Thursday, May 24, 2012 6:46 PM
We are in the middle of upgrading from OCS 2007 to Lync 2010.
Our Network topology is quite segmented with multiple sites and locations all around the country. Network has many many subnets with firewalls in between. Our Information Security group is not allowing us to open Full RPC between all users in the company. As such I've been trying to research how to restrict Lync down to a few ports.
I found this article: http://technet.microsoft.com/en-us/library/gg405406 which seems to give promise of restricting the Application and conferencing peices down to a limited number of ports which would make our security people a LOT happier.
However, Does the setting described in that article only effect peer to peer connections or also effect the peer to server connection as well?
Saturday, May 26, 2012 12:21 PMModerator
Tuesday, May 29, 2012 1:09 PM
I understand how the port ranges are set. My question was to which connections those port ranges apply to on the diagram above.
My company has a very segmented network architecture. There is a firewall between the Lync servers and the rest of the network as well as firewalls between groups of users (example: between our Chantilly, VA and our branch locations across the globe). For that reason we need to know exactly what data is going where and the documentation on this is sorely lacking.
- Edited by wyrdone Tuesday, May 29, 2012 1:12 PM
Saturday, June 02, 2012 7:11 AM
Get-CsConferencingConfiguration are client side restrictions and are applicable to conferencing as well as peer-to-peer traffic. For configuring server side ports see http://technet.microsoft.com/en-us/library/gg405405
I'd also recommend the following blog written by an MVP which discusses port ranges and media negotiation in Lync: http://www.shudnow.net/2010/12/06/lync-server-2010-port-ranges-and-audiomedia-negotiation/
Thursday, June 07, 2012 12:04 PMBy default the communication between the Lync Endpoints (Client and Server could be endpoint) all higher ports 1024-65535 will be used. As Akshat mentioned you have to configure your port range for all Lync Services if you have higher restrictions from you networkteam and to test all function in Lync.
regards Holger Technical Specialist UC
Wednesday, September 05, 2012 10:42 AM
Open https 443 and/or udp 3478 to Lync Edge (internal) interface from all LAN subnets on your "hardware" firewall. You dont have to open 1024-65xxx ports between sites