Determining which ports to open and what direction to allow Lync Server 2010 traffic to travel through your firewalls is an important task. Lync administrators need to determine firewall rules and provide this information to their security administrator counterparts. Although this information is readily available from Microsoft Lync Server 2010 product documentation library, the Lync Server 2010 Protocol Workloads Poster, and NextHop blog articles, it can be a tedious process to consume, synthesize, and share the information in a succinct way. The Lync Firewall Rules Viewer solves this problem.

Author: Rui Maximo, Thomas Binder

Publication date: July 3, 2012

Product version: Lync Server 2010

Lync Server 2010 uses multiple protocols (SIP, SDP, SRTP, SRTCP, PSOM, ICE, HTTPS, and so on) to establish communications between users over a variety of workloads (presence, IM, application sharing, Web conferencing, audio/video conferencing, dial-in conferencing, Enterprise Voice). Organizations usually adopt a defense in depth strategy to protect their resources and corporate information. Consequently, organizations deploy internal, as well as external, firewalls. This requires administrators to create rules that allow desired traffic through firewalls, while blocking all other network traffic. This presents a challenge. To help administrators determine which ports and protocols are required to let traffic through their internal and external firewalls, we’ve created the Lync Firewall Rules Viewer.

The Lync Firewall Rules Viewer is a Windows 7 application that visually illustrates the network traffic between any pair of server or client Lync endpoints. When the administrator selects a source endpoint in the left pane, the list of possible destination endpoints this source can communicate with is shown in the right pane (Figure 1).

Figure 1. Select the source endpoint in the left pane.

When a destination endpoint is selected, the list of required ports and protocol traffic are shown between these two endpoints (Figure 2). To view the list of ports and protocols of the traffic flow in the opposite direction, switch the destination and source endpoints. The grid at the bottom of the screen provides the details of each traffic flow, including links to additional information.

Figure 2. Select the destination endpoint in the right pane.

The Lync Firewall Rules Viewer is a logical extension of the Lync Server 2010 Protocol Workloads Poster and is driven by data located in an Excel source file. The source file was created by Thomas Binder and Bryan Nyce. The file details the ports and protocols required to deploy Lync Server 2010. Building the file was a tour de force in patience and attention to minute detail. Kudos to Thomas and Bryan! For maximum flexibility you can use the Excel spreadsheet directly. To update the viewer, just download the latest Excel file. This eliminates uninstalling and reinstalling a new version of the viewer.

This desktop application was cross-checked with the Lync Server 2010 Protocol poster and was reviewed by over ten Lync Server experts who provided feedback and bug reports. Thanks to all for your time and effort to make the viewer a reality.

I unveiled version 1.0 of the Lync Firewall Rules Viewer at TechEd North America 2012, and Thomas joined me to demo it at TechEd Europe 2012. The response from the audience by a show of hands was overwhelmingly positive. Several customers provided great suggestions for future enhancements that will be added in version 2.0.

You can download the Lync Firewall Rules Viewer from Microsoft Lync Solutions. To stay abreast of new developments of this application, please follow us on Twitter at @rui_maximo or @DrRez. DrRez keeps a finger on the pulse on all things Lync related.

Disclaimer: The viewer not supported under any Microsoft standard support program or service. The viewer is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

We hope you find this application useful in your work with Lync. Please use the Provide Feedback option in the application or contact us directly with bug reports, feature request, or just to tell us this application helped you deploy Lync. We would love to hear from you!

We want to recognize the contribution of the following reviewers who helped test the Lync Firewall Rules Viewer. Thank you!

Keith Hanna

Fabian Kunz

Pankaj Arya

Stefan Plizga

Jason Guo

Ramon Infante

Peter Seidel

Danny Cheung

Mariusz Ostrowski

Paul Brombley

Nick Smith

Alfred Masing

Rick Shire

Rajeev Krishnan

Jose Carlos Garcia Graña

Lync Server Resources

We Want to Hear from You