locked
Edge network configuration queston RRS feed

  • Question

  • SFB 2015.

    My current hardware setup is router - firewall - switch before an edge server is added.

    The firewall is a bridge with 2 NIC's.

    Internal network: 10.10.10.0 /24

    Router internal IP: 10.10.10.1

    Router public IP: 5.5.5.5

    What IP's should be on my internal and external interfaces on the edge/reverse proxy server?

    If needed, the hardware topology can be altered to be router - firewall - edge/reverse proxy - firewall - switch or router - firewall - edge/reverse proxy - switch 


    • Edited by Susan_773 Monday, February 3, 2020 8:01 PM
    Monday, February 3, 2020 8:00 PM

All replies

  • Hi Susan_773,

    You need to deploy a DMZ first. We recommend you use the topology firewall – edge/reverse proxy – firewall. The following diagram shows a typical network topology for Edge server.

    You should follow the article to configure Edge server network interfaces. The link is: http://blog.schertz.name/2016/03/skype-for-business-2015-edge-server-deployment/.

    In addition, you can also refer to the official document for more detailed information: https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy-edge-server/deploy-edge-servers.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Tuesday, February 4, 2020 6:03 AM
  • I need to keep the router as that is what is hosting my VPN access and runs NAT. Does your setup allow for keeping the router?

    My router has 4 internal ports, a WAN port, and a DMZ port. The router has some basic firewall functions but probably isn't a substitute for a real firewall. 

    I would like to remain with 1 public IP.

    I've been seeing setups for edge with 2 NIC's but need more info on how to set that up. The Microsoft documents say 3 NIC's.

    My firewall is a transparent bridge with 2 NIC's.

    Edge topology will be setup with 1 IP address.

    Due to hardware restraints, the Edge and standard servers will be on the same hardware as separate virtual machines. The hardware has 4 NIC's with some PCIe slots so I can get creative with those.

    Would this example work?

    Router - first firewall - edge -second firewall - switch

    Router internal IP - 10.10.10.1

    First Firewall IP - 10.10.20.1

    Edge external IP - 10.10.20.2

    Second firewall IP - 10.10.10.2

    Internal network - 10.10.10.0 /24

    Internal default gateway 10.10.10.1

    Sorry but I haven't worked with multiple subnets on the same physical network before so I am not well versed on best practice.

    Tuesday, February 4, 2020 8:11 PM
  • Hi Susan_773,

    In my understanding, your example can work well.

    You can also refer to this document to deploy Edge server: http://blog.schertz.name/2016/03/skype-for-business-2015-edge-pool-deployment/.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Wednesday, February 5, 2020 9:35 AM
  • Hi Susan_773,

    Is there any update on this case?

    Please feel free to drop us a note if there is any update.

    Have a nice day!


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, February 12, 2020 4:36 AM
  • I don’t hear from you for a long time. If you have any update, please feel free to share with us.

    Here I will provide a brief and temporary summary of this post.

     

    <Request/Expectation>:

    SFB 2015.

    My current hardware setup is router - firewall - switch before an edge server is added.

    The firewall is a bridge with 2 NIC's.

    Internal network: 10.10.10.0 /24

    Router internal IP: 10.10.10.1

    Router public IP: 5.5.5.5

    What IP's should be on my internal and external interfaces on the edge/reverse proxy server?

    If needed, the hardware topology can be altered to be router - firewall - edge/reverse proxy - firewall - switch or router - firewall - edge/reverse proxy - switch.

     

    <Suggestions>:

    You need to deploy a DMZ first. We recommend you use the topology firewall – edge/reverse proxy – firewall.

     You should follow the article to configure Edge server network interfaces. The link is: http://blog.schertz.name/2016/03/skype-for-business-2015-edge-server-deployment/.

        

    <Reference Links>:

    https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy-edge-server/deploy-edge-servers

    http://blog.schertz.name/2016/03/skype-for-business-2015-edge-pool-deployment/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, February 13, 2020 9:54 AM