Forum Discussion
Paul_Pindell
Mar 19, 2013Employee
I ought to add that this solution should be used when the Client is coming in from a trusted network. The above solution will allow all tcp 4172 and UDP 4172 traffic through the F5 without having first been verified as from a known source. This might be considered a security breach.
If you want to remove the Security Servers and access your View environment from an untrusted network then I'd suggest you configure the iApp to utilize a DTLS VPN, by answering yes to the "Do you want to deploy Access Policy Manager (APM) at this time?"
In a future release of APM we will have our full- PCoIP Proxy feature built in and we will be able to authorize and authenticate all PCoIP traffic, and only allow that traffic through to the internal Subnets that has been validated as from a known good source. This will allow for the removal of the Security Servers from the DMZ, Secure access from an untrusted network, without the use of a DTLS VPN.
Paul