I have Lync 2010 Standard deployed in my environment, along with an edge server. On my firewall I have NAT'd the public address(s) to the server. Right now I have all the ports opened for these addresses to work, but now I want to lock this down for security concerns. Is there a complete list of ports that Lync needs opened in order to work properly? I used the port numbers on the Lync Manual, but it was still blocking audio/video after I entered them into the FW. Any assistance from anyone who has set this up previously would be much appreciated.
Lync Edge Server Ports – Ports Used for Lync Edge Server
firewalllync
Best Answer
I have a similar setup to you, and here's what I'm doing and everything works:
External IP1, Port 80/TCP is NAT/PAT to Standard server port 8080/TCP External IP1, Port 443/TCP is NAT/PAT to Standard server port 4443/TCP
Since you're not using a TMG server, your firewall must do port translation so that external requests hit the correct site in IIS on your Standard (frontend) server.
External IP2, 443/TCP, 5061/TCP, 3478/UDP, TCP/UDP 50000-59999 Static NAT to Edge server, no port translation
Firewall rules permit the Edge server to talk to the standard edition frontend server.
I'd have to go back and look at my topology, but I believe I used separate URLs and IPs for each of the different services/media. Most of the Lync headaches are in the DNS misconfigurations, sometimes it won't accept CNAMES where you need A records, and vice versa.
If you're going to have a lot of clients (more than 100) than you probably should use a TMG or "insert reverse proxy here" to protect your frontend.
The image below may help you, as will the source that drew it:
http://ucken.blogspot.com/2011/07/configuring-lync-for-external-access.html