Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Adam_Hutcheson
Participant

Skype 5061 - Not working

We are running Gaia 75.40, and trying to get Skype for Business going.  This is an on premise installation, with one Front End Server, and one Edge.

We cannot seem to get Federation working, which from what I understand requires port 5061.  We have created an object for Port 5061 (TCP) with nothing in the Protocol Type.  However every time we run the MS Analyzer, the test fails as the SSL Negotiation:

Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 756 ms.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.smdhu.org on port 5061.
 The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
 
Additional Details
 
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 728 ms.

If I test this using Port 443, everything works fine (but that does not help me).

I have been banging my head against this for a while.  

4 Replies
HeikoAnkenbrand
Champion Champion
Champion

R75.40 is out off support:-)

See VoIP Issue and SMB Appliance (600/1000/1200/1400)  

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Danny
Champion Champion
Champion

Regarding Check Point's Support Lifecycle Policy R75.40 is out of support since April 2016. You might want to upgrade to a supported version first.

However, sk114018 'Unable to connect to Skype application using port 5061 with pre-defined TCP service' describes what to do. If that doesn't work, contact Check Point support and open a service request once you updated to a supported version.

Adam_Hutcheson
Participant

It turns out there was a different problem.  TLS over 5061 was not working - nor should it be in my case.  Our TLS traffic actually goes over 443 for Skype, as we have a 3 IP setup.  The documentation I was using, had it mixed up, so I was chasing in the wrong spot.  It was actually the Skype FE that was dropping the traffic, not the firewall.

REE: Upgrade - Yes we are aware of that.  Project for later this Year to upgrade to latest stable version.  

HeikoAnkenbrand
Champion Champion
Champion

You have no support for this firewall version. So I would update the system first.

R77.30 with JHF 302 or  R80.10 with JHF 91 is very stable.

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events