Forum Discussion
david_baumgart_
Cirrus
CirrusFirewall config for Skype for Business Reverse Proxy
Hey Everyone:
I recently completed setting up an edge pool for my Skype for Business 2015 deployment and all of my services are working as intended (IM/Presence and Video calls). I now wish to d...
So when you have a split deployment as mentioned for reverse proxy traffic then big ip 1(DMZ) would receive traffic and forward to big ip 2 (internal, in front of FE servers) on the already translated port 4443. Big ip 2 will then pass that through to individual FE servers on the same 4443 port.
So the real answer to your question is between the two big ip's you should allow for 80, 8080, 443 and 4443 to ensure traffic processing.
So when you have a split deployment as mentioned for reverse proxy traffic then big ip 1(DMZ) would receive traffic and forward to big ip 2 (internal, in front of FE servers) on the already translated port 4443. Big ip 2 will then pass that through to individual FE servers on the same 4443 port.
So the real answer to your question is between the two big ip's you should allow for 80, 8080, 443 and 4443 to ensure traffic processing.
david_baumgart_Cirrus
CirrusSo just to be clear, because for some reason I am having a brain glitch when reading that reply (my apologies for being dense!), on the path BACK OUT to DMZ going from internal to external, the VIP is the IP sending back to the DMZ self ip rather than it passing the return process off to the internal self IP, correct?
This makes sense from a networking perspective, I just wanna make sure I'm 100% clear. Thanks again and sorry for being repetitive!