How to properly open up a port range for ANY machine on a lan?

Started by kitsuna, April 30, 2025, 06:32:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 30, 2025, 06:32:10 PM
I am attempting to make sure that Teams has the best performance it can in our network. Microsoft lists the ports used by teams for calls and video, naturally i cant just forward this to a single machine. I assume what i want here is a SNAT rule to make the outbound ports static similar to gaming consoles like the switch. However i am not entirely sure how to do this for the entire lan rather than just a particular machine. Can i just set the source as the lan subnet address and the destination as the wan? or am i thinking about this wrong entirely?

I do already have traffic shaping and priority queues setup so this is probably overkill or useless at best but its useful information regardless to know how to do this.
April 30, 2025, 08:27:10 PM #1
If Teams worked like that, it would not function in any decent enterprise environment where you cannot open incoming ports at all.

I assume any listed ports are just needed in outbound direction, so if you enable full internet access for your clients, you should be all set.
If you only want Teams and nothing else, you could limit access to the listed Teams ports, but outbound, not inbound.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
April 30, 2025, 10:20:29 PM #2
Quote from: meyergru on April 30, 2025, 08:27:10 PMIf Teams worked like that, it would not function in any decent enterprise environment where you cannot open incoming ports at all.

I assume any listed ports are just needed in outbound direction, so if you enable full internet access for your clients, you should be all set.
If you only want Teams and nothing else, you could limit access to the listed Teams ports, but outbound, not inbound.

i worded the topic poorly, I was talking about NAT experience similar to gaming consoles, like the example i gave for the nintendo switch. Even if you port forward it will give you a poor NAT score if you do not enable a SNAT rule to make the outbound ports static. I was looking to do something similar for teams just to make sure its got the best possible connection experience. However i only know how to do that for an individual device, i am not sure how or if its possible to do it for a whole network. I would assume it should be, if this outbound port then dont randomize it but was hoping someone here knew how
May 01, 2025, 01:32:17 PM #3 Last Edit: May 01, 2025, 01:34:49 PM by verfluchten
Teams does not need port forwarding as it does not serve as a server. It is a client that reaches out to the Microsoft server in Akamai.

Just like it's an urban legend that for VOIP you have to forward 5060 port. You don't, for the same reason as above.

All you need for Teams to work is to open ports and IP ranges on the firewall LAN ruleset. I use a tool for that which shows me each failed attempt's particulars in Windows firewall, and then I drill a hole for each of them, until it works.
Print
Go Up Pages1
User actions