The port range is from 1024 to 65535.
The Web Skype4B listening port is automatically permitted by the firewall. The user does not have to explicitly
define a firewall policy to permit this port.
3. Click Apply.
In the CLI
Use the following command:
(host) (config) #web-server profile
Listen Lync XML messages on HTTP:
(host) (Web Server Configuration) #web-skype4b-listen-port http <listen-port>
Or
Listen Lync XML messages on HTTPS:
Before configuring the switch to receive Lync/Skype for Business SDN Interface messages using HTTPS, a server
certificate must be generated and installed on the switch. Server certificate can be generated either by the switch or
Certificate Authority (CA). For more information, see Obtaining a Server Certificate on page 855.
(host) (Web Server Configuration) #web-skype4b-listen-port https <listen-port>
To verify if the port is automatically permitted by the firewall, use the following command:
(host) #show firewall-cp
Configuring Lync/Skype for Business ALG Status
Configure the switch to read Secure SIP signaling messages sent by the Lync/Skype for Business clients on port
5061. You can enable or disable Stateful SIPS processing using the following CLI commands. This is enabled by
default.
Before you configure Lync/Skype for Business ALG status, disable classify-media. To disable classify-media, see
Disable Media Classification on page 952.
Enabling Lync/Skype for Business ALG
(host) (config) #no firewall disable-stateful-sips-processing
Disabling Lync/Skype for Business ALG
(host) (config) #firewall disable-stateful-sips-processing
Dynamically Open Firewall for UCC Clients using STUN
Prior to AOS-W 6.4, the administrator explicitly added ACLs in the user role to allow Lync/Skype for Business
traffic on the switch. Starting with AOS-W 6.4, the switch automatically allows firewall sessions for Lync/Skype
for Business voice and video calls. Firewall sessions for Lync/Skype for Business desktop-sharing and file-
transfer are not allowed. The administrator should manually open a range of TCP ports under the user role to
allow Lync/Skype for Business desktop-sharing and file-transfer traffic. To allow a specific range of ports in the
user role, refer the Microsoft Technet article which describes the port ranges used by Lync/Skype for Business
clients and servers.
Before media transmission, a Lync/Skype for Business client initiates a Session Traversal Utilities for NAT
(STUN) connectivity check. Sessions created by STUN are subjected to media classification that classifies the
media as Real-time Transport Protocol (RTP) or non-RTP. The firewall automatically allows the RTP session on
the switch and denies the non-RTP sessions. For the switch to accept STUN messages, you must allow ICE-
STUN based firewall traversal on the switch and allow UDP 3478 and TCP 443 ports in the user role.
AOS-W 6.5.3.x | User Guide Voice and Video | 949
To Next Page
Loading...