locked
Lync Edge - Ports for internal NIC RRS feed

  • Question

  • Hello,

    I know that Microsoft says that Edge should have 2 NICs where one is connected to DMZ, another one is connected to LAN. At the same time, all Microsoft diagrams show that Lync Edge is between two firewalls.

    We have a client who insist that Lync Edge should not be connected directly to LAN, so we are trying to set it up using two different DMZ. The problem that I have is firewall ports. Different diagrams show me different ports, but none of them show me everything. For example, what ports should be opened to request certificate for Internal CA? My firewall guy tells me that he opened ports 80 and 443 but Lync Wizard cannot connect to Internal CA.

    Does anyone have a list of ports/protocols/directions that should be opened for Internal DMZ firewall?


    Thank you. Eric.


    • Edited by KPABA Monday, August 18, 2014 2:12 PM
    Monday, August 18, 2014 2:08 PM

Answers

  • Have you looked at: http://technet.microsoft.com/en-us/library/gg425891.aspx also the Lync Validator site does have an internal firewall list (http://lyncvalidator.com/)

    Please mark posts as answers/helpful if it answers your question.
    Blog
    Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

    • Marked as answer by Lisa.zheng Sunday, August 31, 2014 6:56 AM
    Monday, August 18, 2014 5:33 PM
  • To request certificate for Lync Edge server, you user Lync Wizard to create the certificate request file and request the certificate via the web to a Windows Server CA.

    You need to open the port 80 and port 443 between Edge Server and Windows Server CA.

    Microsoft diagrams only describe the traffic between Lync Edge Server and Front End Server.


    Lisa Zheng
    TechNet Community Support

    • Marked as answer by Lisa.zheng Sunday, August 31, 2014 6:56 AM
    Tuesday, August 19, 2014 2:43 AM

All replies

  • I confirmed that ports 80 and 443 are not opened yet, but still want to know if I can find a list of ports/protocols/directions that should be opened for Internal DMZ firewall.

    Thank you. Eric.

    Monday, August 18, 2014 2:56 PM
  • Have you looked at: http://technet.microsoft.com/en-us/library/gg425891.aspx also the Lync Validator site does have an internal firewall list (http://lyncvalidator.com/)

    Please mark posts as answers/helpful if it answers your question.
    Blog
    Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

    • Marked as answer by Lisa.zheng Sunday, August 31, 2014 6:56 AM
    Monday, August 18, 2014 5:33 PM
  • To request certificate for Lync Edge server, you user Lync Wizard to create the certificate request file and request the certificate via the web to a Windows Server CA.

    You need to open the port 80 and port 443 between Edge Server and Windows Server CA.

    Microsoft diagrams only describe the traffic between Lync Edge Server and Front End Server.


    Lisa Zheng
    TechNet Community Support

    • Marked as answer by Lisa.zheng Sunday, August 31, 2014 6:56 AM
    Tuesday, August 19, 2014 2:43 AM