When deploying a Skype for Business Edge Server, fulfilling the network requirements is absolutely essential and sometimes challenging. Microsoft has an article describing that for Edge Servers quite fine (https://docs.microsoft.com/en-us/lyncserver/lync-server-2013-port-summary-single-consolidated-edge-with-public-ip-addresses). I put these now in a little graphic with colorized table.
SfB Edge Port Overview
SfB Edge Port Table
| Edge External | |||||
|---|---|---|---|---|---|
| Source | Destination | Direction | Destination Port | Protocol | Description |
| Any | Edge Access IP | Inbound | 443 | TCP | Client to Server SIP traffic for external User access |
| 5061 | TCP | For federated and public IM connectivity using SIP | |||
| Edge Access IP | Any | Outbound | 80 | TCP | CRL |
| 53 | TCP / UDP | DNS TCP / UDP | |||
| 443 | TCP | Skype Directory Search | |||
| 5061 | TCP | For federated and public IM connectivity using SIP | |||
| Any | Edge Webconf IP | Inbound | 443 | TCP | Web conferencing media |
| Any | Edge A/V IP | Inbound | 3478 | UDP | STUN/TURN negotiation of candidates over UDP on port 3478 |
| 443 | TCP | STUN/TURN negotiation of candidates over TCP on port 443 | |||
| Edge A/V IP | Any | Outbound | 3478 | UDP | STUN/TURN negotiation of candidates over UDP on port 3478 |
| 443 | TCP | STUN/TURN negotiation of candidates over TCP on port 443 | |||
| 50000 – 59999 | TCP / UDP | This is used for relaying media traffic | |||
| Edge Internal | |||||
| Source | Destination | Direction | Destination Port | Protocol | Description |
| Any | Edge Internal IP | Inbound | 5061 | TCP | Outbound SIP traffic from your Director, Director pool, Front End Server or Front End pool to your Edge Server internal interface. |
| 8057 | TCP | Web conferencing traffic from your Front End Server or each Front End Server (if you have a Front End pool) to your Edge Server internal interface | |||
| 5062 | TCP | Authentication of A/V users from your Front End Server or Front End pool, or your Survivable Branch Appliance or Survivable Branch Server, using your Edge Server. | |||
| 4443 | TCP | Replication of changes from your Central Management store to your Edge Server. | |||
| 50001 – 50003 | TCP | Centralized Logging Service controller using Skype for Business Server Management Shell and Centralized Logging Service cmdlets, ClsController command line (ClsController.exe) or agent (ClsAgent.exe) commands and log collection. | |||
| Edge Internal IP | Any | Outbound | 5061 | TCP | Inbound SIP traffic to your Director, Director pool, Front End Server, or Front End pool from your Edge Server internal interface. |
| Edge Internal IP | DNS Server | Outbound | 53 | TCP / UDP | DNS TCP / UPD |
| Any | Edge Internal IP | Inbound | 3478 | UDP | Preferred path for A/V media transfer between your internal and external users and your Survivable Branch Appliance or Survivable Branch Server. |
| 443 | TCP | Fallback path for A/V media transfer between your internal and external users and your Survivable Branch Appliance or Survivable Branch Server, if UDP communication doesn’t work. TCP is then used for file transfers and desktop sharing. | |||
Remarks:
- I left away XMPP as it’s no longer supported with Skype for Business 2019
- Edge Access IP Outbound to 443 (Skype Directory Search) is not mentioned anymore in Microsoft port summary list but is referred in the SfB Protocol Workloads Overview.
- Edge Internal to DNS is not listed in Microsoft port summary, you can use here DNS or you can use Host file entries to resolve necessary systems.
- If you find any mistake or have questions feel free to comment.
