Firewall rules for Microsoft Lync?

Hi all.

My knowledge about F-secure Client Security Premium and Policy Manager server is not that great, but I'm learning. I have one question about firewall and Lync.

 

The internal F-secure firewall stops Microsoft Lync (message "No available media ports"). Lync needs 20-40 open high ports (range 1024-65535). What is the easiest way to add Lync to the firewall based on the above? As far as I understand adding Lync to "application control" is not enough. General firewall rules will still be enabled (in this case "Deny rest"). 

 

kindly, Dean

Accepted Answer

Comments

  • Just curious if this question is lacking an answer because you think is to basic? Please let me know how to implement this if you know. I will hit the "kudo"-button as hard as I can if I get an answer Smiley Wink

     

    Thanks,

    Dean Y

  • VadVad Posts: 1,075 F-Secure Employee

    Hello Dean,

     

    To create a firewall rule for Lync:

    1. In Policy Manager Console, Anti-Virus mode, select Firewall rules.

    2. Select the security level you want to edit.

    3. In the table select the place where you want to add a new rule, and press "Add after" or "Add before"

    4. Select Allow rule

    5. On "Remote host" page select "Specified remote hosts" and specify IP address(es) or DNS name(s) of your Lync server(s).

    6. On "Services" page select "All traffic" and "<=>" direction.

     

    Best regards,

    Vad

     

  • Hi Vlad. 

     

    The problem is that Lync is P2P so no server involvment after the "call" is initiated. The clients therefore does not know to which other client to allow connection inbound. Different every time (more ore less). The (very bad) work around is to allow 1024-65535 inbound on every(!) client for any host(!) on the local network (in this case 172.16.0.0/12). That will at least stop anything coming from outside the network but render the client firewall useless if the attacker (or should I say when?) is present locally on the network. 

     

    I guess I can't be the only one using Lync and F-secure togheter? Any more input. 

    Thank you!

    /Dean Y

  • Yes, that should work. Very good. Thank you!
This discussion has been closed.