External A/V Firewall and Port Requirements

The firewall port requirements for external (and internal) SIP and conferencing interfaces are consistent, regardless of the version of your client or the version of the federation partner.

Configuring the Audio/Video port range of 50,000-59,999 must take into account that the port range will contain the source ports for communications to federation partners. In detail, consider that a communication is initiated from a federation partner. The communication from the A/V Edge service ports in the 50,000-59,999 range will connect to the expected port TCP 443 of the partner’s A/V Edge service. Conversely, inbound traffic to your A/V Edge service port TCP 443 will have a source port in the range of 50,000-59,999.

If your requirements are for destination ports only, the Audio/Video requirements are:

Source IP Destination IP Destination Port
A/V Edge service interface Any TCP 443
A/V Edge service interface Any UDP 3478
Any A/V Edge service interface TCP 443
Any A/V Edge service interface UDP 3478

If your policies require both inbound and outbound firewall rule definitions, the Audio/Video requirements are:

Source IP Destination IP Source Port Destination Port
A/V Edge service interface Any TCP 50,000-59,999 TCP 443
A/V Edge service interface Any UDP 3478 UDP 3478
Any A/V Edge service interface Any TCP 443
Any A/V Edge service interface Any UDP 3478
Advertisements
This entry was posted in Microsoft Lync. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s