Topic Last Modified: 2013-03-15

Port, protocol and firewall requirements for federation with Microsoft Lync Server 2013, Lync Server 2010 and Office Communications Server are similar to those for the deployed Edge Server. Clients initiate communication with the Access Edge service over TLS/SIP/TCP 443. Federated partners however, will initiate communications to the Access Edge service over MTLS/SIP/TCP 5061.

To configure your firewall for ports and protocols necessary to support public instant messaging connectivity, first note that SIP/MTLS/TCP 5061 is bidirectional to account for the ability of contacts in the public IM provider to contact Lync clients, or for Lync to contact public IM contacts.

Windows Live Messenger can participate in audio/video communications with Lync clients. This accounts for the very similar firewall port and protocol configuration that you would typically have on the firewall to support Lync clients as external users.

Important:
More than ever, Lync is a powerful tool for connecting across organizations and with individuals around the world. Federation with Windows Live Messenger requires no additional user/device licenses beyond the Lync Standard Client Access License (CAL). Skype federation will be added to this list, enabling Lync users to reach hundreds of millions of people with IM and voice.

Federation with Messenger client contacts will officially end on March 15, 2013, except for mainland China. Skype will become the federation client for federated users who previously used Messenger.

The ports and protocols defined for the extensible messaging and presence protocol (XMPP) proxy deployed on the Edge Server allow communications from the XMPP federated partner to the Edge Server, and also allows communication from your Edge Server to the XMPP federated partner. A rule is also defined on the internal-facing firewall from the Front End Server or Front End pool to the Edge Server or Edge pool.

Firewall Summary - SIP Federation

Role/Protocol/TCP or UDP/Port Source IP address Destination IP address Notes

Access/SIP(MTLS)/TCP/5061

Access Edge service public IP address

Any

For federated and public IM connectivity using SIP

Firewall Summary – Public Instant Messaging Connectivity

Role/Protocol/TCP or UDP/Port Source IP address Destination IP address Notes

Access/SIP(MTLS)/TCP/5061

Public IM connectivity partners

Edge Server Access interface

For federated and public IM connectivity that use SIP.

Access/SIP(MTLS)/TCP/5061

Edge Server Access interface

Public IM connectivity partners

For federated and public IM connectivity that use SIP.

Access/SIP(TLS)/TCP/443

Clients

Edge Server Access interface

Client-to-server SIP traffic for external user access.

A/V/RTP/TCP/50,000-59,999

Edge Server Access interface

Live Messenger clients

Used for A/V sessions with Windows Live Messenger if public IM connectivity is configured.

A/V/STUN,MSTURN/UDP/3478

Edge Server Access interface

Live Messenger clients

Required for public IM connectivity with Windows Live Messenger.

A/V/STUN,MSTURN/UDP/3478

Live Messenger clients

Edge Server Access interface

Required for public IM connectivity with Windows Live Messenger.

Firewall Summary - Extensible Messaging and Presence Protocol (XMPP)

Protocol/TCP or UDP/Port Source (IP address) Destination (IP address) Comments

XMPP/TCP/5269

Any

Access Edge service interface IP address

Standard server-to-server communication port for XMPP. Allows communication to the Edge Server XMPP proxy from federated XMPP partners

XMPP/TCP/5269

Access Edge service interface IP address

Any

Standard server-to-server communication port for XMPP. Allows communication from the Edge Server XMPP proxy to federated XMPP partners

XMPP/MTLS/23456

Any

Internal Edge Server Interface IP

Internal XMPP traffic from the XMPP Gateway on the Front End Server or Front End pool to the Edge Server

See Also