Skype SIP 5061 port allow

Reply
L0 Member

Skype SIP 5061 port allow

Hi,

I have Skype for Business Edge server, it has DMZ private IP and translated to Public NAT IP. This IP should open TCP-5061 Port to Internet and we opened. It seems traffic is passing correctly. But in real, when i do telnet test, it's fail.

It's not about destination side. At destination side, TCP-5061 is open and accessible.

People say; So in summary if you are using Checkpoint Firewalls, the default rule of SIP 5061 will do layer 7 inspection of SIP and will not work with Lync/Skype.  You need to ensure that you create a standard port of TCP 5061 on your perimeter firewall.

But i'm not sure it might be happen also for Pala Alto

 

image.pngimage.png

 

Tags (4)
Community Manager

Re: Skype SIP 5061 port allow

the palo alto networks firewall is application aware, so telnet will not be allowed through unless you add it to a security policy

You don't need to go about creating app overrides etc, you simply need to allow the protocols you wish to use in the security policy

 


Help the community: Like helpful comments and mark solutions
Reaper out
L0 Member

Re: Skype SIP 5061 port allow

Thanks for answer.

 

But telnet is allowed. I did telnet test over 443 port to the same destination IP. It seems open. But 5061 doesn't work.

You can also check.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!