Opening ports in a firewall for Sun Ray client access
The Sun Ray architecture has many values when considered from a security perspective, and therefore that is often what drives a customer's interest in Sun Rays. As a result, sometimes when a customer looks to deploy Sun Rays in their existing infrastructure, they encounter firewalls that need to be traversed. I'm not making recommendations here about where the Sun Ray clients should sit in relation to the Sun Ray server these situations. And there are other ways, such as using a VPN router, to traverse a firewall between a Sun Ray client and server. I am providing an answer to a question that arises, which is what ports need to be opened in a firewall for a DTU to work with a Sun Ray server on the other side of the firewall.
tcp / udp ports 7009
tcp (inbound) / udp (outbound) ports > 32768 (ie. 32768-65535)
The udp port range can be restricted if you define
utservices-low and utservices-high in /etc/services as the
lower and upper limits of the port number.
utservices-low 40000/udp # SUNWut start of UDP range
utservices-high 42000/udp # SUNWut end of UDP range
utservices-low and -high apply only to server-side port
numbers on an SRSS 3.1 server. DTU firmware still takes
dynamic port numbers from a much wider range, i.e. the tcp
inbound ports are still in the 32768-65535 range.
The following is a list of the minimum ports required for a Sun Ray client to function, although not all functionality will be possible, for example USB devices won't work. Always do plenty of testing in your environment to verify how best to balance your functionality requirements with your security requirements. For more on the full range of ports that the Sun Ray Server Software uses, check out the /etc/services file on a machine with Sun Ray Server Software installed.
These ports are strictly Sun Ray port requirements, and do not include DHCP, DNS, etc that you may need depending on how you deploy the DTUs in relation to these services, i.e. if your DHCP server is on the other side of the firewall from your Sun Ray DTU, you need to open the ports to allow DHCP.