Which ports are required to be open in order to work with SphereShield for SfB?

SIP Filter

SfB Edge/FE Server

Admin Portal SQL server

To allow the SIP Filter to pull configurations from the DB that will determine how it functions

Always required when using SIP Filter

SIP Filter

80 or 443

SfB Edge server

Admin Portal IIS server

To allow the SIP Filter to query the Admin Portal's Ethical wall web service in case it needs to calculate a policy

This is required only when using Ethical Wall with the SIP Filter installed on the Edge

Admin Portal

Admin Portal IIS server

Admin Portal SQL server

To allow the Admin Portal website access to the SQL DB where it is used to modify settings and preferences

Always required when using Access Portal

LAC + EWS

DMZ Bastion RP

Admin Portal SQL server

To allow the Bastion's filters to pull configurations which will determine the behavior of the filters

Always required when using the LAC or EWS (Device registration, DDos protection, EWS protection and any feature that requires the installation of the DMZ Bastion)

4443

DMZ Bastion RP

SfB FE

To allow the Bastion to pass on the traffic to the FE when using AD credentials (and not SphereShield credentials with another Authentication Extender Bastion)

Always required when using  the Bastion without the Authentication internal Bastion

443

DMZ Bastion RP

Exchange/CAS server

To allow the Bastion to pass on the traffic to the CAS server when using EWS protection

4431/Any

DMZ Bastion RP

Internal Bastion AuthExt

To allow the Bastion to pass on the traffic to the Authentication Extender when using SphereShield credentials 

Required only when using SphereShield credentials

AuthExt Bastion

Internal Bastion AuthExt

SfB FE

To allow the internal Bastion to pass on the traffic to Skype for Business FE when using SphereShield credentials

Required only when using SphereShield credentials