Ports and protocols Requirement for Exchange and Lync Server Deploy...

1 of 3

https://exchangequery.com/2014/10/25/ports-and-protocols-requirement-...

msexchangequery
Exchange Administration doesnt have to be hard

Ports and protocols Requirement for Exchange and

Lync Server Deployment
Exchange2010, Exchange2013, port
October 25, 2014
Leave a comment
Very often we might get confused in a new deployment project if we are running into multiple issues
and tasks. The most confusing part that we will often run into is the port requirements for
internal,external as well as related services.I have consolidated and prepared a document for the port
requirements for a new deployment of on-premise Lync and Exchange servers.
Lets have a look at the Lync server requirements rst
Following ports for the respective protocol and direction should be opened, for hassle free and full
featured Lync enabled User to function perfectly ne.
Port

Protocol

5060/5061

TCP/UDP

Direction
Bidirectional

1434

UDP

443

STUN/TCP

Outgoing

444

HTTPS/TCP

Bidirectional

443

PSOM/TLS

Outgoing

3478

STUN/UDP

Outgoing

5223

TCP

50000 59999

RTP/UDP

5067

TCP/TLS

57501-65535

TCP/UDP

8057,8058

TCP/TLS

Bidirectional

Outgoing
Outgoing
Bidirectional
Bidirectional
Bidirectional

Usage
For SIP
For SQL servers
Audio, video, application sharing sessions
Lync Front End server
Data sharing sessions
Audio, video sessions, Desktop Sharing
Lync Mobile pushes notications
Audio, video sessions
Incoming SIP requests for Mediation servers.
VideoConferencing
Front End Service

9/26/2016 3:25 PM

Ports and protocols Requirement for Exchange and Lync Server Deploy...

2 of 3

https://exchangequery.com/2014/10/25/ports-and-protocols-requirement-...

For remote access to work for IM and Presence, it is mandatory that SIP trac is allowed to ow
bi-directionally. Hence, Port needs to be allowed as follows:
Port 443 and 5061 from Internet to Access Edge External IP (bi-directional)
Port 5061 from Edge Internal IP to Internal Network (bi-directional)
Edge server should be accessible from the Internet over port 443, 3478 and 5061.
Reverse Proxy require Port 443 to be opened.
For a Mobile Access user who is outside the corporate network, the request hits the Reverse Proxy and is
then sent to the Front End pool or Director.No user level authentication is done on the reverse proxy.
Its always recommend to implement a Director Server Role for additional security.The Director is both
ooading the authentication and providing an extra layer of security against DoS a acks.
Director must be in the same subnet where the Front End Servers reside which will be in the Private
network. It should not be in the perimeter or DMZ.
Below will be the Flow of mobile application requests for Mobility Service :
All the External user Lync log in requests through mobile devices > will go through the reverse proxy
server > and it will go to the edge server > and hit the front end pool.
The Microsoft Lync Server gets user information from Auto-discover Service and then it returns all the
Web Services URLs for the users home pool, including the Mobility Service URLs.
Below are the list of additional features that require external access through a reverse proxy for users
accessing them externally.We need to think of validating them once the deployment is completed.
1) Enabling external users to download meeting content for any meetings.
2) Enabling external users to expand distribution groups.
3) Enabling remote users to download les from the Address Book service.
4) Accessing the Microsoft Lync Web App client.
5) Accessing the Dial-in Conferencing Se ings webpage.
6) Accessing the Location Information service.
7) Enabling external devices to connect to Device Update web service and obtain updates.
Now we will look into the port requirement for Exchange servers as well.
Port Requirements for Exchange On-premise Servers (Applies to Exchange2 2010 and 2013):
Port
25

Protocol

Direction

Usage

SMTP

Bidirectional

For Sending and receiving emails

50636

TCP

Bidirectional

From Hub to Edge and Vice Versa

135

TCP/RPC

80/443

HTTP/HTTPS

993

TCP

995/110

TCP

Outgoing
Bidirectional
Incoming
Incoming

HUB to Mailbox via MAPI

Autodiscover
IMAP
POP3(Any one of the port depends upon cong)

9/26/2016 3:25 PM

Ports and protocols Requirement for Exchange and Lync Server Deploy...

3 of 3

5075-5077
5061

TCP
TCP

Incoming
Outgoing

https://exchangequery.com/2014/10/25/ports-and-protocols-requirement-...

CAS to OCS Communications

CAS to OCS Communications

For OWA and Outlook Anywhere port 443 should be opened in rewall.
For IMAP port 993 should be opened in Firewall.Port 25 should be opened on Firewall for both internal
and external internet mail ow trac.
I think most of the port requirement for Lync and Exchange deployment have been added above. Feel
free to comment or correct me if anything needs to be added or corrected.
Also Refer h p://social.technet.microsoft.com/wiki/contents/articles/28141.ports-and-protocolsrequirement-for-exchange-and-lync-server-deployment.aspx (h p://social.technet.microsoft.com
/wiki/contents/articles/28141.ports-and-protocols-requirement-for-exchange-and-lync-serverdeployment.aspx)
References:
h p://technet.microsoft.com/en-us/library/gg398833.aspx (h p://technet.microsoft.com/en-us/library
/gg398833.aspx)
h p://technet.microsoft.com/en-us/library/bb331973.aspx (h p://technet.microsoft.com/en-us/library
/bb331973.aspx)
h p://support.microsoft.com/kb/2409256#VerifyNetworkRequirements (h p://support.microsoft.com
/kb/2409256#VerifyNetworkRequirements)
h p://support.microsoft.com/kb/2423848 (h p://support.microsoft.com/kb/2423848)
h p://technet.microsoft.com/en-us/library/gg425727 (h p://technet.microsoft.com/en-us/library
/gg425727)
Thanks
Sathish Veerapandian
MVP Exchange Server

Blog at WordPress.com.

9/26/2016 3:25 PM