cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Yealink Teams Phone, firewall rules.

%3CLINGO-SUB%20id%3D%22lingo-sub-2228768%22%20slang%3D%22en-US%22%3EYealink%20Teams%20Phone%2C%20firewall%20rules.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2228768%22%20slang%3D%22en-US%22%3E%3CP%3EDoing%20a%20Teams%20migration.%20Testing%20a%203%20yealink%20phones%20on%20the%20network.%20Most%20users%20will%20use%20laptops%20and%20only%20a%20few%20phones%20on%20the%20network.%26nbsp%3B%20I%20white%20listed%20the%20IP's%20and%20Ports%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fenterprise%2Furls-and-ip-address-ranges%3Fview%3Do365-worldwide%23skype-for-business-online-and-microsoft-teams%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ESkype%20for%20Business%20Online%20and%20Microsoft%20Teams%3C%2FA%3E%3C%2FP%3E%3CP%3EOff%20network%20they%20work%20amazing.%20However%20on%20net%20I%20am%20having%20issues%20allowing%20them%20to%20connect%20to%20company%20portal.%20If%20I%20leave%20them%20logged%20in%20and%20plug%20them%20in%20on%20net%20I%20can%20make%20and%20receive%20calls%20but%20favorites%2C%20statues%2C%20calendars%2C%20company%20directory%2C%20etc%20will%20not%20load.%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20the%20firewall%20I%20am%20seeing%20it%20reach%20out%20with%20ports%2049152%2C%2052546%2C%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20help%20on%20the%20proper%20setup%20for%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2228768%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESettings%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
brimdavis
Occasional Visitor

‎Mar 22 2021 06:10 PM

‎Mar 22 2021 06:10 PM

Yealink Teams Phone, firewall rules.

Doing a Teams migration. Testing a 3 yealink phones on the network. Most users will use laptops and only a few phones on the network.  I white listed the IP's and Ports here: Skype for Business Online and Microsoft Teams

Off network they work amazing. However on net I am having issues allowing them to connect to company portal. If I leave them logged in and plug them in on net I can make and receive calls but favorites, statues, calendars, company directory, etc will not load. 

On the firewall I am seeing it reach out with ports 49152, 52546, etc.

 

Can anyone help on the proper setup for this?

1,817 Views
0 Likes
1 Reply
Reply
1 Reply
Trevor Miller

‎Mar 23 2021 05:24 AM

‎Mar 23 2021 05:24 AM

Re: Yealink Teams Phone, firewall rules.

A few thoughts:
1) Make sure you have IPs/Ports listed in the article set as *destination*. RFC1918->52.112.0.0/14, for instance. The overwhelming majority of ports flow in a direction of client *to* server. Be careful of IPv6 ranges, too, if it is enabled on your networks!
2) Make sure you also include all the "Microsoft 365 Common" IPs/URLS, as well. Since Teams is an amalgamation of services from M365, there are some core services (such as authentication and Intune) that are not mentioned within the Teams specific section. You *must* make the Common services available to all endpoints, phones included.
3) If you've got a proxy server, enforced by WPAD for instance, you need to make sure that the URLs listed by Microsoft are not subject to a) SSL break/inspection, and b) proxy server authentication. You can use the Get-PacFile script to easily gather all the URLs necessary:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/managing-office-365-endpoints?view=o365-wo...
4) Be careful of Data VLANs vs Voice VLANs. Many customers I've worked with have more stringent configurations in place for Voice VLANs and Teams phones don't work correctly as a result. This could be due to proxy requirements, or firewall restrictions, or even routing restrictions, but in the end do not assume your voice VLANs have the same setup and capabilities as data VLANs.
0 Likes
Reply