SOLVED
Home

Meetings High Ports - Network Planning for Microsoft Teams

%3CLINGO-SUB%20id%3D%22lingo-sub-344490%22%20slang%3D%22en-US%22%3EMeetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-344490%22%20slang%3D%22en-US%22%3E%3CP%3ERegarding%20the%20video%20Network%20Planning%20for%20Microsoft%20Teams%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2Fvi3M7ZzF2NU%3Ft%3D1978%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fyoutu.be%2Fvi3M7ZzF2NU%3Ft%3D1978%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eat%20the%20time%20linked%20above...%20the%20slide%20mentions%20%22End%20Points%20will%20connect%20directly%20via%20random%20high%20ports%20if%20possible%22.%20What%20is%20the%20range%20of%20the%20high%20ports%3F%20I%20haven't%20don't%20see%20the%20information%20published%20in%20O365%20Endpoints%20documentation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-344490%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIT%20Pro%20Training%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMeetings%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-352923%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-352923%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F229593%22%20target%3D%22_blank%22%3E%40Sean%20Oh%3C%2FA%3E%20%2C%20I'm%20sorry%20you%20are%20experiencing%20issues.%20The%20required%20ports%20for%20audio%2C%20video%20and%20desktop%20sharing%20are%203478-3481%20UDP%20as%20documented%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Furls-and-ip-address-ranges%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOffice%20365%20URLs%20and%20IP%20address%20ranges%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDid%20you%20try%20to%20run%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D53885%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESkype%20for%20Business%20Network%20Assessment%20Tool%20%3C%2FA%3Ewith%20the%20following%20parameters%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3E%2Fconnectivitycheck%20%2Fverbose%3C%2FPRE%3E%0A%3CP%3EIf%20so%2C%20what%20did%20it%20show%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-352648%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-352648%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20always%20better%20to%20publish%20the%20simple%20ports%20information%20like%20all%20other%20platforms%20do.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ELook%20at%20that%20video%20explanations%2C%20Tunneling%20with%26nbsp%3Bproxy%20chains%20with%20FEC%2C%20this%20UDP%20at%20the%20raw%20level%20packet%20explanation..%20wow..%20took%20an%20hour%20in%20the%20video%2C%20when%20it%20could've%20been%20an%20only%20few%20seconds%20by%20pulling%20out%20those%203-4%20words.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3Ewe%20are%20having%20problems.%20we%20can't%20hear.%20this%20is%20the%20end%20point%20problem%2C%20from%20us.%26nbsp%3B%3CBR%20%2F%3Ehowever%20MS%20tunnels%20are%20not%20nearly%20perfect%20as%20Skype%20in%20any%20situation%20here%20and%20there%3CBR%20%2F%3Eso%20here%20goes%20the%20documents%20that%20require%20two%20hours%20and%20mostly%20useless%20at%20most%20and%20stressful.%3CBR%20%2F%3E%3CBR%20%2F%3Eanswers%20are%20here%2C%20in%20the%20community.%20not%20from%20the%20very%20cultural%20style%20documents.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20know%20it%2C%20we%20the%20one%20who%20initiate%20the%20connection%20to%20let%20you%20guys%20in.%2C%20then%20it%20should%20work%20no%20matter%20what%2C%20and%20Teams%20should%20especially%20work%20on%20easy%20networks%20when%20depreciating%20Skype.%20like%20the%20guy%20in%20the%20video%20mentioned%20about%20old%20centralized%20server%20network%20systems%2C%20then%20let%20the%20magic%20happens%3F.%20Also%20Teams%20doesn't%20know%20how%20to%20penetrate%20BOGUS%20configured%20routers%20with%20that%20443%20backup%20plan.%26nbsp%3B%20Teams%20will%20slowly%20wouldn't%20go%20through%20as%20the%20hardwares%20and%20softwares%20are%20changing%20even%20ISPs%20too%2C%20We%20have%20got%20to%20hang%20up%20on%20them%26nbsp%3B%20and%20call%20back%20unprofessionally.%3CBR%20%2F%3E%3CBR%20%2F%3EToo%20bad%2C%20I%20will%20not%20open%20that%20wide%20high-port%20range%20forwarding%20to%20Microsoft%20Windows%20OS%3F%20Would%20you%3F%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20let%20us%20simply%26nbsp%3Bsolve%20this%20problem%20but%20we%20need%20the%20product%20information%2C%20I%20really%20hope%20there%20is%201-2%20pages%20optional%20manual%20per%20every%20office%20365%20product.%20not%20over%20100%20pages%20from%20everyone.%3CBR%20%2F%3Enot%20this%20one%2C%20never%20thought%20dos%20had%20netstat%20command%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-352582%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-352582%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F228093%22%20target%3D%22_blank%22%3E%40Timothy%20Balk%3C%2FA%3E%2C%20I%20will%20get%20sure%20to%20mention%20that%20the%20we%20list%20the%20high%20ports%20and%20stress%20that%20they%20don't%20need%20to%20be%20optional%20and%20that%20we%20only%20mention%20them%20so%20firewall%20admins%20will%20understand%20why%20they%20are%20seeing%20the%20client%20trying%20to%20connect%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-352578%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-352578%22%20slang%3D%22en-US%22%3E%3CP%3ENext%20major%20revision%20of%20the%20video%20maybe%20consider%20mentioning%20the%20port%20ranges%20or%20is%20there%20already%20a%20docs%20page%20that%20references%20the%20full%20listing%20of%20the%20ports%20(including%26nbsp%3B%3CSPAN%3E1%2C024-%3C%2FSPAN%3E%3CFONT%3E65%2C535%20UDP%20ports)%20-%20set%20up%20an%20aka.ms%20to%20it%3C%2FFONT%3E%3F%20Coming%20from%20the%20background%20of%20Skype%20for%20Business...%20Having%20the%20full%20documentation%20is%20essential%20to%20identify%20the%20what%20and%20hows%20to%20justify%20unblocking%20firewall%20and%20ACL%20ports.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-352403%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-352403%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EClients%20might%20indeed%20connect%20directly%20on%20any%20high%20port%20(1%2C024-%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E65%2C535%20UDP)%3C%2FFONT%3E%20to%20the%20services%20in%20Office%20365%20if%20there%20is%20nothing%20blocking%20them.%3C%2FLI%3E%0A%3CLI%3EThis%20traffic%20vie%20high%20ports%20will%20not%20go%20via%20the%20Transport%20Relay%20(that's%20where%20we%20use%203478-3481%20UDP)%3C%2FLI%3E%0A%3CLI%3EThis%20range%20is%20not%20documented%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Furls-and-ip-address-ranges%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOffice%20365%20URLs%20and%20IP%20address%20ranges%3C%2FA%3E%20as%20it%20is%20completely%20optional.%20If%20you%20block%20the%20traffic%2C%20Teams%20will%20still%20perfectly%20work%20as%20traffic%20will%20flow%20via%20Transport%20Relay%20on%203478-3481.%20While%20you%20could%20argue%20that%20the%20more%20direct%20path%20might%20reduce%20the%20delay%2C%20this%20is%20more%20an%20academic%20discussion%20as%20the%20improvements%20would%20be%20very%20few%20milliseconds.%20If%20you%20are%20experiencing%20issues%20with%20media%20quality%2C%20they%20will%20have%20their%20cause%20somewhere%20else.%3C%2FLI%3E%0A%3CLI%3EThe%20reason%20we%20mention%20it%20in%20the%20training%20is%20that%20we%20want%20the%20audience%20to%20know%20what%20is%20happening%20--%20so%20that%20they%20don't%20interpret%20the%20client%20trying%20to%20connect%20to%20O365%20on%20the%20high%20ports%20as%20unusual%20behavior%3C%2FLI%3E%0A%3CLI%3EThe%2050%2C000-59%2C999%20port%20range%20that%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9476%22%20target%3D%22_blank%22%3E%40Linus%20Cansby%3C%2FA%3E%20mentions%20is%20used%20by%20Skype%20for%20Business%2C%20not%20by%20Teams.%3C%2FLI%3E%0A%3CLI%3EThe%20port%20ranges%20that%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F178440%22%20target%3D%22_blank%22%3E%40Steven%20Collier%3C%2FA%3E%20points%20to%20that%20you%20can%20configure%20in%20the%20admin%20portal%20are%20the%20ports%20on%20the%20client%20side%2C%20not%20the%20service%20side.%20Since%20all%20traffic%20in%20Teams%20is%20initiated%20from%20the%20client%20to%20the%20service%2C%20this%20is%20not%20relevant%20for%20your%20firewall%20configuration%20(unless%20you%20are%20creating%20rules%20not%20only%20on%20destination%20port%20but%20source%20port%20as%20well).%20These%20port%20ranges%20are%20mostly%20relevant%20if%20you%20want%20to%20do%20QoS%20in%20your%20environment.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EI%20hope%20this%20explains%20everything%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20think%20we%20should%20update%20the%20training%2C%20please%20let%20me%20know.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3Ethomas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-345874%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-345874%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20-%20this%20is%20what%20I%20was%20looking%20for.%20The%20ports%20in%20your%20screenshot%20are%20mentioned%20later%20in%20the%20video%2C%20but%20not%20the%201024-65535%20if%20the%20automatic%20settings%20are%20set.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-345218%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-345218%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20don't%20specify%20a%20range%20it%20will%20use%20a%20random%20port%20in%20the%20range%201024%20-%2065535.%20It's%20perfectly%20normal%20to%20define%20the%20range%20through%20the%20Teams%20admin%20meeting%20settings%2C%20and%20push%20it%20to%20the%20same%20range%20that%20Skype%20used%20to%20existing%20optimisations%20work%20the%20same%2C%20so%20..%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F78482i11A0B574A0ABC49F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22%7B37C08B92-928F-4494-818B-7C7E22D3C626%7D.png.jpg%22%20title%3D%22%7B37C08B92-928F-4494-818B-7C7E22D3C626%26amp%3B%23125%3B.png.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-345191%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-345191%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETeams%20will%20try%20with%20a%20random%20high%20ports%20first%20(%3CSPAN%3E50%2C000-59%2C999)%20and%20if%20that%20is%20not%20possible%20it%20will%20relay%20traffic%20via%20a%26nbsp%3B%3C%2FSPAN%3ETransport%20Relay%20on%203478-3481%20UDP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheck%20this%20blog%20.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fucmart.uk%2F2017%2F10%2F03%2Funderstanding-media-flows-in-microsoft-teams-and-skype-for-business-brk4004-summary%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fucmart.uk%2F2017%2F10%2F03%2Funderstanding-media-flows-in-microsoft-teams-and-skype-for-business-brk4004-summary%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-670665%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-670665%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9476%22%20target%3D%22_blank%22%3E%40Linus%20Cansby%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERight%20now%20I'm%20facing%20issues%3A%3C%2FP%3E%3CP%3Eusers%20are%20complaining%20that%20they%20have%20drops%20and%20audio%5Cvideo%20loss%20while%20on%20the%20Teams%20meeting.%3C%2FP%3E%3CP%3EAfter%20checking%20logs%20I%20found%20that%20Temas%20generating%20traffic%20sourcing%20from%20UDP%2050000-50059%20but%20the%20destination%20ports%20are%20not%20limited%20to%20range%20UDP%2050000-59999%2C%20I%20see%20a%20lot%20of%20sessions%20trying%20to%20use%20lower%20and%20higher%20ports%20which%20are%20blocked%20by%20my%20firewall.%20I%20can't%20find%20any%20official%20MS%20documentation%20which%20says%20that%20destination%20is%20UDP%5Cdynamic%20and%20not%20UDP%5C50000-59999.%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20ideas%20where%20I%20can%20find%20proper%20docs%20or%20proof%20that%20MS%20Teams%20generates%20this%20traffic%3F%3C%2FP%3E%3CP%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-714667%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-714667%22%20slang%3D%22en-US%22%3EIs%20there%20a%20way%20to%20lock%20down%20the%20required%20ports%20for%20the%20teams%20.exe%3F%20I%20believe%20teams%20resides%20in%20the%20user's%20folder%20thus%20not%20allowing%20the%20client%20firewall%20rules%20to%20select%20that%20process%20without%20having%20to%20allow%20all%20the%20ports%20-%20which%20could%20seen%20as%20a%20security%20risk.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-726469%22%20slang%3D%22en-US%22%3ERe%3A%20Meetings%20High%20Ports%20-%20Network%20Planning%20for%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-726469%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F303717%22%20target%3D%22_blank%22%3E%40Tommytong%3C%2FA%3E%26nbsp%3BI%20think%20you'll%20want%20to%26nbsp%3B%20look%20in%20the%20Teams%20Admin%20area%20in%20O365%20Admin%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fmeeting-settings-in-teams%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fmeeting-settings-in-teams%3C%2FA%3E%3C%2FP%3E%3CP%3EThat%20should%20be%20the%20place%20where%20you%20can%20reduce%20the%20range%20of%20ports%20used%20by%20Teams.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20also%20a%20known%20set%20of%20ports%2C%20IP%20addresses%20and%20URLs%20that%20are%20used%20by%20O365%20services%20to%20make%20sure%20they%20are%20accessible%20through%20all%20firewalls%20to%20ensure%20things%20are%20working%20and%20that%20documentation%20is%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Furls-and-ip-address-ranges%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Furls-and-ip-address-ranges%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Regarding the video Network Planning for Microsoft Teams:

https://youtu.be/vi3M7ZzF2NU?t=1978

 

at the time linked above... the slide mentions "End Points will connect directly via random high ports if possible". What is the range of the high ports? I haven't don't see the information published in O365 Endpoints documentation.

 

Thanks

 

Watch this Teams Academy session to learn how #MicrosoftTeams leverages the network. Plan and design your network configuration for the best user experience with Teams. (Jan 2019)
11 Replies

Hi,

 

Teams will try with a random high ports first (50,000-59,999) and if that is not possible it will relay traffic via a Transport Relay on 3478-3481 UDP.

 

Check this blog .

https://ucmart.uk/2017/10/03/understanding-media-flows-in-microsoft-teams-and-skype-for-business-brk...

If you don't specify a range it will use a random port in the range 1024 - 65535. It's perfectly normal to define the range through the Teams admin meeting settings, and push it to the same range that Skype used to existing optimisations work the same, so ..

 

{37C08B92-928F-4494-818B-7C7E22D3C626}.png.jpg

Thanks - this is what I was looking for. The ports in your screenshot are mentioned later in the video, but not the 1024-65535 if the automatic settings are set.

Solution

Hi all,

  • Clients might indeed connect directly on any high port (1,024-65,535 UDP) to the services in Office 365 if there is nothing blocking them.
  • This traffic vie high ports will not go via the Transport Relay (that's where we use 3478-3481 UDP)
  • This range is not documented Office 365 URLs and IP address ranges as it is completely optional. If you block the traffic, Teams will still perfectly work as traffic will flow via Transport Relay on 3478-3481. While you could argue that the more direct path might reduce the delay, this is more an academic discussion as the improvements would be very few milliseconds. If you are experiencing issues with media quality, they will have their cause somewhere else.
  • The reason we mention it in the training is that we want the audience to know what is happening -- so that they don't interpret the client trying to connect to O365 on the high ports as unusual behavior
  • The 50,000-59,999 port range that @Linus Cansby mentions is used by Skype for Business, not by Teams.
  • The port ranges that @Steven Collier points to that you can configure in the admin portal are the ports on the client side, not the service side. Since all traffic in Teams is initiated from the client to the service, this is not relevant for your firewall configuration (unless you are creating rules not only on destination port but source port as well). These port ranges are mostly relevant if you want to do QoS in your environment.

I hope this explains everything :)

 

If you think we should update the training, please let me know.

 

Thanks,

thomas

Next major revision of the video maybe consider mentioning the port ranges or is there already a docs page that references the full listing of the ports (including 1,024-65,535 UDP ports) - set up an aka.ms to it? Coming from the background of Skype for Business... Having the full documentation is essential to identify the what and hows to justify unblocking firewall and ACL ports. 

Thanks @Timothy Balk, I will get sure to mention that the we list the high ports and stress that they don't need to be optional and that we only mention them so firewall admins will understand why they are seeing the client trying to connect :)

It's always better to publish the simple ports information like all other platforms do. 

Look at that video explanations, Tunneling with proxy chains with FEC, this UDP at the raw level packet explanation.. wow.. took an hour in the video, when it could've been an only few seconds by pulling out those 3-4 words.




we are having problems. we can't hear. this is the end point problem, from us. 
however MS tunnels are not nearly perfect as Skype in any situation here and there
so here goes the documents that require two hours and mostly useless at most and stressful.

answers are here, in the community. not from the very cultural style documents.


You know it, we the one who initiate the connection to let you guys in., then it should work no matter what, and Teams should especially work on easy networks when depreciating Skype. like the guy in the video mentioned about old centralized server network systems, then let the magic happens?. Also Teams doesn't know how to penetrate BOGUS configured routers with that 443 backup plan.  Teams will slowly wouldn't go through as the hardwares and softwares are changing even ISPs too, We have got to hang up on them  and call back unprofessionally.

Too bad, I will not open that wide high-port range forwarding to Microsoft Windows OS? Would you?

So let us simply solve this problem but we need the product information, I really hope there is 1-2 pages optional manual per every office 365 product. not over 100 pages from everyone.
not this one, never thought dos had netstat command,

@Sean Oh , I'm sorry you are experiencing issues. The required ports for audio, video and desktop sharing are 3478-3481 UDP as documented in Office 365 URLs and IP address ranges

 

Did you try to run the Skype for Business Network Assessment Tool with the following parameters?

 

/connectivitycheck /verbose

If so, what did it show?

@Linus Cansby 

Right now I'm facing issues:

users are complaining that they have drops and audio\video loss while on the Teams meeting.

After checking logs I found that Temas generating traffic sourcing from UDP 50000-50059 but the destination ports are not limited to range UDP 50000-59999, I see a lot of sessions trying to use lower and higher ports which are blocked by my firewall. I can't find any official MS documentation which says that destination is UDP\dynamic and not UDP\50000-59999.

Do you have any ideas where I can find proper docs or proof that MS Teams generates this traffic?

Thank you!

Is there a way to lock down the required ports for the teams .exe? I believe teams resides in the user's folder thus not allowing the client firewall rules to select that process without having to allow all the ports - which could seen as a security risk.

@Tommytong I think you'll want to  look in the Teams Admin area in O365 Admin - https://docs.microsoft.com/en-us/microsoftteams/meeting-settings-in-teams

That should be the place where you can reduce the range of ports used by Teams.

 

There is also a known set of ports, IP addresses and URLs that are used by O365 services to make sure they are accessible through all firewalls to ensure things are working and that documentation is here: https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
16 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
11 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
*Updated 9/3* Syncing in Microsoft Edge Preview Channels
Elliot Kirk in Articles on
217 Replies