• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Dears,

I found in another post on this forum the FW ports list for the integration between a Lync environment and a RMX.

 

In the list of ports they mentioned:

 Source IP                      Destination IP                                    Destination Port

 RMX (Media cards)     Lync Edge Server Internal  NIC       49152 - 65535

 

I don't understand why we need to open these ports from the RMX to the internal NIC of the Edge server as the Edge server is not listening on these ports on his internal interface.

 

It's not very clear for me.

 

Regards,

 

Michaël

5 REPLIES 5
HP Recommended

Micheal,

 

If you did a port scan on either the RMX media or the internal Lync Edge interface IP address, the RTP ports would not be listening. These are ports are only used when an RTP stream is in use. The ports are cumulative so as the number of RTP streams are increased, the ports are consumed as listed in the range.

 

The important takeaway is that the RMX RTP port range is not the same as the port range for the Lync Edge server. so you may need to make some adjustments on your firewall(s) if you only followed the port ranges as defined by Microsoft.

 

S.

HP Recommended

Dear simons,

 

if we are looking to the ports of the internal interface of the edge server it is not listening on the media ports "required".

see Edge ports + attachment

 

A normal internal Lync client will use: ICE -- STUN for media.

This means that  it will use tcp port 443 & udp port 3478 for direct communication with the edge server.

As the RMX is also an internal server it will be logic that he will use the same procedure to communicate with the edge server.

 

the port range 50000-59999 is "open" on the external interface of the edge server. i'm agree that he is listening on these ports on his external interface.

But for secuity reason it's not possible to communicate with the internal RMX server direclty with the external interface of the edge server.

 

Hoping you understand my arguments.

 

Regards,

 

Michaël

HP Recommended

Michaël,

 

I agree with your comments. The RMX acts like a Lync client in our solution. What is missing from the diagram is the RTP stream from the internal Edge interface to the LAN. The edge acts like a proxy for the media streams. It does not make sense for an internal device like the RMX to communicate directly to the External Edge interface. I have seen this in cases where there were issues connecting remote Lync clients. In this example, the network was not configured correctly and was routing the traffic through the customer's firewall instead of the through the Lync Edge.

 

S.

HP Recommended

The diagram also does not represent the complete architecture as evident by only having arrows pointing out to the Lync edge. On another page, there is the following.

 

http://technet.microsoft.com/en-us/library/jj618373.aspx

 

A/V/RTP/TCP/50,000-59,999

Edge Server Access interface

Live Messenger clients

Used for A/V sessions with Windows Live Messenger if public IM connectivity is configured.

 

While this does not specifiy the Lync Edge interface directly, we have always operated under the assumption this was both outbound and inbound specifically for media transversal. Ports 443 and 3478 deal with candiate (lync client) IP discovery mechanisms, as you pointed out before in STUN/TURN operations. However this is different with respect to media which is listed in the above table.

 

I hope this helps...

 

S.

HP Recommended

Update: I spoke with one of my co-workers on this topic. He made the following statement which adds some clearity to this topic.

 

In a Lync Edge to Lync Edge federated scenario, they are absolutely correct and 3478 would handle ICE candidacy and RTP media transversal just fine.  In our case with RMX federation with Lync Edge, the port requirements would be similar to the RTP UDP requirements when a Lync Edge is federated with a partner's OCS Edge.  Like with OCS federation, RMX requires that the RTP UDP port ranges used by RMX be allowed.  We still use 3478 on the RMX but not for Media. 

 

Thanks,

 

S.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.