none
Lync Client port usage for Desktop/Application sharing.

    Question

  • We are in the middle of upgrading from OCS 2007 to Lync 2010.

    Our Network topology is quite segmented with multiple sites and locations all around the country. Network has many many subnets with firewalls in between. Our Information Security group is not allowing us to open Full RPC between all users in the company. As such I've been trying to research how to restrict Lync down to a few ports.

    I found this article: http://technet.microsoft.com/en-us/library/gg405406 which seems to give promise of restricting the Application and conferencing peices down to a limited number of ports which would make our security people a LOT happier.

    However, Does the setting described in that article only effect peer to peer connections or also effect the peer to server connection as well?

    Attached Diagram:

    Thursday, May 24, 2012 6:46 PM

All replies

  • The ClientMediaPortRange parameter indicates the total number of ports available for client media.

    For example, if ClientMediaPort is set to 5350 and ClientMediaPortRange is set to 3, then the following three ports are available for client media: 5350; 5351; 5352.


    Noya Lau

    TechNet Community Support

    Saturday, May 26, 2012 12:21 PM
    Moderator
  • I understand how the port ranges are set. My question was to which connections those port ranges apply to on the diagram above.

    My company has a very segmented network architecture. There is a firewall between the Lync servers and the rest of the network as well as firewalls between groups of users (example: between our Chantilly, VA and our branch locations across the globe). For that reason we need to know exactly what data is going where and the documentation on this is sorely lacking.

    • Edited by wyrdone Tuesday, May 29, 2012 1:12 PM
    Tuesday, May 29, 2012 1:09 PM
  • Get-CsConferencingConfiguration are client side restrictions and are applicable to conferencing as well as peer-to-peer traffic. For configuring server side ports see http://technet.microsoft.com/en-us/library/gg405405

    I'd also recommend the following blog written by an MVP which discusses port ranges and media negotiation in Lync: http://www.shudnow.net/2010/12/06/lync-server-2010-port-ranges-and-audiomedia-negotiation/

    HTH

    Akshat

    Saturday, June 02, 2012 7:11 AM
  • By default the communication between the Lync Endpoints (Client and Server could be endpoint) all higher ports 1024-65535 will be used. As Akshat mentioned you have to configure your port range for all Lync Services if you have higher restrictions from you networkteam and to test all function in Lync.

    regards Holger Technical Specialist UC

    Thursday, June 07, 2012 12:04 PM
  • Open https 443 and/or udp 3478 to Lync Edge (internal) interface from all LAN subnets on your "hardware" firewall. You dont have to open 1024-65xxx ports between sites

    Wednesday, September 05, 2012 10:42 AM