Which ports are required to be open in order to work with SphereShield for SfB?
Component | Port | Protocol | Source | Target | Purpose | Remarks |
---|---|---|---|---|---|---|
SIP Filter | 1433 | TCP | SfB Edge/FE Server | Admin Portal SQL server | To allow the SIP Filter to pull configurations from the DB that will determine how it functions | Always required when using SIP Filter |
SIP Filter | 80 or 443 | TCP | SfB Edge server | Admin Portal IIS server | To allow the SIP Filter to query the Admin Portal's Ethical wall web service in case it needs to calculate a policy | This is required only when using Ethical Wall with the SIP Filter installed on the Edge |
Admin Portal | 1433 | TCP | Admin Portal IIS server | Admin Portal SQL server | To allow the Admin Portal website access to the SQL DB where it is used to modify settings and preferences | Always required when using Access Portal |
LAC + EWS | 1433 | TCP | DMZ Bastion RP | Admin Portal SQL server | To allow the Bastion's filters to pull configurations which will determine the behavior of the filters | Always required when using the LAC or EWS (Device registration, DDos protection, EWS protection and any feature that requires the installation of the DMZ Bastion) |
Bastion | 4443 | TCP | DMZ Bastion RP | SfB FE | To allow the Bastion to pass on the traffic to the FE when using AD credentials (and not SphereShield credentials with another Authentication Extender Bastion) | Always required when using the Bastion without the Authentication internal Bastion |
Bastion | 443 | TCP | DMZ Bastion RP | Exchange/CAS server | To allow the Bastion to pass on the traffic to the CAS server when using EWS protection | |
Bastion | 4431/Any | TCP | DMZ Bastion RP | Internal Bastion AuthExt | To allow the Bastion to pass on the traffic to the Authentication Extender when using SphereShield credentials | Required only when using SphereShield credentials |
AuthExt Bastion | 4443 | TCP | Internal Bastion AuthExt | SfB FE | To allow the internal Bastion to pass on the traffic to Skype for Business FE when using SphereShield credentials | Required only when using SphereShield credentials |
AuthExt Bastion | 443 | TCP | Internal Bastion AuthExt | Exchange/CAS server | To allow the internal Bastion to pass on the traffic to Exchange when using SphereShield credentials | Required only when using SphereShield credentials |
Admin Portal | 443 | TCP | Admin Portal IIS server | MDM Console | Fetching MDM devices | Required only when using MDM integration |