[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3040
  • Last Modified:

What ports do I need to open for Lync in our FW

I have one server running Lync 2010. No Front end servers. Standard Edition.
Internally it works fine for my users using Lync Client.
Server name is server.company.se with a proper certificate.

What ports do I need to open in our external firewall in order to connect from outside?
5061, 443, more?

I'm also in charge over our external DNS.
What records do i need for server.company.se ?  autodiscovery? sip tcp tls?

Thanks /Jonas
0
jetpak
Asked:
jetpak
1 Solution
 
Mike KlineCommented:
Odd that the ports are listed in the poster  http://social.technet.microsoft.com/wiki/contents/articles/lync-server-2010-firewall-port-settings.aspx

I'm going to add some zones for this question so it gets better visibility with the Lync/OCS folks.

Thanks

Mike
0
 
Lee OsborneCommented:
Although I don't have any direct Lync experience, this Technet article may help:

http://207.46.16.252/en-us/library/gg425882.aspx

Lee
0
 
Cliff GaliherCommented:
You won't get this to work as you expect. The problem is more than just a port issue. The problem here is that SIP, as a protocol, has IP address information embedded in the actual data stream. This means that any NAT traversal breaks that information and an external Lync client cannot properly find, negotiate the mTLS handshake, and complete the transaction due to this mismatch.

Even worse, because mTLS is used, the packets cannot be rewritten en00route, so even the few firewalls that understand SIP (and very very few do) can only change *unseured) SIP traffic, which does not apply to Lync.

You have to deploy an edge server; that is why the role exists.

-Cliff
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now