26/04/2014

Lync 2013 more about Checkpoint

Note to my self...........


For a customer I had a huge struggle with Checkpoint. I don't know if it's me or what it is :-)
We had this administrator network to reach all the servers, and for this network they had internaly open all the traffic for ANY/ANY since it was only the IT-Department running on this network.

When connecting to Lync2013 from this network it failed.
WHY???? since we had opened it for ANY/ANY.
Well ANY/ANY is not any/any in Checkpoint it's almost any/alomost any :-). When Lync Client connect on SSL, the Checkpoint strip this traffic and you are not able to logon the Lync Client from this network.

Why the Checkpoint does this I don't know. We had to add TCP 5061 in front of the ANY/ANY rule and then it work.

Happy Checkpointing and Lync 2013 out there.

17/04/2014

Lync2013 and CheckPoint Firewall...


I have noticed something strange when it comes to the customers using Checkpoint Firewall. What we found out was that if we used the default rules in Checkpoint for traffic on Port 5061, well then it stripped out the SSL traffic and send the rest as normal traffic.




Why Checkpoint strip down the traffic I don’t know. To solve this we had to create normal TCP 5061 rules for this type of traffic.


 

For my customer we had involved Microsoft Premier Support, have been checking the Lync 2013 deployment up and down, checked the certificates, analysed network, server, clients and it all. The whole time it was the CheckPoint FW who stopped us and we could not see it J