locked
DMZ - internal clients ports RRS feed

  • Question

  • I've the articles but I still do not know, what ports should be open on the DMZ internal interface of Edge and Reverse proxy and what ports should be open on the clients. I mean the relation DMZ - internal clients in both directions.
    Friday, December 2, 2011 8:36 AM

Answers

All replies

  • Hi,

    Run the Lync Server Planning tool and you can get an idea of what ports need to be opened and from/to where.

    http://www.microsoft.com/download/en/details.aspx?id=19711

     


    Thamara. MCTS, MCITP Ent Admin, Specialized in U.C Voice OCS 2007 R2
    • Marked as answer by Sharon.Shen Thursday, December 8, 2011 1:27 AM
    Friday, December 2, 2011 9:10 AM
  • I made that. There is information what ports should be open on internal and external firewalls. I understand that ports open on internal firewall concern FE and internal computers too.

    It means between DMZ and LAN (internal users) there should be ports open:

    3478 (in both directions)

    5062 (to Edge server)

    443 (to Edge server)

    And it is all ?

    Friday, December 2, 2011 9:34 AM
  • in addition there should be 50,000-59,999 UDP/TCP should be open (Both Directions) and 5061 TCP as well
    Thamara. MCTS, MCITP Ent Admin, Specialized in U.C Voice OCS 2007 R2
    Friday, December 2, 2011 10:05 AM
  • This TechNet article details comprehensively what ports are required to be open on both the external and internal firewalls for the Edge Server - Reference Architecture 1: Port Summary for Single Consolidated Edge. This should help you out. :)

    Justin Morris | Consultant | Modality Systems
    Lync Blog - www.justin-morris.net
    Twitter: @jm_deluxe
    If this post has been useful please click the green arrow to the left or click "Propose as answer"

    • Proposed as answer by Charbel Hanna Friday, December 2, 2011 11:02 AM
    • Marked as answer by Sharon.Shen Thursday, December 8, 2011 1:27 AM
    Friday, December 2, 2011 10:15 AM
  • Ok so in summary:

    DMZ (edge internal) - LAN:

    3478 UDP (in both directions)

    5062 TCP (to Edge server)

    443 TCP (to Edge server)

    5061 TCP (in both directions)

    50,000 -59,000 UDP/TPC (in both directions)

    Thanks, I must test it.

    Friday, December 2, 2011 10:20 AM
  • Try it out and let us know the outcome :)

     


    Thamara. MCTS, MCITP Ent Admin, Specialized in U.C Voice OCS 2007 R2
    Friday, December 2, 2011 10:21 AM