Solved

What ports do I need to open for Lync in our FW

Posted on 2011-03-10
4
3,025 Views
Last Modified: 2013-11-29
I have one server running Lync 2010. No Front end servers. Standard Edition.
Internally it works fine for my users using Lync Client.
Server name is server.company.se with a proper certificate.

What ports do I need to open in our external firewall in order to connect from outside?
5061, 443, more?

I'm also in charge over our external DNS.
What records do i need for server.company.se ?  autodiscovery? sip tcp tls?

Thanks /Jonas
0
Comment
Question by:jetpak
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35099111
Odd that the ports are listed in the poster  http://social.technet.microsoft.com/wiki/contents/articles/lync-server-2010-firewall-port-settings.aspx

I'm going to add some zones for this question so it gets better visibility with the Lync/OCS folks.

Thanks

Mike
0
 
LVL 15

Expert Comment

by:Lee Osborne
ID: 35099141
Although I don't have any direct Lync experience, this Technet article may help:

http://207.46.16.252/en-us/library/gg425882.aspx

Lee
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 35099271
You won't get this to work as you expect. The problem is more than just a port issue. The problem here is that SIP, as a protocol, has IP address information embedded in the actual data stream. This means that any NAT traversal breaks that information and an external Lync client cannot properly find, negotiate the mTLS handshake, and complete the transaction due to this mismatch.

Even worse, because mTLS is used, the packets cannot be rewritten en00route, so even the few firewalls that understand SIP (and very very few do) can only change *unseured) SIP traffic, which does not apply to Lync.

You have to deploy an edge server; that is why the role exists.

-Cliff
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now