Firewall Settings
The following firewall changes are recommended to help ensure quality when using Skype4B.
Note that these recommendations apply to outbound traffic. We are not asking you to poke holes in your firewall.
IP |
Description |
Ports |
| 205.196.169.141 205.196.169.142 205.196.169.154 205.196.169.165 205.196.169.47 205.196.169.48 205.196.173.30 205.196.173.31 205.196.173.32 205.196.173.32 205.196.173.33 205.196.173.34 205.196.173.35 205.196.173.35 205.196.173.43 205.196.173.46 205.196.173.49 205.196.173.55 205.196.174.32 205.196.174.35 205.196.174.43 205.196.174.46 205.196.174.49 205.196.174.55 63.128.106.132 63.128.106.135 63.128.106.143 63.128.106.146 63.128.106.149 63.128.106.155 67.213.189.101 67.213.189.104 67.213.189.107 67.213.189.110 67.213.189.131 67.213.189.132 67.213.189.141 67.213.189.142 67.213.189.148 67.213.189.149 67.213.189.155 67.213.189.156 67.213.189.162 67.213.189.163 67.213.189.26 67.213.189.29 67.213.189.32 67.213.189.73 67.213.189.76 67.213.189.79 67.213.189.89 67.213.189.92 67.213.189.95 67.213.189.98 |
SIP | TCP: 443, 4443, 5061, 5269 |
| 205.196.169.145 205.196.169.146 205.196.169.168 205.196.169.169 205.196.169.51 205.196.169.52 205.196.173.34 205.196.173.37 205.196.173.42 205.196.173.43 205.196.173.44 205.196.173.45 205.196.173.45 205.196.173.46 205.196.173.47 205.196.173.48 205.196.173.51 205.196.173.57 205.196.174.34 205.196.174.37 205.196.174.45 205.196.174.48 205.196.174.51 205.196.174.57 63.128.106.134 63.128.106.137 63.128.106.145 63.128.106.148 63.128.106.151 63.128.106.157 67.213.189.100 67.213.189.103 67.213.189.106 67.213.189.109 67.213.189.112 67.213.189.135 67.213.189.136 67.213.189.145 67.213.189.146 67.213.189.152 67.213.189.153 67.213.189.159 67.213.189.160 67.213.189.166 67.213.189.167 67.213.189.28 67.213.189.31 67.213.189.34 67.213.189.75 67.213.189.78 67.213.189.81 67.213.189.91 67.213.189.94 67.213.189.97 |
Audio/Video | TCP: 443; 40000-65535/UDP: 3478; 40000-65535 |
| 205.196.169.143 205.196.169.144 205.196.169.166 205.196.169.167 205.196.169.51 205.196.169.52 205.196.173.33 205.196.173.36 205.196.173.36 205.196.173.37 205.196.173.38 205.196.173.39 205.196.173.40 205.196.173.41 205.196.173.44 205.196.173.47 205.196.173.50 205.196.173.56 205.196.174.33 205.196.174.36 205.196.174.44 205.196.174.47 205.196.174.50 205.196.174.56 63.128.106.133 63.128.106.136 63.128.106.144 63.128.106.147 63.128.106.150 63.128.106.156 67.213.189.102 67.213.189.105 67.213.189.108 67.213.189.111 67.213.189.133 67.213.189.134 67.213.189.143 67.213.189.144 67.213.189.150 67.213.189.151 67.213.189.157 67.213.189.158 67.213.189.164 67.213.189.165 67.213.189.27 67.213.189.30 67.213.189.33 67.213.189.74 67.213.189.77 67.213.189.80 67.213.189.90 67.213.189.93 67.213.189.96 67.213.189.99 |
Conferencing | TCP: 443 |
| 205.196.169.140 205.196.169.170 205.196.169.53 205.196.173.147 205.196.173.154 205.196.173.161 205.196.173.41 205.196.173.61 205.196.173.62 205.196.173.63 205.196.174.41 205.196.174.61 205.196.174.62 205.196.174.63 63.128.106.141 63.128.106.161 63.128.106.162 63.128.106.163 67.213.189.130 67.213.189.140 67.213.189.147 67.213.189.154 67.213.189.161 67.213.189.39 67.213.189.45 67.213.189.48 67.213.189.49 67.213.189.50 67.213.189.51 |
Web Services | TCP: 80, 443 |
| There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where media passes directly from one user to the other. | Client to Client Application Sharing | TCP: 42000-42039 / UDP: 42000-42039 |
| There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where the file passes directly from one user to the other. | Client to Client File Sharing | TCP: 42040-42079 / UDP: 42040-42079 |
| There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where media passes directly from one user to the other. | Client Media | TCP: 5350-5389 / UDP: 5350-5389 |
|
205.196.172.152 |
Hardware Phone Firmware Updates: Polycom, Yealink | TCP: 80, 443, 20, 21, 7000-8000 |
- It is recommended to also whitelist the domain ct950.com on your network as well as specifying the IP addresses
- Another more flexible approach would be to simply whitelist the following networks since we can and will add servers over time to multiple locations.
- 205.196.169.0/24
- 205.196.173.0/24
- 205.196.174.0/25
- 67.213.189.0/24
- 63.128.106.128/26
- If a "Sonic Firewall" or other is being used with "DPI" Deep Packet Inspection, it is recommended to disable this feature for Voice Traffic. All Skype traffic is Encrypted Data traffic and this feature isn't necessary, also it will interfere with Skype/Voice services and cause QOS issues.
- If your router is not configured for the new traffic protocols that Skype for Business (Lync) will introduce to your network, you could experience packet loss, dropped calls and jitter. You must make sure that SIP inspection or SIP ALG (Application level gateway) are disabled on your routers and firewalls to prevent this from happening. You may need to contact your ISP to have this done, but make sure this is completed prior to deployment. These features in routers are intended to block SIP traffic and will interfere with Skype for Business (Lync) communications.
- It is also recommended to turn of any sort of Certificate Decryption for traffic destined to the IP ranges listed above.