I have a network segment off my firewall for some untrusted clients. When the untrusted clients connect to View (5.3) they use a DNS name that resolves to a DMZ host (View Security Server). This is where I think the problem is: It seems that Security Server responds with it's external IP address and then all the PCoIP traffic gets routed out to my router (where the external IP address can be found) and then back in to View and the client. SSL login traffic works fine, traffic stays inside and does not get directed to the external IP. It's only PCoIP traffic that gets directed to use the external IP.
It seems like DNS is not enough - Security Server seems to respond and connect using only the external IP configured in the PCoIP External URL field - is this correct? If so, then there needs to be an override for the External URL so that internal untrusted traffic doesn't get routed out to the external IP - this creates a lot of unnecessary traffic, messes with QoS, etc.
Another thought would be to allow the untrusted clients to connect directly to a Connection Server instead of sending them to the Security Server, but I don't believe this is a best practice...?
Mike
