Forum Discussion
Yealink Teams Phone, firewall rules.
Doing a Teams migration. Testing a 3 yealink phones on the network. Most users will use laptops and only a few phones on the network. I white listed the IP's and Ports here: Skype for Business Online and Microsoft Teams
Off network they work amazing. However on net I am having issues allowing them to connect to company portal. If I leave them logged in and plug them in on net I can make and receive calls but favorites, statues, calendars, company directory, etc will not load.
On the firewall I am seeing it reach out with ports 49152, 52546, etc.
Can anyone help on the proper setup for this?
- A few thoughts:
1) Make sure you have IPs/Ports listed in the article set as *destination*. RFC1918->52.112.0.0/14, for instance. The overwhelming majority of ports flow in a direction of client *to* server. Be careful of IPv6 ranges, too, if it is enabled on your networks!
2) Make sure you also include all the "Microsoft 365 Common" IPs/URLS, as well. Since Teams is an amalgamation of services from M365, there are some core services (such as authentication and Intune) that are not mentioned within the Teams specific section. You *must* make the Common services available to all endpoints, phones included.
3) If you've got a proxy server, enforced by WPAD for instance, you need to make sure that the URLs listed by Microsoft are not subject to a) SSL break/inspection, and b) proxy server authentication. You can use the Get-PacFile script to easily gather all the URLs necessary:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/managing-office-365-endpoints?view=o365-worldwide#use-a-pac-file-for-direct-routing-of-vital-office-365-traffic
4) Be careful of Data VLANs vs Voice VLANs. Many customers I've worked with have more stringent configurations in place for Voice VLANs and Teams phones don't work correctly as a result. This could be due to proxy requirements, or firewall restrictions, or even routing restrictions, but in the end do not assume your voice VLANs have the same setup and capabilities as data VLANs. brimdavis did you ever find a resolution to this??? Having the same issue and going crazy over here.
