Skype for Business problem after migrating from ASA to PA-820

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Skype for Business problem after migrating from ASA to PA-820

L4 Transporter

We  encountered with the problem of Skype for Business application , it needs to say
that all another applications are working well, but after migration from Cisco ASA to
PA-820 we  saw only tcp-rst-from-server message from remote server to local server for
Skype or for clients too without of local server... no matter what..  it's very
strange behaviour , as soon as we put again Cisco ASA in the place back , all starting
working fine..

8 REPLIES 8

Cyber Elite
Cyber Elite

Hello,

Skype is a major pain. What we found is that it needs a lot of apps and even some on non-standard ports.

 

image.pngimage.pngimage.pngimage.png

 

That is what we have setup from external to our internal edge/arr servers. 

 

Hope that helps.

Do we need allow these apps and services from outside to inside traffic?

Honestly it depends on where you are allowing traffic to/from. However this is what we found to allow federation to other companies lync/skyp servers.

 

https://support.starleaf.com/managing/cloud/firewall-and-bandwidth-information/firewall-configuratio...

 

 

But we have allow any any rules.

So i guess allow any any must work in such situation

Hello,

What we found was that some of hte applications were using non standard ports. So on your any any rules, make sure to set the Service to ANY as well instead of hte Application-Default'

 

image.png

 

Regards,

yes we did it

it is any any

@Radmin_85

Was this ASA to PA migration a 1:1 migration or are there little topoligy / routingchanges? The skype telated DNS entries are also sometimes leading to problems. For example some time ago I was troubleshooting a situation where skype calls/conferences to external partners simpliy did not work and as always everyone thought the firewall is the problem ... till we found a wrong DNS entrie which made the clients in the internal network think they are external, so skype was trying to connect to the external IP of the skype edge server where the result was the connection did not work ... after the DNS entry was deleted (this one should only be available from external) everything was working fine ...

Skype for business in my opinion, is not fit for purpose. It may be fine in a small business that does not care about securoity and allows any old connection in and out. But in this modern world of security it requires so many services, ports, kludges and workarounds that it makes it unreliable and insecure.

 

Microsoft need to tidy it all up.

 

We just about have it working now.

 

Rob

  • 3387 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!