General Bandwidth Guidelines
...
If your router is not configured for the new traffic protocols that Skype for Business will introduce to your network, you could experience packet loss, dropped calls and jitter.You must make sure that SIP inspection or SIP ALG (Application level gateway) are disabled on your routers and firewalls to prevent this from happening. You may need to contact your ISP to have this done, but make sure this is completed prior to deployment. These features in routers are intended to block SIP traffic and will interfere with Skype for Business communications.
Firewall Configuration
CLIENT to TVO365 (EXTERNAL)
Because the product is not housed in your internal network and IP setup, you will need to make sure that traffic traversing the firewall to the hosted Skype for Business Servers does not get blocked. You will need to add exceptions to the firewall for all Skype for Business Server IP addresses and allow for IPs and ports listed below:
| Purpose | Destination IP | Source Port | Destination Port |
| Session Initiation Protocol (SIP) Signaling | 95.211.37.68-73 | 49152 to 65535 | TCP: 443, 4443, 5061, 5269 |
| Persistent Shared Object Model (PSOM) Web Conferencing | 95.211.37.68-73 | 49152 to 65535 | 444 TCP |
| HTTPS downloads / Web services | 95.211.37.66 | 49152 to 65535 | TCP: 80; 443 |
| Audio | 95.211.37.68-73 | 50000 – 50019 UDP and TCP | TCP: 443; 50000-65535 UDP: 3478; 50000-65535 |
| Video | 95.211.37.68-73 | 50020 – 50039 UDP and TCP | TCP: 443; 50000-65535 UDP: 3478; 50000-65535 |
| Desktop Sharing | 95.211.37.68-73 | 50040 – 50059 UDP and TCP | TCP: 443, 50000 – 59999 |
CLIENT to CLIENT (INTERNAL) Ports used for internal network traffic for user to user communication.
| Component | Port | Protocol | Notes |
|---|---|---|---|
| Clients | 6891-6901 | TCP | Used for file transfer between Skype for Business clients and previous clients. |
| Clients | 1024-65535 * | TCP/UDP | Audio port range (minimum of 20 ports required) |
| Clients | 1024-65535 * | TCP/UDP | Video port range (minimum of 20 ports required). |
| Clients | 1024-65535 * | TCP | Peer-to-peer file transfer (for conferencing file transfer, clients use PSOM). |
| Clients | 1024-65535 * | TCP | Application sharing. |
| Info |
|---|
In addition to the firewall adjustments above, if you are using a PC level firewall other than the built-in Windows firewall, you will need to add exceptions to the PC antivirus/antimalware itself to disable security for the Skype for Business client. |
...
While these changes are always required for firewalls, you may need to add exceptions to other security devices that sit between computers and |
...
theinternet if you have other devices in your network that provide security or the ability to block certain network traffic. |
...
Preferred Traffic Configuration
...