Forum Discussion
Question about connection Microsoft Teams behind Firewall NAT device use Single IP Address
- There is no limitation about concurrent connections behind a single IP address. What I believe that you are seeing is simple "not enough bandwidth" Screen sharing is one of the most network intensive things that you can do, and you see the results.
If you are looking at routers or other devices to measure the throughput, then be careful with what they are measuring. They are often measuring usage over a period of time, like 15 minutes, which isn't going to answer your needs.
Also, it is possible that it isn't your Internet connectivity alone, it could be the Fortigate or any other devices in the path.
We have make some network setup like below
1.Our original path to internet : LAN (Internal Network)->FortiGate->WAN Load Balance(Ascenlink)-> 2 ISP Internet Access (for Load Balance and Line Backup)
2.at FortiGate Policy. We create a new Poicy , setting is . Source (Internal Network) -> Destination , Internet Service DB( ISDB) pickup Microsoft_Skype_Teams) , and no SSL Inspection and any UTM Security Profile check. NAT can use 1 IP or 5 IP (IP Pools) configure
3.We use another ISP Line(100/40Mbps) and setup a Policy Route UDP Port 3478-3481 , route to the new created Policy (for Microsoft Teams)
This Policy can make sure Microsoft Teams service access internet don't passthough WAN Load Balance
This moring we have a 47 user conference call, Some WFH and Some at Office ,The meeting host use Desktop Sharing to show his screen (one to many). The finding is:
1.When meeting start . we observe user count over 20 users into the meeting room. We use the RTQ function to monitor my Teams client
We can see The Application sharing detail (inbound) start to grow rapidly to Packet Loss (14%)
Then we change NAT config from 1 IP to 5 IP Pools Config. The Packet Loss will to decrease obvious (about below 0.5%)
2.The line MRTG bandwitdh show 5 Minus average is 20Mbps(Inbound)
3.This configure . Our Desktop Share screen lag will decrease to 1-2 Sec. The original config will be 5-9 Sec.
Very intresting. When the packet loss start to increase obvious. We change NAT use 1 IP change to use 5 IP Pools . It will start to decrease....
sharing the result to people like us.
MANY companies have thousands of people on a single NAT,
- Got it! Thanks for your idea. We will monitor and check something wrong...
Did you find any solution about teams conf call?
Hi KoKant, Sorry for late!
Yes. After serval mothly
We found some solution maybe can help
If you using FortiGate. You can setup a Firewall Policy the Destination can set to Interervice Service.(This policy should before original internet access policy)Include
Microsoft-Skype_Teams
Microsoft-Teams.Published.Worldwide.Allow
Microsoft-Teams.Published.Worldwide.Optimize
and this policy should setup no any UTM check feature. like SSL set to no-inspection
let the Microsoft Teams traffice have least latency
I hope can help other also meet this issue.
If anyone have chance to try this method. Please share your result. Thanks
