Search

Language:  

Available article translations:

What are the firewall requirements for Parallels Remote Application Server?

APPLIES TO:
  • Parallels Remote Application Server

By default, Remote Application Server will install with a Secure Client Gateway and a Publishing Agent. There can only be one master Publishing Agent in a farm; however, multiple Client Secure Gateway access points and resource publishing agents (Terminal Server Agent) can be deployed where needed.

Below are the firewall requirements for each of the separate Remote Application Server functions:

All Components TCP 135, 445 - remote agent push.

SECURE CLIENT GATEWAY

External Ports:

The ports below should be enabled and allow incoming traffic from all network nodes.

  • TCP 80
  • UDP 80 (if RDP-UDP is enabled)
  • TCP 443 (if SSL is enabled)
  • UDP 443 (if SSL and RDP-UDP is enabled)

Optional:

  • TCP 3389 (if RDP load balancing is enabled)

  • UDP 20009 (if Client Manager is enabled)

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for Remote Application Server functions and modules:

  • UDP 20000 (Gateway Lookup)

HALB APPLIANCE

External Ports:

The ports below should be enabled and allow incoming traffic from all network nodes:

  • TCP 80

Optional:

  • TCP 443 (if SSL is enabled)

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for RAS functions and modules.

  • TCP 31006
  • UDP 31006
  • RAW 112 (VRRP)

REMOTE APPLICATION SERVER PUBLISHING AGENT

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for Remote Application Server functions and modules:

  • TCP 20030 (Communication between multiple Publishing Agents)
  • TCP 20002 (Publishing Agent Service Port – Communications with SecureClientGateway and UI Console)
  • TCP 20003 (Terminal Server Agent Port – Communications with Terminal Server agents)
  • TCP 20001 (Publishing Agent Service Port - Communication with other Publishing Agents)
  • Outbound TCP 443 - Communication with Parallels Licensing Server:

    Version 14 and earlier:

    erp.2x.com
    prm.2x.com
    

    Version 15 and later:

    ras.parallels.com
    account.parallels.com
    

REMOTE APPLICATION SERVER MS TERMINAL SERVER AGENT

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for Remote Application Server functions and modules:

  • TCP 30004 – Terminal Server Agent Communication Port
  • UDP 30004 – Used to check agent status
  • TCP 3389 – Standard RDP Connections
  • UDP 3389 – Standard RDP Connections
  • TCP 30005 - Terminal Agent internal components communication

VDI AGENT

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for Remote Application Server functions and modules:

  • TCP 30006 – VDI Agent Communication Port
  • UDP 30006 – VDI Agent Communication Port
  • TCP 30007 – VDI Agent Communication Port
  • TCP 30009 – VDI Agent Communication Port

REMOTE PC AGENT

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for Remote Application Server functions and modules:

  • UDP 30004 - Used to check agent status
  • TCP 3389 – Standard RDP Connections
  • UDP 3389 – Standard RDP Connections
  • TCP 30005 - Terminal Agent internal components communication

REMOTE APPLICATION SERVER REPORTING

The port used for connection between PA and Remote Application Server Reporting service

  • TCP 30008 - set by default

GUEST AGENT

Internal Ports:

The ports below need not be enabled for access from the WAN or Internet since they are communication ports for Remote Application Server functions and modules:

  • UDP 30004 - Used to check agent status
  • TCP 3389 – Standard RDP Connections
  • UDP 3389 – Standard RDP Connections
  • TCP 30005 - Terminal Agent internal components communication
  • TCP 135 - Agent installation
  • TCP 445 - Agent installation



1d70d1f9c41d01c5f7202a4290e434e1

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No