Solved

What ports do I need to open for Lync in our FW

Posted on 2011-03-10
4
3,029 Views
Last Modified: 2013-11-29
I have one server running Lync 2010. No Front end servers. Standard Edition.
Internally it works fine for my users using Lync Client.
Server name is server.company.se with a proper certificate.

What ports do I need to open in our external firewall in order to connect from outside?
5061, 443, more?

I'm also in charge over our external DNS.
What records do i need for server.company.se ?  autodiscovery? sip tcp tls?

Thanks /Jonas
0
Comment
Question by:jetpak
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35099111
Odd that the ports are listed in the poster  http://social.technet.microsoft.com/wiki/contents/articles/lync-server-2010-firewall-port-settings.aspx

I'm going to add some zones for this question so it gets better visibility with the Lync/OCS folks.

Thanks

Mike
0
 
LVL 15

Expert Comment

by:Lee Osborne
ID: 35099141
Although I don't have any direct Lync experience, this Technet article may help:

http://207.46.16.252/en-us/library/gg425882.aspx

Lee
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 35099271
You won't get this to work as you expect. The problem is more than just a port issue. The problem here is that SIP, as a protocol, has IP address information embedded in the actual data stream. This means that any NAT traversal breaks that information and an external Lync client cannot properly find, negotiate the mTLS handshake, and complete the transaction due to this mismatch.

Even worse, because mTLS is used, the packets cannot be rewritten en00route, so even the few firewalls that understand SIP (and very very few do) can only change *unseured) SIP traffic, which does not apply to Lync.

You have to deploy an edge server; that is why the role exists.

-Cliff
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question