Forum Discussion
david_baumgart_
Cirrus
CirrusFirewall config for Skype for Business Reverse Proxy
Hey Everyone:
I recently completed setting up an edge pool for my Skype for Business 2015 deployment and all of my services are working as intended (IM/Presence and Video calls). I now wish to d...
So when you have a split deployment as mentioned for reverse proxy traffic then big ip 1(DMZ) would receive traffic and forward to big ip 2 (internal, in front of FE servers) on the already translated port 4443. Big ip 2 will then pass that through to individual FE servers on the same 4443 port.
So the real answer to your question is between the two big ip's you should allow for 80, 8080, 443 and 4443 to ensure traffic processing.
So when you have a split deployment as mentioned for reverse proxy traffic then big ip 1(DMZ) would receive traffic and forward to big ip 2 (internal, in front of FE servers) on the already translated port 4443. Big ip 2 will then pass that through to individual FE servers on the same 4443 port.
So the real answer to your question is between the two big ip's you should allow for 80, 8080, 443 and 4443 to ensure traffic processing.
david_baumgart_Cirrus
CirrusFollowup question. I understand that i need to allow the traffic such as this:
WAN/NAT -> DMZ Reverse proxy VIP DMZ Big IP Self IP -> Internal Reverse Proxy VIP
But what about the return path? Do I allow the traffic back from the Internal Big IP VIP to the DMZ Big IP self IP? Or does it turn around and try to send from Internal BIG IP Self IP -> DMZ Self IP?
Or am I completely missing the target here?
Thanks again!