Firewall configuration for Skype for Business/Lync
Managing Firewall and bandwidth
Last updated October 20, 2021From July 31st 2021, Skype for Business Online is no longer supported by Microsoft, and therefore integrating Skype for Business Online with StarLeaf is no longer possible. For the best messaging, meeting, and calling experience, download StarLeaf for desktop and mobile .
The information on this page is relevant to the Skype for Business on-premise versions only.
For each StarLeaf domain you wish to call, ensure your firewall allows traffic to/from the organization’s <organization name>.call.sl domain in the following tables. This assumes you have a deployment where the ports 50,000 – 59,999 are used for media. If your firewall requires you to use IP addresses rather than DNS names, contact StarLeaf Support for the IP addresses. These port requirements are for connections, not for packet data.
Inbound port requirements
| Type | StarLeaf side (source) | Edge server (destination) | Reason |
|---|---|---|---|
| TCP | Ephemeral (1024-65535) | 5061 | Call signaling |
Outbound port requirements
| Type | Edge server (source) | StarLeaf side (destination) | Reason |
|---|---|---|---|
| TCP | Ephemeral (1024-65535) | 5061 | Call signaling |
| UDP* | 50000-59999 | 50000-59999 | Audio/video media |
| TCP | 50000-59999 | 50000-59999 | Audio/video and screen-share media |
*Recommended for best user experience, but not strictly necessary.
Microsoft Lync Server
Note that there is additional information about Microsoft Lync Server in How to use StarLeaf with Microsoft Lync Server.
For each StarLeaf domain you wish to call, ensure your firewall allows traffic to/from the organization’s <organization name>.call.sl domain in the following tables. This assumes you have a deployment where the ports 50,000 – 59,999 are used for media. If your firewall requires you to use IP addresses rather than DNS names, contact StarLeaf Support for the IP addresses. These port requirements are for connections, not for packet data.
Inbound port requirements
| Type | StarLeaf side (source) | Edge server (destination) | Reason |
|---|---|---|---|
| TCP | Ephemeral (1024-65535) | 5061 | Call signaling |
Outbound port requirements
| Type | Edge server (source) | StarLeaf side (destination) | Reason |
|---|---|---|---|
| TCP | Ephemeral (1024-65535) | 5061 | Call signaling |
| UDP* | 50000-59999 | 50000-59999 | Audio/video media |
| TCP | 50000-59999 | 50000-59999 | Audio/video and screen-share media |
*Recommended for best user experience, but not strictly necessary.
Communication with StarLeaf
For each StarLeaf domain you wish to call, ensure your firewall allows traffic to/from the organization’s <organization name>.call.sl domain on the following in the following tables. If your firewall requires you to use IP addresses rather than DNS names, contact StarLeaf Support for the IP addresses. The following requirements are for outbound connections. Your firewall should also allow packets to flow inbound on established and related connections.
Outbound port requirements
| From 365 Client | To StarLeaf Cloud | Reason |
|---|---|---|
| UDP 50000-50059 | UDP 50000-59999 | Audio/video media |
| TCP 50000-50059 | TCP 50000-59999 | Screen-share media |
This configuration allows media to flow directly to StarLeaf Cloud to provide the best experience for the end user. If this configuration isn’t applied, you need to follow step three carefully to allow media to flow via the 365 servers . If you opt to follow step three without also following the instructions in step two, be aware that the quality may not be as good.
Communication with 365 servers in the Cloud
Successful communication between your Skype for Business Online (Office 365) clients and the StarLeaf Cloud also relies on your firewall being correctly configured for communication between the clients and the 365 server in the cloud. This is extensively documented at:
Ensure that both UDP and TCP connectivity is allowed.