This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Skype for Business Clients behind Proxy -->Internet-->Skype for Business On Prem

Question
0

Sign in to vote

Hi,

We have users who sits behind the firewall and they want to connect to Skype for business on prem.

Below is the configuration

Skype for Business Client (Highly Secure)-->Proxy-->Internet-->Skype for Business Prem.

We have published access, av and webcon on 443 but they are not able to connect.

What should be ports opened for clients behind proxy to connect to skype for business on prem.

Clients on pure internet have no problems in connecting.

Also, I tried one of there laptops to connect using pure internet it was successful. So, Machine policies is not an issue.

Sunday, March 19, 2017 2:45 AM

All replies

0

Sign in to vote
Hi Nothing,

Regarding this issue, did you mean when you don’t use proxy sign in SFB client, it is successful, is that right?

If this is the issue, based on my understanding, there may be no issue with SFB Edge server and Front end server side, the issue may be caused by the proxy server, so we suggest you check the configuration of your proxy server.
Regards,

Alice Wang

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Proposed as answer by Alice-Wang Friday, March 24, 2017 8:45 AM
Monday, March 20, 2017 3:07 AM
0

Sign in to vote
Hope this is internal connection.Login to skype for business you need to have webserver access with 443 and FE servers and Pool name with 5061

For AV connectivity,between clients you need to have media port ranges(1024-65K) opened.else you can open ports towards edge internal interface from client segments which is 443 TCP and 3478 UDP

Jayakumar K
- Proposed as answer by Alice-Wang Friday, March 24, 2017 8:45 AM
Monday, March 20, 2017 10:35 AM

Sign in to vote

Sign in to vote

Check the ports required from the client side in performing logon and sharing capabilities , make sure these are open on the proxy side.

Component	Port	Protocol	Notes
Clients	67/68	DHCP	Used by Skype for Business Server to find the Registrar FQDN (that is, if DNS SRV fails and manual settings are not configured).
Clients	443	TCP (TLS)	Used for client-to-server SIP traffic for external user access.
Clients	443	TCP (PSOM/TLS)	Used for external user access to web conferencing sessions.
Clients	443	TCP (STUN/MSTURN)	Used for external user access to A/V sessions and media (TCP)
Clients	3478	UDP (STUN/MSTURN)	Used for external user access to A/V sessions and media (UDP)
Clients	5061	TCP (MTLS)	Used for client-to-server SIP traffic for external user access.
Clients	6891-6901	TCP	Used for file transfer between Skype for Business clients and previous clients.
Clients	1024-65535 *	TCP/UDP	Audio port range (minimum of 20 ports required)
Clients	1024-65535 *	TCP/UDP	Video port range (minimum of 20 ports required).
Clients	1024-65535 *	TCP	Peer-to-peer file transfer (for conferencing file transfer, clients use PSOM).
Clients	1024-65535 *	TCP	Application sharing.

Linus || Please mark posts as answers/helpful if it answers your question.

Proposed as answer by Alice-Wang Friday, March 24, 2017 8:45 AM

Monday, March 20, 2017 11:42 AM