These Ports should be open from Client side to Server Side
Required Server Ports (by Server Role)
Server role
Service name
Port
Protocol
Notes
Front End Servers
Lync Server Front-End service
5060
TCP
Optionally used by Standard Edition servers and Front End Servers for static routes to trusted services, such as remote call control servers.
Front-End service
5061
TCP(TLS)
Used by Standard Edition servers and Front End pools for all internal SIP communications between servers (MTLS), for SIP communications between Server and Client (TLS) and for SIP communications between Front End Servers and Mediation Servers (MTLS). Also used for communications with Monitoring Server.
444
HTTPS
Used for communication between the Focus (the Lync Server component that manages conference state) and the individual servers.
135
DCOM and remote procedure call (RPC)
Used for DCOM based operations such as Moving Users, User Replicator Synchronization, and Address Book Synchronization.
Lync Server IM Conferencing service
5062
Used for incoming SIP requests for instant messaging (IM) conferencing.
Lync Server Web Conferencing service
8057
TCP (TLS)
Used to listen for Persistent Shared Object Model (PSOM) connections from client.
Web Conferencing Compatibility Service
8058
Used to listen for Persistent Shared Object Model (PSOM) connections from the Live Meeting client and previous versions of Communicator.
Lync Server Audio/Video Conferencing service
5063
Used for incoming SIP requests for audio/video (A/V) conferencing.
57501-65335
TCP/UDP
Media port range used for video conferencing.
Web Compatibility service
80
HTTP
Used for communication from Front End Servers to the web farm FQDNs (the URLs used by IIS web components) when HTTPS is not used.
Lync Server Web Compatibility service
443
Used for communication from Front End Servers to the web farm FQDNs (the URLs used by IIS web components).
Lync Server Conferencing Attendant service (dial-in conferencing)
5064
Used for incoming SIP requests for dial-in conferencing.
5072
Used for incoming SIP requests for Microsoft Lync 2010 Attendant (dial in conferencing).
Front End Servers that also run a Collocated Mediation Server
Lync Server Mediation service
5070
Used by the Mediation Server for incoming requests from the Front End Server to the Mediation Server.
5067
Used for incoming SIP requests from the PSTN gateway to the Mediation Server.
5068
5081
Used for outgoing SIP requests from the Mediation Server to the PSTN gateway.
5082
Lync Server Application Sharing service
5065
Used for incoming SIP listening requests for application sharing.
49152-65335
Media port range used for application sharing.
Lync Server Conferencing Announcement service
5073
Used for incoming SIP requests for the Lync Server Conferencing Announcement service (that is, for dial-in conferencing).
Lync Server Call Park service
5075
Used for incoming SIP requests for the Call Park application.
Audio Test service
5076
Used for incoming SIP requests for the Audio Test service.
Not applicable
5066
Used for outbound Enhanced 9-1-1 (E9-1-1) gateway.
Lync Server Response Group service
5071
Used for incoming SIP requests for the Response Group application.
8404
TCP (MTLS)
Lync Server Bandwidth Policy Service
5080
Used for call admission control by the Bandwidth Policy service for A/V Edge TURN traffic.
448
Used for call admission control by the Lync Server Bandwidth Policy Service.
Front End Servers where the Central Management store resides
CMS Replication service
445
Used to push configuration data from the Central Management store to servers running Lync Server.
All internal servers
Various
49152-57500
Media port range used for audio conferencing on all internal servers. Used by all servers that terminate audio: Front End Servers (for Lync Server Conferencing Attendant service, Lync Server Conferencing Announcement service, and Lync Server Audio/Video Conferencing service), and Mediation Server.
Directors
Optionally used for static routes to trusted services, such as remote call control servers.
Used for internal communications between servers and for client connections.
Mediation Servers
Used by the Mediation Server for incoming requests from the Front End Server.
Used for incoming SIP requests from the PSTN gateway.
Used for SIP requests from the Front End Servers.
These Ports should be open from Server side to Client Side
Required Client Ports
Component
Clients
67/68
DHCP
Used by Lync Server 2010 to find the Registrar FQDN (that is, if DNS SRV fails and manual settings are not configured).
Used for client-to-server SIP traffic for external user access.
TCP (PSOM/TLS)
Used for external user access to web conferencing sessions.
TCP (STUN/MSTURN)
Used for external user access to A/V sessions and media (TCP)
3478
UDP (STUN/MSTURN)
6891-6901
Used for file transfer between Lync 2010 clients and previous clients (clients of Microsoft Office Communications Server 2007 R2, Microsoft Office Communications Server 2007, and Live Communications Server 2005).
1024-65535 *
Audio port range (minimum of 20 ports required)
Video port range (minimum of 20 ports required).
Peer-to-peer file transfer (for conferencing file transfer, clients use PSOM).
Application sharing.
Microsoft Lync 2010 Phone Edition for Aastra 6721ip common area phone Microsoft Lync 2010 Phone Edition for Aastra 6725ip desk phone
Microsoft Lync 2010 Phone Edition for Polycom CX500 common area phone
Microsoft Lync 2010 Phone Edition for Polycom CX600 desk phone
Used by the listed devices to find the Lync Server 2010 certificate, provisioning FQDN, and Registrar FQDN.
Greate work!
Congratulation
Only some of these ports need to be opened client-to-server. The others are used for server-to-server communication only. The above list from the TechNet documentation is not very clear about the differences in many ways.
Do you know if there's a way to configure clients to use a specific range of ports for peer to peer communication? In a full VPN scenario for example (with no edge deployment) and a firewall between the external and internal client it will attempt to use anything from 1024-65535. It states that it requires a minimum of 20 ports but how can you restrict this?
Sorry disregard, CsConferencingConfiguration is used to do this.