Danny Jung

Best Practice: Skype for Business (Lync) with(out) QoS

Discussion created by Danny Jung Champion on Apr 18, 2018
Latest reply on Aug 2, 2018 by Darius Manabat

Let's discuss!


When end users consider to use Skype for Business they are interested to know how to prepare their firewall in order to get the best possible performance and quality of the audio/video signals. End users demand an uninterrupted conferencing experience.


QoS - Required or just an option?


Whenever talking about Video Conferencing we need to talk about QoS in order to implement Low Latency Queueing mechanisms. Microsoft provides a dedicated QoS validation service for Skype for Business. At the end it's all about DSCP (Differentiated Services).


Activating QoS on Check Point comes with a lot of public limitations.

Having the need to perform QoS within VPN packets brings up more topics to discuss.

Working with CoreXL / SecureXL and QoS at the same time required proper planning.

Enabling SMT (HyperThreading) might be unsupported.


Other threads show, that QoS and VoIP is not an easy thing to set up and manage.


QoS - Starting without it?


Interestingly Check Point seems to feature priority handling for various types of packets right out of the box without having to enable QoS. Maybe this is why so few Check Point end users need to activate QoS?


That would allow implementing Skype for Business without QoS on oversized Check Point Appliances simply by optimizing the Firewall & Application Control Policies in order to have it processed without adding too much delay. Does anyone of you actually have experience with this?


QoS - Waiting for R80.x?


As Hugo van der Kooij mentioned in the other thread, QoS with R80.x provides new opportunities. In a new Check Point environment, would you go for R80.10 and leave other limitations aside (missing SmartWorkflow etc.) in order to be able to better prioritize Skype via QoS? Note: R80.10 introduced MultiCore Support for IPsec VPN.


HTTPS Inspection - Required in order to work with Skype for Business ?


IPS - Protecting Skype for Business


Check Point offers various IPS protections regarding Skype for Business. Activating these protections means putting more latency on the Skype traffic. Again, it is connectivity vs. security.


Please respond with your real life experience in regards to Skype for Business and the demand for QoS. Thanks!