Configure firewalls

When using the RealTime Optimization Pack, the RealTime Media Engine runs on the user device. The RealTime Media Engine performs signaling and media transmission. There is an easy way to understand which ports are used by the RealTime Media Engine for supporting external users. Equate running the RealTime Media Engine with running the Microsoft Skype for Business client locally on the user device. The difference is Citrix Virtual Apps and Desktops host the UI and business logic layers. Understanding that the media engine is running on the remote endpoint clarifies the port requirements.

External users outside of the corporate firewall connect to the Skype for Business Edge Server or Lync Edge Server. The Edge Server is a component of Skype for Business or Lync Server infrastructure. Install it on a dual-homed server in the DMZ having connections to both the internet and to the intranet. For more information, see https://support.citrix.com/article/CTX201116,https://technet.microsoft.com/en-us/library/mt346415.aspx, and https://technet.microsoft.com/EN-US/library/mt346416.aspx.

To find the Lync Edge Server, the RealTime Media Engine follows the same procedures as the Skype for Business client. See “How Skype for Business Clients Locate Services” at https://technet.microsoft.com/en-us/library/dn951397.aspx.

Internal users inside the corporate firewall connect directly to the Lync Server that runs inside the firewall. They also communicate point-to-point among other Lync clients during calls. For internal firewalls, ensure that the proper ports are open to connect to the Lync Server and to transmit and receive media during calls. The port requirements are listed at: https://technet.microsoft.com/EN-US/library/gg398833.aspx.

Configure firewalls

In this article