So that is where my confusion lies; I seem to remember doing a PoC a while back where I only had to open the port on the inner firewall between the Security Server (SS) and Connection Server (CS). In a current Production environment, this does not function and the documentation states that the inner firewall needs exposure between the SS and the desktops, which seems to me to be a huge security risk and negates the usage of the SS in the first place.
This post is a good breakdown of this: http://www.ivobeerens.nl/2013/03/05/tips-for-implementing-a-vmware-horizon-view-security-server/ and this KB article shows ports opened from the SS to the desktop subnet http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1027217.