Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.
06-20-2018 12:45 PM
We encountered with the problem of Skype for Business application , it needs to say
that all another applications are working well, but after migration from Cisco ASA to
PA-820 we saw only tcp-rst-from-server message from remote server to local server for
Skype or for clients too without of local server... no matter what.. it's very
strange behaviour , as soon as we put again Cisco ASA in the place back , all starting
working fine..
06-20-2018 01:40 PM
Hello,
Skype is a major pain. What we found is that it needs a lot of apps and even some on non-standard ports.
That is what we have setup from external to our internal edge/arr servers.
Hope that helps.
06-20-2018 02:11 PM
Do we need allow these apps and services from outside to inside traffic?
06-20-2018 03:10 PM
Honestly it depends on where you are allowing traffic to/from. However this is what we found to allow federation to other companies lync/skyp servers.
06-22-2018 10:04 AM
But we have allow any any rules.
So i guess allow any any must work in such situation
06-22-2018 10:34 AM
Hello,
What we found was that some of hte applications were using non standard ports. So on your any any rules, make sure to set the Service to ANY as well instead of hte Application-Default'
Regards,
06-28-2018 01:24 AM
yes we did it
it is any any
07-01-2018 12:48 PM
Was this ASA to PA migration a 1:1 migration or are there little topoligy / routingchanges? The skype telated DNS entries are also sometimes leading to problems. For example some time ago I was troubleshooting a situation where skype calls/conferences to external partners simpliy did not work and as always everyone thought the firewall is the problem ... till we found a wrong DNS entrie which made the clients in the internal network think they are external, so skype was trying to connect to the external IP of the skype edge server where the result was the connection did not work ... after the DNS entry was deleted (this one should only be available from external) everything was working fine ...
07-02-2018 01:05 AM
Skype for business in my opinion, is not fit for purpose. It may be fine in a small business that does not care about securoity and allows any old connection in and out. But in this modern world of security it requires so many services, ports, kludges and workarounds that it makes it unreliable and insecure.
Microsoft need to tidy it all up.
We just about have it working now.
Rob
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
