From remote workstations. For license activation and verification from PCoIP Agent if the PCoIP License Server is used instead of the Cloud License Server.

Port and Component Notes:

  • Port 80 TCP can be blocked and is not required to be open if users all use port 443 instead.
  • Port 443 TCP is not required if the PCoIP License Server is used in place of the Cloud License Server.
  • The RADIUS Server is optionally configured.
  • See the PCoIP License Server guide for changing port and configuring TLS encryption.