How to open outbound firewall ports in UC520

adamvayle · ‎08-16-2011

I use a UC520 as my router, DHCP server and have NAT and the firewall turned ON. I need to open some external ports in the firewall for Microsoft Lync, specifically:

Ports Needed Open in External Firewall

Port	Protocol	Direction	Usage
443	STUN/TCP	Outbound	Audio, video, and application sharing sessions
443	PSOM/TLS	Outbound	Data sharing sessions
3478	STUN/UDP	Outbound	Audio and video sessions
50000-59999	RTP/UDP	Outbound	Audio and video sessions

Is there a way to do this in the UC520? There are NO other routers between the UC520 and the Internet. I only need the ports to be OUTBOUND, i.e. open going from the LAN to the WAN (or Internet).

Thanks,

Adam Vayle

b_rasheed · ‎08-16-2011

There are two methods:

1. this will open any ports on the destination device

ip nat inside source static

2. this will open per tcp/udp port

ip nat inside source static tcp 443 443

pierrescotland · ‎08-17-2011

I think by default you'll find all outbound traffic is allowed anyway, I usually do not use the ethernet WAN port, but I'm pretty sure this is the case. What the above post opens up is Inbound static NAT, which is not what you're looking for I believe.

Are you receiving an error when running Lync?

adamvayle · ‎08-17-2011

I am getting the following error when trying to login to Lync:

"Cannot sign in to Lync. There was a problem acquiring a personal certificate required to sign in. "

I wanted to make sure I had the right ports open before contacting Microsoft support. I was thinking all outbound ports might be open by default, but wasn't sure. Can anyone confirm this?

Thanks.

pierrescotland · ‎08-17-2011

The error you're getting does not seem firewall-related anyway, try this:-

to fix it would be to go under the " Admin " Page, Then "Users" under management, Then click on the box of the users name, Click on License and Uncheck the "Lync" Box , Save then go back to the same user and then re-apply the "lync" license. It should re-create a lync account for that user. Now after you do that you need to give it about 5 to 10 mins, best way to tell to try it would be to look under the "More" Option and you'll see the lync "Change user settings" go from grey to blue, meaning that the user account has been established and is reay for config

David Trad · ‎08-17-2011

Hi Adam,

I know you have already got some wonderful posts, I thought I would throw in a CCA mix on this, if you use CCA to do this it is a seamless process and it will not only configure the NAT it can help you with any Firewall Settings and in some cases even with NAT applied you might still need to make sure there are some ACL's in place (Depending on what it is you are doing).

Have a look at this screen shot of NAT configuration in CCA 3.1.1:

It is quite a simple process to use CCA and there is some pretty good control as to how it needs to work.

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *

adamvayle · ‎08-18-2011

Thanks to everyone for their replies. Interestingly, Lync suddenly started working all by itself. I hadn't even made any changes to the UC520 yet. So, it looks like it was a Microsoft Lync server problem in the cloud. I guess this means the outbound ports are open by default.