Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 25345 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Skype For Business

EinarEliassen

Can anyone please explain how I enable the cloud based Skype For Business on UTM 9 ?

Its working internally, but when I try to contact or add external contacts it doesnt work.

I have tried to open up the ports in the firewall, but I still see port 5060 being blocked as it hits the WAN IPs.

I think the problem is that I cant get the NAT rules to work.

If anyone has this working in their environment, please give me a quick write-up on how to make it work :)



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to BAlfson

    I'm not sure. I will try this when back at the office.

    But my problem is that the packets are being dropped by fw rule 60001.

    And I think I have to make a DNAT rule that sends the trafic to the user, but I cant add the network segment they are on, just "Active Directory Users", which I'm not sure is working.

    I may slip into the office tomorrow to try things out.

    Cibus

Children
  • 0 in reply to EinarEliassen

    I think you don't need a DNAT rule (for client) but you do need a firewall rule:

    Source: Internal (Network)
    Services: SIP over SSL (port 5061)
    Destinations: Internet (IPv4)

    Action: Allow

    You may also need to open additional TCP/UDP ports for Audio and Video range and STUN (UDP port 3478).

    See https://technet.microsoft.com/en-us/library/gg398833.aspx for more info.

  • 0 in reply to apijnappels

    I think I have it sorted now.

    I have enabled SIP protocol support, added ANY in server networks and put our internal client network under SIP Client networks.

    Dont have any firewall rules, I disabled the mess I had tried to make work.

    Running on DNAT rules only and it works.

    I think I may need to open additional ports, will have to try all aspects of Skype to be sure. (Presenting etc)

  • 0 in reply to EinarEliassen

    Not sure why you would need to DNAT to a "User Group Network"  I believe you are herewith forwarding incoming packets from the internet to clients authenticated to your UTM. 

    This is really strange, since the User Group Network could very easily translate to multiple IP-addresses where a DNAT rule can only forward to a single address.

    Perhaps you can explain in more detail your setup of who needs to connect to who and where is your Skype for Business server located.