We encountered with the problem of Skype for Business application , it needs to say
that all another applications are working well, but after migration from Cisco ASA to
PA-820 we saw only tcp-rst-from-server message from remote server to local server for
Skype or for clients too without of local server... no matter what.. it's very
strange behaviour , as soon as we put again Cisco ASA in the place back , all starting
Skype is a major pain. What we found is that it needs a lot of apps and even some on non-standard ports.
That is what we have setup from external to our internal edge/arr servers.
Hope that helps.
Honestly it depends on where you are allowing traffic to/from. However this is what we found to allow federation to other companies lync/skyp servers.
What we found was that some of hte applications were using non standard ports. So on your any any rules, make sure to set the Service to ANY as well instead of hte Application-Default'
Was this ASA to PA migration a 1:1 migration or are there little topoligy / routingchanges? The skype telated DNS entries are also sometimes leading to problems. For example some time ago I was troubleshooting a situation where skype calls/conferences to external partners simpliy did not work and as always everyone thought the firewall is the problem ... till we found a wrong DNS entrie which made the clients in the internal network think they are external, so skype was trying to connect to the external IP of the skype edge server where the result was the connection did not work ... after the DNS entry was deleted (this one should only be available from external) everything was working fine ...
Skype for business in my opinion, is not fit for purpose. It may be fine in a small business that does not care about securoity and allows any old connection in and out. But in this modern world of security it requires so many services, ports, kludges and workarounds that it makes it unreliable and insecure.
Microsoft need to tidy it all up.
We just about have it working now.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!