thanks for your reply, I have edge server
have I publish from TMG or fortigate should work also?
I opened all ports for external to internal for test , and do the following at fortigate as
test because we didnt configure the TMG for publish we did the following
-
NAT from firewall (x.x.12.245 public IP port 443 to 192.168.100.13 SIP IP at external NIC of Edgeport 4443)
-
(x.x.12.245 public IP port 443 to 192.168.100.13 SIP IP at external NIC of Edgeport 443)
-
(x.x.12.245 public IP port 442 to 192.168.100.14 WC IP at external NIC of Edgeport 443)
-
(x.x.12.245 public IP port 441 to 192.168.100.15 VA IP at external NIC of Edgeport 443)
-
Open all ports
Problems:
-
When tried from mobile cannot access.
-
When tried from laptop write at sign name the account mail, like X.X at domain.ae, then credential username and password required which is local domain\x.x , after 1-2 min the error below appeared
"lync couldn't find a lync server for (ext domain) there might be an issue with DNS configuration for your domain
please contact your support team
We didnt built any rules at TMG, just NAT from Fortigate Firewall to external edge NIC IPs, with all ports opened
Requirements
If you have any documents to publish the lync 2013 to be able to publish AV, WC, and SIP please send to me,
Also need to know should I build 3 rules at TMG to publish lync for SIP, AV and WC, or it is just one rule, and if it will be one rule how
transfer traffic to each edge IP
Also will TMG need certificate? This certificate is the external edge certificate or another certificate?
Is there is anything missing in DNS records?
1-
External DNS records: x.x.12.245 is the public IP
Public DNS
|
Record Type
|
Linked IP
|
Sip. public domain.ae
|
A
|
x.x.12.245
|
Wc. public domain.ae
|
A
|
x.x.12.245
|
Av. public domain.ae
|
A
|
x.x.12.245
|
Lyncdiscover. public domain.ae
|
A
|
x.x.12.245
|
connect. public domain.ae
|
A
|
x.x.12.245
|
Sip
|
SRV (tls,443)
|
Sip. public domain.ae
|
2-
Internal DNS, they have 2 forward Zones( domain.local, public domain.ae)
-
domain.local (10.0.30.37 lyncFE01.domain. local) , (10.0.30.43 is lyncFE02.domain.local)
Internal DNS
|
Record Type
|
Linked IP
|
lyncfe01.domain.local
|
A
|
10.0.30.37
|
Meet.domain.local
|
A
|
10.0.30.37
|
Dialin.domain.local
|
A
|
10.0.30.37
|
Admin.domain.local
|
A
|
10.0.30.37
|
_sipinternaltls
|
SRV (_tcp, port 5061, priority 0)
|
lyncFE01.domain.local
|
Lyncdiscoverinternal.domain.local
|
A
|
10.0.30.37
|
lyncfe02.domain.local
|
A
|
10.0.30.43
|
_sipinternaltls
|
SRV (_tcp, port 5061, priority 10)
|
10.0.30.43
|
-
public domain.ae
DNS
|
Record
|
Linked IP
|
Sip. public domain.ae
|
A
|
10.0.30.37
|
Lyncdiscover. public domain.ae
|
A
|
10.0.30.37
|
ofcourse I
Enabled remote and public access from security at lync control
if you have email send to me and I will send you file have the whole data and digram
-
Edited by
hany_saleh
Friday, February 06, 2015 4:38 PM