none
Using an Internet Web Filter Appliance with MS Lync 2010 installed

    Domanda

  • Hello,<o:p></o:p>

    I have a
    Domain with MS Lync Enterprise installed. At the office where all of the Lync Servers are located, it has been asked to install a Web Content Filter Appliance. One was purchased, setup and installed. I can Filter & Monitor traffic when I plug it into our Network/Internet. BUT - When I do so, ALL outbound phone calls are being blocked from our VoIP phones and Lync Clients on the PC. I cannot block the IP Addresses of the Phones because our phones get a DHCP Address. The PC Cannot be blocked because that would defeat the purpose of the Filter being in place. I guess what I need to know is: What "ports" on the Web Content Filter Appliance need to be in the
    Exclusion list? I have located a list on the MS site for "Ports and Protocols for Internal Servers" ( http://technet.microsoft.com/en-us/library/gg398833.aspx ), but I am not sure if all of those ports listed need to be in the Exclusion range. I noticed a "Client" section near the bottom of the page that listed our phones (using ports 67/68), what about the other Client ports for the PC?<o:p></o:p>

    If you are willing to share your experience with Web Filter Appliance and LYNC, please let me know what you did to resolve it.<o:p></o:p>


    B.


    Brent_c76

    venerdì 18 maggio 2012 15:37

Risposte

  • Hi,Brent,

    I am afraid I don'y know Web Filter Applicance,but for Lync ports and protocols you can check the Lync workload poster (Download it from here ) and determin which ports and protocols will be used for Lync audio/video.Per my knownledge you not only exclude the media ports for client but also need exclude the required media ports for incoming and outbound traffic on mediation server.

    Another more useful blog post talking about the media negotiation for your reference.

    http://www.shudnow.net/2010/12/06/lync-server-2010-port-ranges-and-audiomedia-negotiation/ 

    Hope this helpful!

    B/R

    Sharon


    Sharon Shen

    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    lunedì 21 maggio 2012 07:36
  • We do not have any guidance on Lync in an environment with web content filter appliance.

    Why is the the content filter appliance  scanning the traffic from the client which is not web content

    Lync client will talk to the Lync server for sip signaling on port 5061 using any source port

    Lync client will use source ports in the range 1024-65535 (TCP/UDP ) for media traffic,  refer to http://technet.microsoft.com/en-us/library/gg398833.aspx for ports which will be used on the servers for media

    Lync client will connect to 443 port of the server for https features, like address book download, dl expansion etc

    Lync client will also connect to the edge server on udp 3478, tcp 443 for ICE protocol

    I recommend follow the technet and exclude the ports from scanning

    giovedì 24 maggio 2012 08:20

Tutte le risposte

  • Hi,Brent,

    I am afraid I don'y know Web Filter Applicance,but for Lync ports and protocols you can check the Lync workload poster (Download it from here ) and determin which ports and protocols will be used for Lync audio/video.Per my knownledge you not only exclude the media ports for client but also need exclude the required media ports for incoming and outbound traffic on mediation server.

    Another more useful blog post talking about the media negotiation for your reference.

    http://www.shudnow.net/2010/12/06/lync-server-2010-port-ranges-and-audiomedia-negotiation/ 

    Hope this helpful!

    B/R

    Sharon


    Sharon Shen

    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    lunedì 21 maggio 2012 07:36
  • Thanks, Sharon.Shen.

    I have not seen that layout yet, very informative.

    B.


    Brent_c76

    lunedì 21 maggio 2012 15:38
  • We do not have any guidance on Lync in an environment with web content filter appliance.

    Why is the the content filter appliance  scanning the traffic from the client which is not web content

    Lync client will talk to the Lync server for sip signaling on port 5061 using any source port

    Lync client will use source ports in the range 1024-65535 (TCP/UDP ) for media traffic,  refer to http://technet.microsoft.com/en-us/library/gg398833.aspx for ports which will be used on the servers for media

    Lync client will connect to 443 port of the server for https features, like address book download, dl expansion etc

    Lync client will also connect to the edge server on udp 3478, tcp 443 for ICE protocol

    I recommend follow the technet and exclude the ports from scanning

    giovedì 24 maggio 2012 08:20
  • After some testing I have placed an exclusion on the DHCP Address range with the port associations of 67,68,443,3478,5061.  I was able to locate exactly what I needed from the Chart that you led me to.  I needed to know what Client ports to exclude, and that helped me greatly.


    Brent_c76

    martedì 29 maggio 2012 13:16
  • After some testing I have placed an exclusion on the DHCP Address range with the port associations of 67,68,443,3478,5061.


    Brent_c76


    • Modificato Brent_c76 martedì 29 maggio 2012 13:17 edit text
    martedì 29 maggio 2012 13:16