- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-11-2019 04:15 AM
Hi,
I have Skype for Business Edge server, it has DMZ private IP and translated to Public NAT IP. This IP should open TCP-5061 Port to Internet and we opened. It seems traffic is passing correctly. But in real, when i do telnet test, it's fail.
It's not about destination side. At destination side, TCP-5061 is open and accessible.
People say; So in summary if you are using Checkpoint Firewalls, the default rule of SIP 5061 will do layer 7 inspection of SIP and will not work with Lync/Skype. You need to ensure that you create a standard port of TCP 5061 on your perimeter firewall.
But i'm not sure it might be happen also for Pala Alto
07-11-2019 05:13 AM
the palo alto networks firewall is application aware, so telnet will not be allowed through unless you add it to a security policy
You don't need to go about creating app overrides etc, you simply need to allow the protocols you wish to use in the security policy
07-11-2019 05:27 AM
Thanks for answer.
But telnet is allowed. I did telnet test over 443 port to the same destination IP. It seems open. But 5061 doesn't work.
You can also check.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!