Export (0) Print
Expand All

Set up your network for Lync Online

 

Topic Last Modified: 2013-10-17

Set up your network for Lync Online by configuring your external firewall or proxy server to allow Lync traffic. If you’re using your own domain name, add Lync CNAME and SRV records to your external DNS server. And if your firewall blocks external SRV queries, add Lync CNAME and SRV records to your internal DNS server as well.

To configure your firewall or proxy server for Lync Online
  1. Open the following ports in your organization’s external firewalls and reverse proxy servers.

     

    Port Protocol Direction Usage

    443

    STUN/TCP

    Outbound

    Audio, video, and application sharing sessions

    443

    PSOM/TLS

    Outbound

    Data sharing sessions

    3478

    STUN/UDP

    Outbound

    Audio and video sessions

    5223

    TCP

    Outbound

    Lync Mobile push notifications

    50000-50019

    RTP/UDP

    Outbound

    Audio

    50020-50039

    RTP/UDP

    Outbound

    Video

    50040-50059

    TCP

    Outbound

    Application sharing and file transfer

    noteNote:
    Individual computers are automatically configured for Lync Online network traffic when Lync is installed.
  2. Create a rule that allows outgoing connections (TLS and HTTPS) for all users to these locations:

    • *.microsoftonline.com
    • *.microsoftonline-p.com
    • *.onmicrosoft.com
    • *.sharepoint.com
    • *.outlook.com
    • *.lync.com
    • evsecure-ocsp.verisign.com
    • evsecure-aia.verisign.com
    • evsecure-crl.verisign.com

    Set the HTTP/SSL time-out value to eight hours.

To configure external domain name settings
  1. If you’re using your own domain name with Office 365, add the following CNAME and SRV entries to your DNS server:

    Lync desktop client autodiscover

    Type Host name Destination TTL

    CNAME

    sip.yourDomainName.com

    sipdir.online.lync.com

    1 hour

    Lync mobile client autodiscover

    Type Host name Destination TTL

    CNAME

    lyncdiscover.yourDomainName.com

    webdir.online.lync.com

    1 hour

    Lync desktop autodiscover for anonymous (unauthenticated) users

    Type Service Protocol Port Weight Priority TTL Name Target

    SRV

    _sip

    _tls

    443

    1

    100

    1 hour

    yourDomainName.com

    sipdir.online.lync.com

  2. If your organization supports domain federation or public IM connectivity, add the following SRV record as well:

    Lync autodiscover for federation and public IM connectivity

    Type Service Protocol Port Weight Priority TTL Name Target

    SRV

    _sipfederationtls

    _tcp

    5061

    1

    100

    1 hour

    yourDomainName.com

    sipfed.online.lync.com

To configure internal domain name settings
  • If your organization’s Internet proxies or firewalls are configured to block external SRV queries, add the following CNAME and SRV entries to your internal DNS server:

    Lync autodiscover for desktop and mobile clients

    Type Host name Destination TTL

    CNAME

    sip.yourDomainName.com

    sipdir.online.lync.com

    1 hour

    CNAME

    lyncdiscoverinternal.yourDomainName.com

    webdir.online.lync.com

    1 hour

    Lync desktop autodiscover for anonymous (unauthenticated) users

    Type Service Protocol Port Weight Priority TTL Name Target

    SRV

    _sip

    _tls

    443

    1

    100

    1 hour

    yourDomainName.com

    sipdir.online.lync.com

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft