Create firewall exceptions for Skype for Business Server
Create firewall exceptions needed for Skype for Business Server.
John Savill
March 6, 2016
6 Min Read
Q. Is there an easy way to create the firewall exceptions needed for Skype for Business Server?
A. The following code below was created by my friend Tim Wheeler and will create the firewall exceptions needed for the various Skype for Business Server roles and components.
import-module netsecuritynew-netfirewallrule -name FE_5060_TCP -DisplayName "FE 5060 TCP" -Protocol TCP -localport 5060 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5061_TCP_TLS -DisplayName "FE 5061 TCP/TLS" -Protocol TCP -localport 5061 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_444_TCP_HTTP_Focus -DisplayName "FE 444 TCP/HTTP Focus" -Protocol TCP -localport 444 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5062_TCP -DisplayName "FE 5062 TCP" -Protocol TCP -localport 5062 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_8057_TCP_TLS -DisplayName "FE 8057 TCP/TLS" -Protocol TCP -localport 8057 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_8058_TCP_TKS -DisplayName "FE 8058 TCP/TKS" -Protocol TCP -localport 8058 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5063_TCP_AV -DisplayName "FE 5063 TCP AV" -Protocol TCP -localport 5063 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_57501-65535_TCP_AV_Conf -DisplayName "FE 57501-65535 TCP AV Conf" -Protocol TCP -localport 57501-65535 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_57501-65535_UDP_AV_Conf -DisplayName "FE 57501-65535 UDP AV Conf" -Protocol UDP -localport 57501-65535 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_80_HTTP -DisplayName "FE 80 HTTP" -Protocol TCP -localport 80 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_4443_HTTPS -DisplayName "FE 4443 HTTPS" -Protocol TCP -localport 4443 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_8060_TCP_MTLS -DisplayName "FE 8060 TCP (MTLS)" -Protocol TCP -localport 8060 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_8061_TCP_MTLS -DisplayName "FE 8061 TCP (MTLS)" -Protocol TCP -localport 8061 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5086_TCP_MTLS -DisplayName "FE 5086 TCP (MTLS)" -Protocol TCP -localport 5086 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5087_TCP_MTLS -DisplayName "FE 5087 TCP (MTLS)" -Protocol TCP -localport 5087 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_443_HTTPS -DisplayName "FE 443 HTTPS" -Protocol TCP -localport 443 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5064_TCP_SIP_Conference -DisplayName "FE 5064 TCP SIP Conference" -Protocol TCP -localport 5064 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5072_TCP_SIP_Attendant -DisplayName "FE 5072 TCP SIP Attendant" -Protocol TCP -localport 5072 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5070_TCP_Mediation -DisplayName "FE 5070 TCP Mediation" -Protocol TCP -localport 5070 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5067_TCP_TLS_PSTN -DisplayName "FE 5067 TCP/TLS PSTN" -Protocol TCP -localport 5067 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5068_TCP_PSTN -DisplayName "FE 5068 TCP PSTN" -Protocol TCP -localport 5068 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5081_TCP_SIP_Out -DisplayName "FE 5081 TCP SIP Out" -Protocol TCP -localport 5081 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5082_TCP_TLS_SIP_Out -DisplayName "FE 5082 TCP/TLS SIP Out" -Protocol TCP -localport 5082 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5065_TCP_SIP_App_Sharing -DisplayName "FE 5065 TCP SIP App Sharing" -Protocol TCP -localport 5064 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name All_49152-65535_TCP_App_Sharing -DisplayName "All 49152-65535 TCP App Sharing" -Protocol TCP -localport 49152-65535 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name All_49152-65535_UDP_App_Sharing -DisplayName "All 49152-65535 UDP App Sharing" -Protocol UDP -localport 49152-65535 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5073_TCP_Conf_Announcement -DisplayName "FE 5073 TCP Conf Announcement" -Protocol TCP -localport 5073 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5075_TCP_SIP_Call_Park -DisplayName "FE 5075 TCP SIP Call Park" -Protocol TCP -localport 5075 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5076_TCP_SIP_Audio_Test -DisplayName "FE 5076 TCP SIP Audio Test" -Protocol TCP -localport 5076 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5066_TCP_E911 -DisplayName "FE 5066 TCP E911" -Protocol TCP -localport 5066 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5071_TCP_Response_Group -DisplayName "FE 5071 TCP Response Group" -Protocol TCP -localport 5071 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_8404_TCP_MTLS_Response_Group -DisplayName "FE 8404 TCP (MTLS) Response Group" -Protocol TCP -localport 8404 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_5080_TCP_AV_Edge_TURN -DisplayName "FE 5080 TCP AV Edge TURN" -Protocol TCP -localport 5080 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_448_TCP_Call_Admission_Control -DisplayName "FE 448 TCP Call Admission Control" -Protocol TCP -localport 448 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name FE_445_TCP_Config_Central_Management_Store -DisplayName "FE 445 TCP Config Central Management Store" -Protocol TCP -localport 445 -Enabled True -Profile Any -Action Allow# All Internal Serversnew-netfirewallrule -name All_49152-57500_TCP_Media_Audio_Conferencing -DisplayName "All 49152-57500 TCP Media Audio Conferencing" -Protocol TCP -localport 49152-57500 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name All_49152-57500_UDP_Media_Audio_Conferencing -DisplayName "All 49152-57500 UDP Media Audio Conferencing" -Protocol UDP -localport 49152-57500 -Enabled True -Profile Any -Action Allow# Office Web Apps Servernew-netfirewallrule -name OWA_443 -DisplayName "OWA 443" -Protocol TCP -localport 443 -Enabled True -Profile Any -Action Allow# Directornew-netfirewallrule -name Dir FE_5060_TCP_RCC_Routing -DisplayName "Dir FE_5060 TCP RCC Routing" -Protocol TCP -localport 5060 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name Dir FE_444_HTTPS_TCP -DisplayName "Dir FE_444 HTTPS/TCP" -Protocol TCP -localport 444 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name Dir 80_TCP -DisplayName "Dir 80 TCP" -Protocol TCP -localport 80 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name Dir 443_HTTPS -DisplayName "Dir 443 HTTPS" -Protocol TCP -localport 443 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name Dir 5061_TCP -DisplayName "Dir 5061 TCP" -Protocol TCP -localport 5061 -Enabled True -Profile Any -Action Allow# Mediation Servernew-netfirewallrule -name Med_5070_TCP_Med->FE -DisplayName "Med 5070 TCP Med->FE" -Protocol TCP -localport 5070 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name Med_5067_TCP_TLS_SIP --> PSTN -DisplayName "Med 5067 TCP/TLS SIP --> PSTN" -Protocol TCP -localport 5067 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name Med_5068_TCP_SIP --> PSTN -DisplayName "Med 5068 TCP SIP --> PSTN" -Protocol TCP -localport 5068 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name Med_5070_TCP_MTLS_SIP --> FE_-DisplayName "Med 5070 TCP (MTLS) SIP --> FE" -Protocol TCP -localport 5070 -Enabled True -Profile Any -Action Allow#PChatnew-netfirewallrule -name PChat 5041_TCP_MTLS_SIP -DisplayName "PChat 5041 TCP (MTLS) SIP" -Protocol TCP -localport 5041 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name PChat 881_TCP_TLS_and_TCP_MTLS_WCF -DisplayName "PChat 881 TCP (TLS) and TCP (MTLS) WCF" -Protocol TCP -localport 881 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name PChat 443_TCP_TLS -DisplayName "PChat 443 TCP (TLS)" -Protocol TCP -localport 443 -Enabled True -Profile Any -Action Allow#Edgenew-netfirewallrule -name EDGE_TCP_443 -DisplayName "Edge 443 TCP" -Protocol TCP -localport 443 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name EDGE_UDP_3478 -DisplayName "Edge 3478 UDP A/V Service" -Protocol UDP -localport 3478 -Enabled True -Profile Any -Action Allownew-netfirewallrule -name EDGE_50000-59999_TCP -DisplayName "Edge 50,000-59,999 TCP AV Svc" -Protocol TCP -localport 50000-59999 -Enabled True -Profile Any -Action Allow
Each week, John Savill answers all of your toughest tech questions about the worlds of Windows Server, Azure, and beyond. Read his past IT advice here, and email your questions to [email protected].
About the Author
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
You May Also Like