none
Skype for Business Clients behind Proxy -->Internet-->Skype for Business On Prem

    Question

  • Hi,

    We have users who sits behind the firewall and they want to connect to Skype for business on prem.

    Below is the configuration

    Skype for Business Client (Highly Secure)-->Proxy-->Internet-->Skype for Business Prem.

    We have published access, av and webcon on 443 but they are not able to connect.

    What should be ports opened for clients behind proxy to connect to skype for business on prem.

    Clients on pure internet have no problems in connecting.

    Also, I tried one of there laptops to connect using pure internet it was successful. So, Machine policies is not an issue.

    Sunday, March 19, 2017 2:45 AM

All replies

  • Hi Nothing,

    Regarding this issue, did you mean when you don’t use proxy sign in SFB client, it is successful, is that right?

    If this is the issue, based on my understanding, there may be no issue with SFB Edge server and Front end server side, the issue may be caused by the proxy server, so we suggest you check the configuration of your proxy server.


    Regards,

    Alice Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 20, 2017 3:07 AM
    Moderator
  • Hope this is internal connection.Login to skype for business you need to have webserver access with 443 and FE servers and Pool name with 5061

    For AV connectivity,between clients you need to have media port ranges(1024-65K) opened.else you can open ports towards edge internal interface from client segments which is 443 TCP and 3478 UDP


    Jayakumar K

    Monday, March 20, 2017 10:35 AM
  • Check the ports required from the client side in performing logon and sharing capabilities , make sure these are open on the proxy side. 

    Component

    Port

    Protocol

    Notes

    Clients

    67/68

    DHCP

    Used by Skype for Business Server to find the Registrar FQDN (that is, if DNS SRV fails and manual settings are not configured).

    Clients

    443

    TCP (TLS)

    Used for client-to-server SIP traffic for external user access.

    Clients

    443

    TCP (PSOM/TLS)

    Used for external user access to web conferencing sessions.

    Clients

    443

    TCP (STUN/MSTURN)

    Used for external user access to A/V sessions and media (TCP)

    Clients

    3478

    UDP (STUN/MSTURN)

    Used for external user access to A/V sessions and media (UDP)

    Clients

    5061

    TCP (MTLS)

    Used for client-to-server SIP traffic for external user access.

    Clients

    6891-6901

    TCP

    Used for file transfer between Skype for Business clients and previous clients.

    Clients

    1024-65535 *

    TCP/UDP

    Audio port range (minimum of 20 ports required)

    Clients

    1024-65535 *

    TCP/UDP

    Video port range (minimum of 20 ports required).

    Clients

    1024-65535 *

    TCP

    Peer-to-peer file transfer (for conferencing file transfer, clients use PSOM).

    Clients

    1024-65535 *

    TCP

    Application sharing.


    Linus || Please mark posts as answers/helpful if it answers your question.

    Monday, March 20, 2017 11:42 AM