?
Solved

What ports do I need to open for Lync in our FW

Posted on 2011-03-10
4
Medium Priority
?
3,035 Views
Last Modified: 2013-11-29
I have one server running Lync 2010. No Front end servers. Standard Edition.
Internally it works fine for my users using Lync Client.
Server name is server.company.se with a proper certificate.

What ports do I need to open in our external firewall in order to connect from outside?
5061, 443, more?

I'm also in charge over our external DNS.
What records do i need for server.company.se ?  autodiscovery? sip tcp tls?

Thanks /Jonas
0
Comment
Question by:jetpak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35099111
Odd that the ports are listed in the poster  http://social.technet.microsoft.com/wiki/contents/articles/lync-server-2010-firewall-port-settings.aspx

I'm going to add some zones for this question so it gets better visibility with the Lync/OCS folks.

Thanks

Mike
0
 
LVL 15

Expert Comment

by:Lee Osborne
ID: 35099141
Although I don't have any direct Lync experience, this Technet article may help:

http://207.46.16.252/en-us/library/gg425882.aspx

Lee
0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 35099271
You won't get this to work as you expect. The problem is more than just a port issue. The problem here is that SIP, as a protocol, has IP address information embedded in the actual data stream. This means that any NAT traversal breaks that information and an external Lync client cannot properly find, negotiate the mTLS handshake, and complete the transaction due to this mismatch.

Even worse, because mTLS is used, the packets cannot be rewritten en00route, so even the few firewalls that understand SIP (and very very few do) can only change *unseured) SIP traffic, which does not apply to Lync.

You have to deploy an edge server; that is why the role exists.

-Cliff
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses
Course of the Month8 days, 22 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question