Search

Language:  

Available article translations:

What are the firewall requirements for Parallels Remote Application Server?

APPLIES TO:
  • Parallels Remote Application Server 16.5
  • Parallels Remote Application Server 16.2
  • Parallels Remote Application Server 15.5
  • Parallels Remote Application Server 15.0

By default, Remote Application Server will install with a Secure Client Gateway and a Publishing Agent. There can only be one master Publishing Agent in a farm; however, multiple Client Secure Gateway access points and resource publishing agents (Terminal Server Agent) can be deployed where needed.

Below are the firewall requirements for each of the separate Remote Application Server functions:

All Components TCP 135, 445 - remote agent push.

Relating to components tables below:

  • External Ports should be enabled and allow incoming traffic from all network nodes.
  • Internal Ports need not be enabled for access from the WAN or Internet since they are communication ports for Remote Application Server functions and modules.

 

SECURE CLIENT GATEWAY

Type Protocol Port Commentary
External TCP 80  
External UDP 80 If RDP-UDP is enabled
External TCP 443 If SSL is enabled
External UDP 443 If SSL and RDP-UDP is enabled
External TCP 3389 If RDP load balancing is enabled
External TCP 20009 If Client Manager is enabled
External UDP 20009 If Client Manager is enabled
Internal UDP 20000 Gateway Lookup
Internal TCP 49179 Remote Install Push/Takeover of Software
Localhost TCP 20020 Communication with NodeJS web server

 

HALB APPLIANCE

Type Protocol Port Commentary
External TCP 80  
External TCP 443 If SSL is enabled
External TCP 20009 If Client Manager is enabled
External UDP 20009 If Client Manager is enabled
Internal TCP 31006 Configuration
Internal UDP 31006 Configuration
Internal RAW 112 Virtual Router Redundancy Protocol

 

PUBLISHING AGENT

Type Protocol Port Commentary
Internal TCP 20001 Publishing Agent Service Port - Communication with other Publishing Agents
Internal TCP 20002 Publishing Agent Service Port – Communications with SecureClientGateway and UI Console
Internal TCP 20003 RDSH Agent Port – Communications with Terminal RDSH agents and RemotePC Agents
Internal TCP 20030 Communication between multiple Publishing Agents
Internal TCP 49179 Remote Install Push/Takeover of Software

Outbound TCP, UDP 80, 8080, 1812, 1813 – Communication with Second Level Authentication server:

2FA Server

Outbound TCP 443 – Communication with Parallels Licensing Server:

Version 14 and earlier:

erp.2x.com
prm.2x.com

Version 15 and later:

account.parallels.com
license.parallels.com
ras.parallels.com
s.parallels.com

CONSOLE

Outbound TCP 80 – Update checking:

download.parallels.com

Outbound TCP, UDP 80, 8080, 1812, 1813 – Communication with Second Level Authentication server:

2FA Server/s 

Outbound TCP 80, 443:

www.turbo.net

 

REMOTE DESKTOP SESSION HOST AGENT

Type Protocol Port Commentary
Internal TCP 3389 Standard RDP Connections
Internal UDP 3389 Standard RDP Connections
Internal TCP 30004 Terminal Server Agent Communication Port
Internal UDP 30004 Used for "Check Agent" task
Internal TCP 30005 RDSH Agent internal components communication
Internal TCP 49179 Remote Install Push/Takeover of Software

 

VDI AGENT

Type Protocol Port Commentary
Internal TCP 30006 VDI Agent Communication Port
Internal UDP 30006 VDI Agent Communication Port
Internal TCP 30007 VDI Agent Communication Port
Internal TCP 30009 VDI Agent Communication Port

 

REMOTE PC AGENT

Type Protocol Port Commentary
Internal TCP 3389 Standard RDP Connections
Internal UDP 3389 Standard RDP Connections
Internal UDP 30004 Used to check agent status
Internal TCP 30005 Remote PC Agent internal components communication
Internal TCP 49179 Remote Install Push/Takeover of Software

 

REMOTE APPLICATION SERVER REPORTING

Type Protocol Port Commentary
Internal TCP 30008 Connection between PA and Remote Application Server Reporting service

 

GUEST AGENT

Type Protocol Port Commentary
Internal TCP 3389 Standard RDP Connections
Internal UDP 3389 Standard RDP Connections
Internal UDP 30004 Used to check agent status
Internal TCP 30005 Guest Agent internal components communication
Internal TCP 49179 Remote Install Push/Takeover of Software

 

CLIENT

Type Protocol Port Commentary
Internal TCP 50005

Shadowing from RAS Console incase of direct network connection

 

PERFORMANCE MONITOR (Applicable for version 16.1 onwards)

Type Protocol Port Commentary
Internal TCP 3000 Grafana (dashboard service)
Internal UDP 8086 Agent (Telegraf service) sends collected performance data to InfluxDB



1d70d1f9c41d01c5f7202a4290e434e1 17333b9b93206d7dd8962eace050749d e9df64665e7346a300c1e6d8fac71c28 4a54b6f3e325683094bb814b9bc24cd3 e672fec7c544b9c6972eababa324d634 8c1bd7ac0efc8c4ffbb530ad3ab16fae ede48a144be425de4bf9a9d265a8dd3e

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No