Skype for Business New IPs Needed For SSL Decryption

Reply
Highlighted
L1 Bithead

Skype for Business New IPs Needed For SSL Decryption

 Looks like there are some new IP addresses that need to be accounted for Skype for Business to work w/ SSL Decryption enabled.

 

Here is the MS link plus some of their verbiage, https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Updated-IP-ranges-and-ports-for-Skype...

 

  • New IP ranges: We already started to move the Skype for Business infrastructure to the following ranges. However, remember to open all IP ranges documented in Office 365 URLs and IP address ranges.
    • 13.107.64.0/18
    • 52.112.0.0/14

  • New ports: While this might take a little bit more time than the new IP ranges, we will leverage the following ports for media traffic in addition to the existing ports:
    • UDP 3479
    • UDP 3480
    • UDP 3481

 

A similar topic came up previously at the below link. 

https://live.paloaltonetworks.com/t5/General-Topics/No-SSL-Decrypt-Skype-for-Business-traffic/m-p/13...

 

I added the two ranges to not be decrypted and users were able to successfully authenticate to Skype thereafter. I saw in the normal monitored traffic tab that traffic was being permitted but nothing was super obvious that it was a SSL Decrypt issue. Hope this helps others out.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!