1. Firewall set up

The communication of the Skype for Business client (pc client, mobile client, phone etc.) is always initial client-to-server. The corresponding response of Skype for Business platform has to be allowed (stateful inspection).

 

Plattform PortProtocol Remark
80TCPHTTPAutodiscover service for new clients or phones
443TCPHTTPS, SIP/TLS, PSOM/TLS, ICEService for voice, video, conferencing, file sharing, access to management portals
3478UDPSTUN
50.000- 59.999UDP/TCPSRTP, RTCP Media streams for voice, video

We strongly advise against so-called deep packet inspection, or application level gateways, as these are not Skype for Business compatible in general and the communication between client and EBC platform can partially or completely disrupt.

The Skype for Business client uses the port range 1024-65535 as source port of communication. In local network segments the communication can be done directly between Skype for Business cClients (peer-to-peer voice/video) without using the Skype for Business platform as a relay.

 

IP address spaces

The Skype for Business platform is operated in the following networks. The Unlocks named above have to be set up for these networks.

 

subnetmaskRemark
217.170.178.128/26255.255.255.192Subnet 1 (AS ITENOS)
79.171.89.0/25 255.255.255.128 Subnet 2 (AS ITENOS)