Skype SIP 5061 port allow

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Skype SIP 5061 port allow

L0 Member


I have Skype for Business Edge server, it has DMZ private IP and translated to Public NAT IP. This IP should open TCP-5061 Port to Internet and we opened. It seems traffic is passing correctly. But in real, when i do telnet test, it's fail.

It's not about destination side. At destination side, TCP-5061 is open and accessible.

People say; So in summary if you are using Checkpoint Firewalls, the default rule of SIP 5061 will do layer 7 inspection of SIP and will not work with Lync/Skype.  You need to ensure that you create a standard port of TCP 5061 on your perimeter firewall.

But i'm not sure it might be happen also for Pala Alto





Cyber Elite
Cyber Elite

the palo alto networks firewall is application aware, so telnet will not be allowed through unless you add it to a security policy

You don't need to go about creating app overrides etc, you simply need to allow the protocols you wish to use in the security policy


Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thanks for answer.


But telnet is allowed. I did telnet test over 443 port to the same destination IP. It seems open. But 5061 doesn't work.

You can also check.

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!