Topic Last Modified: 2013-03-15
Port, protocol and firewall requirements for federation with Microsoft Lync Server 2013, Lync Server 2010 and Office Communications Server are similar to those for the deployed Edge Server. Clients initiate communication with the Access Edge service over TLS/SIP/TCP 443. Federated partners however, will initiate communications to the Access Edge service over MTLS/SIP/TCP 5061.
To configure your firewall for ports and protocols necessary to support public instant messaging connectivity, first note that SIP/MTLS/TCP 5061 is bidirectional to account for the ability of contacts in the public IM provider to contact Lync clients, or for Lync to contact public IM contacts.
Windows Live Messenger can participate in audio/video communications with Lync clients. This accounts for the very similar firewall port and protocol configuration that you would typically have on the firewall to support Lync clients as external users.
Important: |
---|
More than ever, Lync is a powerful tool for connecting across
organizations and with individuals around the world. Federation
with Windows Live Messenger requires no additional user/device
licenses beyond the Lync Standard Client Access License (CAL).
Skype federation will be added to this list, enabling Lync users to
reach hundreds of millions of people with IM and voice. Federation with Messenger client contacts will officially end on March 15, 2013, except for mainland China. Skype will become the federation client for federated users who previously used Messenger. |
The ports and protocols defined for the extensible messaging and presence protocol (XMPP) proxy deployed on the Edge Server allow communications from the XMPP federated partner to the Edge Server, and also allows communication from your Edge Server to the XMPP federated partner. A rule is also defined on the internal-facing firewall from the Front End Server or Front End pool to the Edge Server or Edge pool.
Firewall Summary - SIP Federation
Role/Protocol/TCP or UDP/Port | Source IP address | Destination IP address | Notes |
---|---|---|---|
Access/SIP(MTLS)/TCP/5061 |
Access Edge service public IP address |
Any |
For federated and public IM connectivity using SIP |
Firewall Summary – Public Instant Messaging Connectivity
Role/Protocol/TCP or UDP/Port | Source IP address | Destination IP address | Notes |
---|---|---|---|
Access/SIP(MTLS)/TCP/5061 |
Public IM connectivity partners |
Edge Server Access interface |
For federated and public IM connectivity that use SIP. |
Access/SIP(MTLS)/TCP/5061 |
Edge Server Access interface |
Public IM connectivity partners |
For federated and public IM connectivity that use SIP. |
Access/SIP(TLS)/TCP/443 |
Clients |
Edge Server Access interface |
Client-to-server SIP traffic for external user access. |
A/V/RTP/TCP/50,000-59,999 |
Edge Server Access interface |
Live Messenger clients |
Used for A/V sessions with Windows Live Messenger if public IM connectivity is configured. |
A/V/STUN,MSTURN/UDP/3478 |
Edge Server Access interface |
Live Messenger clients |
Required for public IM connectivity with Windows Live Messenger. |
A/V/STUN,MSTURN/UDP/3478 |
Live Messenger clients |
Edge Server Access interface |
Required for public IM connectivity with Windows Live Messenger. |
Firewall Summary - Extensible Messaging and Presence Protocol (XMPP)
Protocol/TCP or UDP/Port | Source (IP address) | Destination (IP address) | Comments |
---|---|---|---|
XMPP/TCP/5269 |
Any |
Access Edge service interface IP address |
Standard server-to-server communication port for XMPP. Allows communication to the Edge Server XMPP proxy from federated XMPP partners |
XMPP/TCP/5269 |
Access Edge service interface IP address |
Any |
Standard server-to-server communication port for XMPP. Allows communication from the Edge Server XMPP proxy to federated XMPP partners |
XMPP/MTLS/23456 |
Any |
Internal Edge Server Interface IP |
Internal XMPP traffic from the XMPP Gateway on the Front End Server or Front End pool to the Edge Server |