locked
Firewall between Front End Servers and Mediation Servers RRS feed

  • Question

  • Hello,

    We are going to build new Skype for business environment for a client where we need to place Front End Servers and Mediation Servers in different Network Zone due to security reasons.

    Please suggest if it comes under MS recommended way or should we keep both role in Single Zone ? what are the ports needs to be allowed if we go with different zone ?

    Any recommendation/suggestions will be helpful.

    Best Regards,

    JinDeep

    Thursday, October 25, 2018 3:31 PM

All replies

  • Hi JinDeep,

    Based on my research, you should keep both roles in Single zone, because internal environment, external environment and DMZ are in the different Network Zone, you do not set another Network Zone for your internal environment.If you want to know more details about the port, you could refer to this link.

    Required Server Ports (by Server Role)

    Mediation Servers

    Skype for Business Server Mediation service

    5070

    TCP

    Used by the Mediation Server for incoming requests from the Front End Server.

    Mediation Servers

    Skype for Business Server Mediation service

    5067

    TCP (TLS)

    Used for incoming SIP requests from the PSTN gateway.

    Mediation Servers

    Skype for Business Server Mediation service

    5068

    TCP

    Used for incoming SIP requests from the PSTN gateway.

    Mediation Servers

    Skype for Business Server Mediation service

    5070

    TCP (MTLS)

    Used for SIP requests from the Front End Servers.

    Hardware Load Balancer Ports if Using Only Hardware Load Balancing

    Mediation Server load balancer

    5070

    TCP

    Front End Server load balancer (if the pool also runs Mediation Server)

    5070

    TCP

    Recommended IPsec Exceptions

    Mediation Server Inbound

    Any

    Mediation  Server(s)

    UDP and TCP

    Any

    Any

    Do not authenticate

    Mediation Server Outbound

    Mediation  Server(s)

    Any

    UDP and TCP

    Any

    Any

    Do not authenticate


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, October 26, 2018 2:14 AM
  • Hi,

     

    Are there any updates for this issue, if the reply is helpful, please try to mark it as an answer,  it will help others who have similar issue.


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, October 31, 2018 1:34 AM