locked
what are the ports required for Lync? RRS feed

  • Question

  • Dear Lync Expert,

    I would like to allow clients to access lync via the SSL VPN, which is safer in term of security. May i know what kind of ports that i should allowed in the firewall in order to achieve this?

    Thanks

    Regards,

    H

    Sunday, April 30, 2017 2:57 PM

Answers

  • Hi Alice,

    Thanks for the advise.

    I tried to allow only:

    https: 443

    SIP: 5060, 5061

    It is able to work without have to open up the whole range of ports. basically, we use it only for chatting.

    Thanks

    Regards,

    H

    • Proposed as answer by Alice-Wang Wednesday, May 3, 2017 8:48 AM
    • Marked as answer by Henry2050 Wednesday, May 3, 2017 9:51 AM
    Tuesday, May 2, 2017 10:27 AM

All replies

  • Hi Herry,

    Based on your description, I understand that you want use Lync for external access.

    If this is your requirement, we suggest you install Edge server for your environment because Edge server is the required component for external access, please refer to

    https://technet.microsoft.com/en-us/library/gg425779(v=ocs.15).aspx

    The following blog is about Edge server ports you need to open, please refer to

    https://technet.microsoft.com/en-us/library/gg425891(v=ocs.15).aspx


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 1, 2017 2:41 AM
  • Hi Herry,

    Based on your description, I understand that you want use Lync for external access.

    If this is your requirement, we suggest you install Edge server for your environment because Edge server is the required component for external access, please refer to

    https://technet.microsoft.com/en-us/library/gg425779(v=ocs.15).aspx

    The following blog is about Edge server ports you need to open, please refer to

    https://technet.microsoft.com/en-us/library/gg425891(v=ocs.15).aspx


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Hi Alice,

    Thanks for the advise on how to setup edge servers.

    However, actually what we want to achieve is we don't want to allow users to access lync externally as it pose some security risk. Thus, we would like to actually allow lync connection when the user is connected to the SSL VPN only.

    That's why i would like to know what ports that i need to whitelist in firewall for the connection to the internal lync server.

    Please help to advise.

    Many Thanks

    Regards,

    H

    Monday, May 1, 2017 7:03 AM
  • Hi Herry,

    please refer to

    This article is for your reference
    https://blogs.technet.microsoft.com/nexthop/2011/11/14/enabling-lync-media-to-bypass-a-vpn-tunnel/

    Moreover, please read this article which describes the ports and protocols for Lync internal server
    https://technet.microsoft.com/en-us/library/gg398833.aspx


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 1, 2017 7:23 AM
  • Hi Alice,

    Thanks for the advise.

    I tried to allow only:

    https: 443

    SIP: 5060, 5061

    It is able to work without have to open up the whole range of ports. basically, we use it only for chatting.

    Thanks

    Regards,

    H

    • Proposed as answer by Alice-Wang Wednesday, May 3, 2017 8:48 AM
    • Marked as answer by Henry2050 Wednesday, May 3, 2017 9:51 AM
    Tuesday, May 2, 2017 10:27 AM
  • Hi Herry,

    You could mark your reply as an answer, it will help others who has the similar issue


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 3, 2017 8:49 AM
  • You may use either lync as external or internal through VPN.For access it through VPN you need to have all internal ports allowed.Which are

    5061 to FE Pool

    443 to Internal Webservices

    For Desktop Sharing and AV from VPN you may need media port ranges to LAN client IPs or edge internal Interface with 443,UDP 3478)

    Also you need to have all internal DNS resolution to Lync pool,webservices etc..


    Jayakumar K

    Wednesday, May 3, 2017 9:20 AM
  • You may use either lync as external or internal through VPN.For access it through VPN you need to have all internal ports allowed.Which are

    5061 to FE Pool

    443 to Internal Webservices

    For Desktop Sharing and AV from VPN you may need media port ranges to LAN client IPs or edge internal Interface with 443,UDP 3478)

    Also you need to have all internal DNS resolution to Lync pool,webservices etc..


    Jayakumar K

    Hi  Jayakumar,

    Yes. I have actually allowed 443 and 5061.

    Almost forgot about desktop sharing. May I know what are the specific ports for this activity?

    Thanks

    Regards,

    H

    Wednesday, May 3, 2017 9:45 AM