SBC and SBA guide ports

Contents

Summary

Lync required a wide varity of port to be open. This article contains a list of all the port required by the SBA. this allow to ensure all the other port are protected.

Find the ports

Some of the port are dynamically assign on your Lync environment or can be change:

  • Port of your Front-End pool SQL Instance.
  • Port of your Monitoring pool SQL Instance.
  • Port of your Archiving pool SQL Instance.
  • Port of your RPC service use to modify your Active directory rights.
    • Default: TCP 49152–65535
  • Port of your Certificate Authority service use to auto-submit your certificate.
    • Default: TCP 49152–65535:
  • Port of the SBA media audio range
    • Default: UDP 49152-57500
    • Determine it here: Get-CsService -MediationServer, Get-CsService -ApplicationServer, Get-CsService -ConferencingServer
  • Port of the SBA media video range
    • Default: UDP 57501-65535
    • Determine it here: Get-CsService -MediationServer, Get-CsService -ApplicationServer, Get-CsService -ConferencingServer
  • Port of the SBC media range
    • Default: UDP 16384-17584
    • Determine it: WebUI / Settings / Media System Configuration

ASM and Administrator Computer

Side Name Protocol Port Description
A <- AC Remote Desktop TCP 3389

ASM and SBC

This is an internal connection inside the Sonus SBC 1k/2k, you need to configure this only if you are using the ASM Windows Firewall or SBC ACL. This won’t be needed on an external firewall. SBC ACL can’t be used to protect ASM on SBC1000.

Side Prot. Port Description
A <-> S UDP 30000 SbcComms used to Send Request/Response for action.
A <-> S UDP 30001 SbcComms used to Send Network Discovery for ASM.
A <-  S UDP 111 Portmap used to File share between ASM and Sonus SBC.
A <-  S TCP 111 Portmap used to File share between ASM and Sonus SBC.
A <-  S UDP 1048 Mount used to File share between ASM and Sonus SBC.
A <-  S UDP 2049 NFS used to File share between ASM and Sonus SBC.
A  -> S UDP 514 Syslog used to Send the logs from ASM into Sonus SBC Logs.
A <-> S TCP 5067 Used for incoming SIP requests from the PSTN gateway to the Mediation Server.
A  -> S UDP 16384-17584 Audio port range
A <-  S UDP 49152-57500 Audio port range

ASM and DC

Side Prot. Port Description
A -> D TCP 88 Kerberos authentication.
A -> D UDP 123 Synchronize time with the domain.
A -> D TCP 135 RPC endpoint mapper Client to domain controller operations.
A -> D TCP 389 LDAP to handle normal queries from client computers to the domain controllers.
A -> D UDP 389 LDAP ping to handle normal queries from client computers to the domain controllers.
A -> D TCP 445 Microsoft-DS Active Directory for File Replication Service.
A -> D TCP 3268 Global Catalog from client to domain controller.
A -> D TCP 49152-65535 RPC Dynamic Ports in Windows Server 2008
A -> D TCP 49152-65535 Allow to auto-submit the certificate request to the DC.

ASM and DNS

Side Prot. Port Description
A -> D UDP 53 Resolve FQDN and IP address.
A -> D TCP 53 Resolve FQDN and IP address.

ASM and SQL Back End

Side Prot. Port Description
A -> B UDP 1434 SQL Browser for local replicated copy of Central Management store data in local SQL Server instance.
A -> B TCP 49152–65535 Unique port used by the SQL instance that host the Main Database (Change for each instance).
A -> B TCP 49152–65535 Unique port used by the SQL instance that host the Monitoring Database (Change for each instance).

ASM and Front End

Side Prot. Port Description
A <-> F TCP 444 Used for HTTPS communication between the Focus (the Lync Server component that manages conference state) and the individual servers. This port is also used for TCP communication between Survivable Branch Appliances and Front End Servers.
A <-> F TCP 5061 Used by Standard Edition servers and Front End pools for all internal SIP com. between servers (MTLS) for SIP communications between Server and Client (TLS) and for SIP communications between Front End Servers and Mediation Servers (MTLS). Also used for communications with Monitoring Server.
A->F TCP 448 Used for call admission control by the Lync Server Bandwidth Policy Service.

ASM and CMS Master

Side Prot. Port Description
A <- F TCP 445 Status update and action in Lync Control Panel

ASM and Client

Side Prot. Port Description
A  <-> C TCP 5061 SIP TLS Signaling
A <-> C UDP 49152-57500 Media Audio port range
A <-> C UDP 57501-65535 Media Video port range

ASM and Exchange UM

Side Prot. Port Description
A <-> EU TCP 5061 SIP Signaling for connection
A <-> EU TCP 5075 SIP Signaling for presence and IM

ASM and EDGE

Side Prot. Port Description
A  -> E TCP 5062 SIP connection for requesting MRAS credential.

Identify Common Failures

Failure that concerned SbcComms

Operational Status show the ASM Unavailable

Open UDP 30000 from SBA to SBC and SBC to SBA.

ASM logs doesn’t show up into SBC logs

Open UDP 514 port from SBA to SBC.

ASM System Details doesn’t show up into the WebUI

Open UDP 111, 1048 and 2049, as well as TCP 111, from SBA to SBC.


Can’t connect using Remote Desktop

Open TCP 3389 from Administrator Computer to SBC


SBA can’t join the domaine

The specified domain either does not exist or could not be contacted

Open UDP 53 from SBA to DNS Server and TCP 389, 3268 as well as UDP 389 from SBA to the Domain controller

The network path was not found

Open TCP 135 and 445 from SBA to the Domain Controller

Can’t connect using Remote Desktop

Open TCP 53, 88 as well as UDP 123 from SBA to the Domain Controller


SBA can’t start the replication

Cannot read topology. Verify that the topology data is accessible

Open UDP 1434 as well as the TCP port of your SQL instance from SBA to Sql Back End. TCP port of your SQL instance should be TCP 1433 or a random port pickup during instance installation.

 

An error occurred when attempting to add “RTCUniversalConfigReplicator” to “RTC Local Config Replicator”.

Open TCP 49156 from SBA to Domain Controller.

SBA can’t get a certificate

Certificate operation failed. For details, see: […]  Verify that your user account has administrative privileges, and that you selected “Run as administrator” when you started Windows PowerShell.

Open TCP 49211 from SBA to Domain Controller.

SBA is running with some issues

SBA can’t connect the CDR database in the Back-End

Open TCP 60531 from SBA to SQL Back-End.

A Data Collection CDR adaptor was either unable to obtain the database version, or a database version mismatch was detected. The adaptor will continue to try and reconnect to the back-end.
Adaptor: CDR Adaptor
Connection String: Data Source         = be-sql2.ux2013.com\rtc2013reports;
                Database            = LcsCDR;
                Max Pool Size       = 5;
                Connection Timeout  = 60;
                Connection Reset    = false;
                Enlist              = false;
                Integrated Security = true;
                Pooling             = true;
Expected Schema Version: 39
Expected Sproc Version: 82
Actual Schema Version: 
Actual Sproc Version:
Cause: This typically occurs due to an installation error
Resolution:
Verify the back-end is up and this Lync Server has connectivity to it. Verify that both Lync Server and the back-end were installed or modified by the same installation package.

Mediation Server can’t contact the main pool

Open TCP 5061 from SBA to Front-End and reverse traffic.

The Mediation Server service has encountered a major connectivity problem with the Front End.
Front End FQDN: CSPOOL2013.UX2013.COM
Cause: MEDIATIONSERVER_PROXY_OPTIONS_FAILED (Event ID: 25053) was recorded 5 times.  Check other MOM alerts for more details. The MEDIATIONSERVER_PROXY_IP_NOT_AVAILABLE (Event ID: 25072), MEDIATIONSERVER_PROXY_TLS_NEGOTIATION_FAILED (Event ID: 25071) are examples of events that signal connectivity error conditions with the Trunk peer.
Resolution:
If the failure is MEDIATIONSERVER_PROXY_IP_NOT_AVAILABLE (Event ID: 25072), make sure that the correct listening IP and port for the Front End have been configured in the PSTN Trunk object in management store and that the Trunk is up and running and able to accept incoming connections from the Mediation Server.  If the failure is MEDIATIONSERVER_PROXY_TLS_NEGOTIATION_FAILED (Event ID: 25071), make sure that both the Mediation Server and the Front End are configured for TLS and that the CA for the Trunk's certificate is the trusted certificate path on the Mediation Server and the CA for the Mediation Server's certificate is in the trusted certificate path on the Front End.

Blocked 444 with Front-End

Open TCP 444 from SBA to Front-End and reverse traffic.

Sending HTTP request failed. Server functionality will be affected if messages are failing consistently.
Sending the message to https://CSPOOL2013.UX2013.COM:444/LiveServer/Focus failed. IP Address is 134.56.227.35. Error code is 2EFD. Content-Type is application/presence-heartbeat+xml. Http Error Code is 0.
Cause: Network connectivity issues or an incorrectly configured certificate on the destination server. Check the eventlog description for more information.
Resolution:
Check the destination server to see that it is listening on the same URI and it has certificate configured for MTLS. Other reasons might be network connectivity issues between the two servers.

SBC signaling group is down

Open TCP 5067 from SBA to SBC and reverse traffic.

Service status as Retrieving into Lync Control Panel

Open TCP 445 from Front-End to SBA

Lync Client have issue when connected on SBA

Lync Client can’t connect the SBA

Open TCP 5061 from SBA to Lync Client and reverse traffic.

Lync client emit call that does not connect

Open TCP 5350-5390 from SBA to Lync Client and reverse traffic.

Lync SBA does not route the call to the Lync client

Open TCP 448 from SBA to Lync Front End

Missing Audio From Lync Client to SBC user

Open UDP 16384-17584 from SBA to SBC

Missing Audio From SBC user to Lync Client

Open UDP 49152-57500 from SBA to Lync Client

Missing Video From HQ Lync User to SBA Lync Client

Open UDP 57501-65535 from SBA to Lync Client

Missing Video From SBA Lync Client to HQ Lync User

Open UDP 57501-65535 from Lync Client to SBA

Lync User attach to the SBA pool have issue when connected by Office Web Access

Lync User can’t log-in by Office Web Access

Open TCP 5061 from Exchange Client Server to SBA

Lync User can’t send IM when log-in by Office Web Access

Open TCP 5061 from Exchange Client Server to SBA

Lync User can’t have his presence or can’t receive IM when log-in by Office Web Access

Open TCP 5075 from SBA to Exchange Client Server and the revers traffic

Lync User attach to the SBA pool have issue when connected externally

Lync client is in Limited External Calling

Open TCP 5062 from SBA to Edge Server

 

Configure Windows Firewall


netsh advfirewall set allprofiles state on
netsh advfirewall set allprofiles firewallpolicy "blockinbound,blockoutbound"
netsh advfirewall set allprofiles logging filename "%SystemRoot%\System32\LogFiles\Firewall\pfirewall.log"
netsh advfirewall set allprofiles logging allowedconnections enable
netsh advfirewall set allprofiles logging droppedconnections enable
netsh advfirewall firewall delete rule dir=out name=all
netsh advfirewall firewall delete rule dir=in name=all

$IpAsm = "192.168.123.54"
$IpSbc = "192.168.123.53"
$IpDc = "192.168.123.101"
$DynPortAdMin = 49152
$DynPortAdMax = 65535
$DynPortCaMin = 49152
$DynPortCaMax = 65535
$IpDns = "192.168.123.101"
$IpBes = "192.168.123.110"
$DynPortDbMin = 62159
$DynPortDbMax = 62159
$DynPortDbMonMin = 62402
$DynPortDbMonMax = 62402
$IpFes = "192.168.123.115"
$IpCmsMaster = "192.168.123.115"
$IpClient = "192.168.123.99"
$IpExchange = "192.168.123.125"
$IpEdge = "192.168.123.135"

netsh advfirewall firewall add rule name="Sonus_NetworkConfig_SbcCommsND" dir=in action=allow localip=169.254.10.2 remoteip=255.255.255.255 protocol=UDP localport=30001 remoteport=30001
netsh advfirewall firewall add rule name="Sonus_NetworkConfig_SbcComms" dir=in action=allow localip=$IpAsm remoteip=$IpSbc protocol=UDP localport=30000 remoteport=*
netsh advfirewall firewall add rule name="Sonus_NetworkConfig_SbcComms" dir=out action=allow localip=$IpAsm remoteip=$IpSbc protocol=UDP remoteport=30000 localport=*
netsh advfirewall firewall add rule name="Sonus_NetworkConfig_Portmap" dir=in action=allow localip=$IpAsm remoteip=$IpSbc protocol=UDP localport=111 remoteport=*
netsh advfirewall firewall add rule name="Sonus_NetworkConfig_Portmap" dir=in action=allow localip=$IpAsm remoteip=$IpSbc protocol=TCP localport=111 remoteport=*
netsh advfirewall firewall add rule name="Sonus_NetworkConfig_Mount" dir=in action=allow localip=$IpAsm remoteip=$IpSbc protocol=UDP localport=1048 remoteport=*
netsh advfirewall firewall add rule name="Sonus_NetworkConfig_NFS" dir=in action=allow localip=$IpAsm remoteip=$IpSbc protocol=UDP localport=2049 remoteport=*
netsh advfirewall firewall add rule name="Sonus_NetworkConfig_Syslog" dir=out action=allow localip=$IpAsm remoteip=$IpSbc protocol=UDP remoteport=514 localport=*
netsh advfirewall firewall add rule name="Sonus_Access_RemoteDesktop" dir=in action=allow localip=$IpAsm remoteip=* protocol=TCP localport=3389 remoteport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_KERBEROS" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=TCP remoteport=88 localport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_NTP" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=UDP remoteport=123 localport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_Microsoft EPMAP End Point Mapper" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=TCP remoteport=135 localport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_LDAP" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=TCP remoteport=389 localport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_LDAP" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=UDP remoteport=389 localport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_Microsoft-DS Active Directory" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=TCP remoteport=445 localport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_DAP" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=TCP remoteport=3268 localport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_DNSUDP" dir=out action=allow localip=$IpAsm remoteip=$IpDns protocol=UDP remoteport=53 localport=*
netsh advfirewall firewall add rule name="Sonus_JoinDomain_DNSTCP" dir=out action=allow localip=$IpAsm remoteip=$IpDns protocol=TCP remoteport=53 localport=*
netsh advfirewall firewall add rule name="Sonus_StartReplication_SQL" dir=out action=allow localip=$IpAsm remoteip=$IpBes protocol=UDP remoteport=1434 localport=*
netsh advfirewall firewall add rule name="Sonus_StartReplication_DynSqlTcpPort" dir=out action=allow localip=$IpAsm remoteip=$IpBes protocol=TCP remoteport=$DynPortDbMin localport=*
netsh advfirewall firewall add rule name="Sonus_StartReplication_DynAdTcpPort" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=TCP remoteport=$DynPortAdMin localport=*
netsh advfirewall firewall add rule name="Sonus_RequestCertificate_DynCaTcpPort" dir=out action=allow localip=$IpAsm remoteip=$IpDc protocol=TCP remoteport=$DynPortCaMin localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_5067" dir=in action=allow localip=$IpAsm remoteip=$IpSbc protocol=TCP localport=5067 remoteport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_5067" dir=out action=allow localip=$IpAsm remoteip=$IpSbc protocol=TCP remoteport=5067 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_SBC_Media" dir=out action=allow localip=$IpAsm remoteip=$IpSbc protocol=UDP remoteport=16384 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_DynSqlMonTcpPort" dir=out action=allow localip=$IpAsm remoteip=$IpBes protocol=TCP remoteport=$DynPortDbMonMin localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_444" dir=in action=allow localip=$IpAsm remoteip=$IpFes protocol=TCP localport=444 remoteport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_5061" dir=in action=allow localip=$IpAsm remoteip=$IpFes protocol=TCP localport=5061 remoteport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_444" dir=out action=allow localip=$IpAsm remoteip=$IpFes protocol=TCP remoteport=444 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_5061" dir=out action=allow localip=$IpAsm remoteip=$IpFes protocol=TCP remoteport=5061 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_448" dir=out action=allow localip=$IpAsm remoteip=$IpFes protocol=TCP remoteport=448 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_CSCP" dir=in action=allow localip=$IpAsm remoteip=$IpCmsMaster protocol=TCP localport=135 remoteport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_Client_Signaling" dir=in action=allow localip=$IpAsm remoteip=$IpClient protocol=TCP remoteport=* localport=5061
netsh advfirewall firewall add rule name="Sonus_LyncRunning_Client_Signaling" dir=out action=allow localip=$IpAsm remoteip=$IpClient protocol=TCP remoteport=5061 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_Client_Media_Audio" dir=in action=allow localip=$IpAsm remoteip=$IpClient protocol=UDP remoteport=* localport=49152
netsh advfirewall firewall add rule name="Sonus_LyncRunning_Client_Media_Audio" dir=out action=allow localip=$IpAsm remoteip=$IpClient protocol=UDP remoteport=49152 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_Client_Media_Video" dir=in action=allow localip=$IpAsm remoteip=$IpClient protocol=UDP remoteport=* localport=57501
netsh advfirewall firewall add rule name="Sonus_LyncRunning_Client_Media_Video" dir=out action=allow localip=$IpAsm remoteip=$IpClient protocol=UDP remoteport=57501 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_ExOwa_SignIn" dir=in action=allow localip=$IpAsm remoteip=$IpExchange protocol=TCP remoteport=* localport=5061
netsh advfirewall firewall add rule name="Sonus_LyncRunning_ExOwa_SignIn" dir=out action=allow localip=$IpAsm remoteip=$IpExchange protocol=TCP remoteport=5061 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_ExOwa_IM" dir=out action=allow localip=$IpAsm remoteip=$IpExchange protocol=TCP remoteport=5075 localport=*
netsh advfirewall firewall add rule name="Sonus_LyncRunning_ExOwa_IM" dir=in action=allow localip=$IpAsm remoteip=$IpExchange protocol=TCP remoteport=* localport=5075
netsh advfirewall firewall add rule name="Sonus_LyncRunning_Client_External_Auth" dir=out action=allow localip=$IpAsm remoteip=$IpEdge protocol=TCP remoteport=5062 localport=*

REST ACL on SBC2000

You will need to log into the SBA first, please refer to this post: Using Powershell 3.0 and REST to access Sonus SBC1000/2000

$IpAsm = "192.168.123.54"
$IpSbc = "192.168.123.53"
$IpDc = "192.168.123.101"
$DynPortAdMin = 49152
$DynPortAdMax = 65535
$DynPortCaMin = 49152
$DynPortCaMax = 65535
$IpDns = "192.168.123.101"
$IpBes = "192.168.123.110"
$DynPortDbMin = 62159
$DynPortDbMax = 62159
$DynPortDbMonMin = 62402
$DynPortDbMonMax = 62402
$IpFes = "192.168.123.115"
$IpCmsMaster = "192.168.123.115"
$IpClient = "192.168.123.99"
$IpExchange = "192.168.123.125"
$IpEdge = "192.168.123.135"

$url = "https://$IpSbc/rest/acltable/1"
Invoke-RestMethod -Uri $url -Method PUT -Body "Description=ProtectEthInbound" -WebSession $ps
$url = "https://$IpSbc/rest/acltable/2"
Invoke-RestMethod -Uri $url -Method PUT -Body "Description=ProtectAsmOutbound" -WebSession $ps

$BodyValue = “Description=Sonus_NetworkConfig_SbcCommsND Out&aclAction=0”
$BodyValue += “&destIPAddr=255.255.255.255&destIPAddrMask=255.255.255.255&srcIPAddr=169.254.10.2&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=30001&aclMaxDstPort=30001&aclMinSrcPort=30001&aclMaxSrcPort=30001”
$url = “https://$IpSbc/rest/acltable/2/aclrule/1”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_NetworkConfig_SbcComms Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=30000&aclMaxSrcPort=30000”
$url = “https://$IpSbc/rest/acltable/2/aclrule/2”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_NetworkConfig_SbcComms Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=30000&aclMaxDstPort=30000&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/3”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_NetworkConfig_Portmap Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=111&aclMaxSrcPort=111”
$url = “https://$IpSbc/rest/acltable/2/aclrule/4”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_NetworkConfig_Portmap Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=111&aclMaxSrcPort=111”
$url = “https://$IpSbc/rest/acltable/2/aclrule/5”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_NetworkConfig_Mount Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=1048&aclMaxSrcPort=1048”
$url = “https://$IpSbc/rest/acltable/2/aclrule/6”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_NetworkConfig_NFS Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=2049&aclMaxSrcPort=2049”
$url = “https://$IpSbc/rest/acltable/2/aclrule/7”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_NetworkConfig_Syslog Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=514&aclMaxDstPort=514&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/8”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_Access_RemoteDesktop In&aclAction=0”
$BodyValue += “&srcIPAddr=0.0.0.0&srcIPAddrMask=0.0.0.0&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=3389&aclMaxDstPort=3389”
$url = “https://$IpSbc/rest/acltable/1/aclrule/1”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_Access_RemoteDesktop Out&aclAction=0”
$BodyValue += “&destIPAddr=0.0.0.0&destIPAddrMask=0.0.0.0&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=3389&aclMaxSrcPort=3389”
$url = “https://$IpSbc/rest/acltable/2/aclrule/9”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_KERBEROS Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=88&aclMaxDstPort=88&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/10”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_KERBEROS In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=88&aclMaxSrcPort=88&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/2”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_NTP Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=123&aclMaxDstPort=123&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/11”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_NTP In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=123&aclMaxSrcPort=123&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/3”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_Microsoft Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=135&aclMaxDstPort=135&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/12”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_Microsoft In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=135&aclMaxSrcPort=135&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/4”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_LDAP Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=389&aclMaxDstPort=389&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/13”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_LDAP In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=389&aclMaxSrcPort=389&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/5”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_LDAP Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=389&aclMaxDstPort=389&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/14”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_LDAP In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=389&aclMaxSrcPort=389&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/6”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_Microsoft-DS Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=445&aclMaxDstPort=445&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/15”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_Microsoft-DS In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=445&aclMaxSrcPort=445&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/7”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_DAP Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=3268&aclMaxDstPort=3268&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/16”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_DAP In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=3268&aclMaxSrcPort=3268&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/8”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_DNSUDP Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDns&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=53&aclMaxDstPort=53&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/17”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_DNSUDP In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDns&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=53&aclMaxSrcPort=53&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/9”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_DNSTCP Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDns&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=53&aclMaxDstPort=53&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/18”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_JoinDomain_DNSTCP In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDns&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=53&aclMaxSrcPort=53&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/10”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_StartReplication_SQL Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpBes&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=1434&aclMaxDstPort=1434&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/19”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_StartReplication_SQL In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpBes&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=1434&aclMaxSrcPort=1434&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/11”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_StartReplication_DynSqlTcpPort Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpBes&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=$DynPortDbMin&aclMaxDstPort=$DynPortDbMax&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/20”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_StartReplication_DynSqlTcpPort In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpBes&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=$DynPortDbMin&aclMaxSrcPort=$DynPortDbMax&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/12”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_StartReplication_DynAdTcpPort Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=$DynPortAdMin&aclMaxDstPort=$DynPortAdMax&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/21”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_StartReplication_DynAdTcpPort In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=$DynPortAdMin&aclMaxSrcPort=$DynPortAdMax&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/13”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_RequestCertificate_DynCaTcpPort Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpDc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=$DynPortCaMin&aclMaxDstPort=$DynPortCaMax&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/22”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_RequestCertificate_DynCaTcpPort In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpDc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=$DynPortCaMin&aclMaxSrcPort=$DynPortCaMax&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/14”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_5067 In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpSbc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=5067&aclMaxDstPort=5067”
$url = “https://$IpSbc/rest/acltable/1/aclrule/15”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_5067 Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=5067&aclMaxSrcPort=5067”
$url = “https://$IpSbc/rest/acltable/2/aclrule/23”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_5067 Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=5067&aclMaxDstPort=5067&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/24”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_5067 In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpSbc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=5067&aclMaxSrcPort=5067&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/16”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_SBC_Media Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpSbc&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=16384&aclMaxDstPort=17584&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/25”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_SBC_Media In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpSbc&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=16384&aclMaxSrcPort=17584&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/17”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_DynSqlMonTcpPort Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpBes&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=$DynPortDbMonMin&aclMaxDstPort=$DynPortDbMonMax&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/26”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_DynSqlMonTcpPort In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpBes&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=$DynPortDbMonMin&aclMaxSrcPort=$DynPortDbMonMax&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/18”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_444 In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpFes&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=444&aclMaxDstPort=444”
$url = “https://$IpSbc/rest/acltable/1/aclrule/19”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_444 Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpFes&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=444&aclMaxSrcPort=444”
$url = “https://$IpSbc/rest/acltable/2/aclrule/27”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_5061 In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpFes&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=5061&aclMaxDstPort=5061”
$url = “https://$IpSbc/rest/acltable/1/aclrule/20”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_5061 Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpFes&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=5061&aclMaxSrcPort=5061”
$url = “https://$IpSbc/rest/acltable/2/aclrule/28”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_444 Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpFes&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=444&aclMaxDstPort=444&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/29”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_444 In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpFes&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=444&aclMaxSrcPort=444&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/21”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_5061 Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpFes&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=5061&aclMaxDstPort=5061&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/30”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_5061 In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpFes&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=5061&aclMaxSrcPort=5061&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/22”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_448 Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpFes&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=448&aclMaxDstPort=448&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/31”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_448 In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpFes&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=448&aclMaxSrcPort=448&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/23”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_CSCP In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpCmsMaster&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=135&aclMaxDstPort=135”
$url = “https://$IpSbc/rest/acltable/1/aclrule/24”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_CSCP Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpCmsMaster&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=135&aclMaxSrcPort=135”
$url = “https://$IpSbc/rest/acltable/2/aclrule/32”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Signaling In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpClient&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=5061&aclMaxDstPort=5061”
$url = “https://$IpSbc/rest/acltable/1/aclrule/25”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Signaling Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpClient&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=5061&aclMaxSrcPort=5061”
$url = “https://$IpSbc/rest/acltable/2/aclrule/33”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Signaling Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpClient&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=5061&aclMaxDstPort=5061&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/34”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Signaling In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpClient&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=5061&aclMaxSrcPort=5061&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/26”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Media_Audio In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpClient&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=49152&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/27”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Media_Audio Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpClient&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=49152&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/35”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Media_Audio Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpClient&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=49152&aclMaxDstPort=65535&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/36”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Media_Audio In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpClient&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=49152&aclMaxSrcPort=65535&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/28”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Media_Video In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpClient&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=57501&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/29”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Media_Video Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpClient&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=57501&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/37”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Media_Video Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpClient&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinDstPort=57501&aclMaxDstPort=65535&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/38”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_Media_Video In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpClient&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=17&aclMinSrcPort=57501&aclMaxSrcPort=65535&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/30”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_ExOwa_SignIn In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpExchange&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=5061&aclMaxDstPort=5061”
$url = “https://$IpSbc/rest/acltable/1/aclrule/31”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_ExOwa_SignIn Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpExchange&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=5061&aclMaxSrcPort=5061”
$url = “https://$IpSbc/rest/acltable/2/aclrule/39”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_ExOwa_SignIn Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpExchange&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=5061&aclMaxDstPort=5061&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/40”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_ExOwa_SignIn In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpExchange&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=5061&aclMaxSrcPort=5061&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/32”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_ExOwa_IM Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpExchange&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=5075&aclMaxDstPort=5075&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/41”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_ExOwa_IM In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpExchange&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=5075&aclMaxSrcPort=5075&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/33”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_ExOwa_IM In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpExchange&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=5075&aclMaxDstPort=5075”
$url = “https://$IpSbc/rest/acltable/1/aclrule/34”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_ExOwa_IM Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpExchange&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=0&aclMaxDstPort=65535&aclMinSrcPort=5075&aclMaxSrcPort=5075”
$url = “https://$IpSbc/rest/acltable/2/aclrule/42”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_External_Auth Out&aclAction=0”
$BodyValue += “&destIPAddr=$IpEdge&destIPAddrMask=255.255.255.255&srcIPAddr=$IpAsm&srcIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinDstPort=5062&aclMaxDstPort=5062&aclMinSrcPort=0&aclMaxSrcPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/43”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_LyncRunning_Client_External_Auth In&aclAction=0”
$BodyValue += “&srcIPAddr=$IpEdge&srcIPAddrMask=255.255.255.255&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=6&aclMinSrcPort=5062&aclMaxSrcPort=5062&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/35”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

$BodyValue = “Description=Sonus_Block All In&aclAction=1”
$BodyValue += “&srcIPAddr=0.0.0.0&srcIPAddrMask=0.0.0.0&destIPAddr=$IpAsm&destIPAddrMask=255.255.255.255”
$BodyValue += “&aclProtocol=256&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/1/aclrule/100”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps
$BodyValue = “Description=Sonus_Block All Out&aclAction=1”
$BodyValue += “&srcIPAddr=0.0.0.0&srcIPAddrMask=0.0.0.0&destIPAddr=0.0.0.0&destIPAddrMask=0.0.0.0”
$BodyValue += “&aclProtocol=256&aclMinSrcPort=0&aclMaxSrcPort=65535&aclMinDstPort=0&aclMaxDstPort=65535”
$url = “https://$IpSbc/rest/acltable/2/aclrule/100”
Invoke-RestMethod -Uri $url -Method PUT -Body $BodyValue -WebSession $ps

 

Improvement Required

  1. Port used by Lync centralized Logging (5000x)
  2. Port used during mobility (5088)
  3. Slow replication (135,139 F-> A)

 

Leave a Reply

Your email address will not be published. Required fields are marked *