Solved

What ports do I need to open for Lync in our FW

Posted on 2011-03-10
4
3,033 Views
Last Modified: 2013-11-29
I have one server running Lync 2010. No Front end servers. Standard Edition.
Internally it works fine for my users using Lync Client.
Server name is server.company.se with a proper certificate.

What ports do I need to open in our external firewall in order to connect from outside?
5061, 443, more?

I'm also in charge over our external DNS.
What records do i need for server.company.se ?  autodiscovery? sip tcp tls?

Thanks /Jonas
0
Comment
Question by:jetpak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35099111
Odd that the ports are listed in the poster  http://social.technet.microsoft.com/wiki/contents/articles/lync-server-2010-firewall-port-settings.aspx

I'm going to add some zones for this question so it gets better visibility with the Lync/OCS folks.

Thanks

Mike
0
 
LVL 15

Expert Comment

by:Lee Osborne
ID: 35099141
Although I don't have any direct Lync experience, this Technet article may help:

http://207.46.16.252/en-us/library/gg425882.aspx

Lee
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 35099271
You won't get this to work as you expect. The problem is more than just a port issue. The problem here is that SIP, as a protocol, has IP address information embedded in the actual data stream. This means that any NAT traversal breaks that information and an external Lync client cannot properly find, negotiate the mTLS handshake, and complete the transaction due to this mismatch.

Even worse, because mTLS is used, the packets cannot be rewritten en00route, so even the few firewalls that understand SIP (and very very few do) can only change *unseured) SIP traffic, which does not apply to Lync.

You have to deploy an edge server; that is why the role exists.

-Cliff
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question