Topic Last Modified: 2012-10-22

Firewall port requirements for a single Director consist of the ports that are used to establish communication with the Director from the internal interface or internal-facing network of the reverse proxy. Microsoft Lync Server 2013 by default expects ports HTTP/TCP 8080 and HTTPS/TCP 4443 to be open from the reverse proxy to the Director, as well as the Front End pool and Front End Server. Additionally, there must be session initiation protocol (SIP) communication from the Edge Server internal interface to the Director and to the Front End pool and Front End Server. The SIP protocol uses SIP/MTLS/TCP 5061 from the Edge Server to the Front End pool and Front End Server. A rule that allows SIP/MTLS/TCP 5061 communication from the Director, Front End pool and Front End Server to the Edge Server internal interface must be created as well.

Single Director Ports and Protocols for Firewall Definitions

Role/Protocol/TCP or UDP/Port Source IP address Destination IP address Notes

HTTP/TCP 8080

Reverse proxy internal interface

Director Hardware Load Balancer VIP

Initially received by the external side of the reverse proxy, the communication is sent on to the Director HLB VIP and Front End Server web services.

HTTPS/TCP 4443

Reverse proxy internal interface

Director Hardware Load Balancer VIP

Initially received by the external side of the reverse proxy, the communication is sent on to the Director HLB VIP and Front End Server web services.

HTTPS/TCP 444

Director

Front End pool or Front End Server

Inter-server communication between the Director HLB VIP and the Front End Server or Front End Servers.

HTTP/TCP 80

Internal Clients

Director Hardware Load Balancer VIP

The Director provides web services to internal as well as external clients.

HTTPS/TCP 443

Internal Clients

Director Hardware Load Balancer VIP

The Director provides web services to internal as well as external clients.

SIP/MTLS/TCP 5061

Edge Server internal interface

Director

SIP communication from the Edge Server to the Director, as well as the Front End Servers.

MTLS/TCP/50001

Any

Director

Centralized Logging Service controller (ClsController.exe) or agent (ClsAgent.exe)commands and log collection

MTLS/TCP/50002

Any

Director

Centralized Logging Service controller (ClsController.exe) or agent (ClsAgent.exe)commands and log collection

MTLS/TCP/50003

Any

Director

Centralized Logging Service controller (ClsController.exe) or agent (ClsAgent.exe)commands and log collection