Sign in
 
HomeOnline20132010Interop ProgramsLibraryForumsGalleryLync Blogs
TechCenter >
Cross-Firewall File Transfer in Lync

Proposed Answer Cross-Firewall File Transfer in Lync

  • Monday, November 07, 2011 7:48 AM
     
     
    Sign In to Vote
    0
    My company's security policy asks our LAN divide into several VLANs, and different computers between two VLANs should not access each other directly. That means we cannot ping each other between two VLAN. I refer to some Microsoft Libraries, and find that file transfer in lync is base on p2p. Then how can we transfer files using lync between VLANs on condition that it doesn't violate the security policy.
     

All Replies

  • Monday, November 07, 2011 12:00 PM
     
     
    Sign In to Vote
    0

    If it is restricted to use the neccessary ports for filetransfer by policy, it is only possible if the Lync client will use the Lync edge server to communicate between both Lync clients.

    But be aware that all trafic has to block between the vlans of the lync clients, so that the Lync edge will be used for all P2P communication.

    As I undersand "means we cannot ping each other between two VLAN" no communication between all Vlans?

    regards Holger Technical Specialist UC
     
  • Monday, November 07, 2011 2:36 PM
     
     
    Sign In to Vote
    0

    Yes, communication between two vlans is forbidden. You mean the only way is to deploy a edge server and using it for fie transfering ?

    In transfering file, does lync always use a random port via p2p?

     
  • Monday, November 07, 2011 5:38 PM
     
     
    Sign In to Vote
    0

    For Filetransfer lync clients use psom, so it is possible to use only 443 and 3478, if you use a Edge server

    Look at the lync Workloadposter:

    http://www.microsoft.com/download/en/details.aspx?id=6797

    regards Holger Technical Specialist UC
     
  • Tuesday, November 08, 2011 8:04 AM
    Moderator
     
     Proposed Answer
    Sign In to Vote
    0

    If the lync clients in two vlans is forbidden, how are they login?

    As long as they can login successfully, i think can initiate IM and file transfer. When the P2P connects fail, the lync IM and file transfer data flow will go via lync server.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • Tuesday, November 08, 2011 3:20 PM
     
     
    Sign In to Vote
    0

    Hi Sean,

    Why should it forbidden to use Lync in different Vlans? I have big customer installation with multiple Vlans.

    If the Vlans could reach the Lync FE and Edge Server over routing it should not be a problem because in Lync SDP/ICE is working realy good. So if the Clients will reach the Edge an all needed ports are open from each Vlan, I think filetransfer should work with link.

    regards Holger Technical Specialist UC