Hello,
For one of our customers we want to seperate Skype For Business(SFB) VOICE and VIDEO traffic from the normal traffic.
This SFB Voice and Video traffic needs to traverse to the internet from a special internet connection we configured on one of the interfaces of the Fortigate.
As far as we know we have a few options to accomplish this.
Option 1
Make a policy route for SFB traffic based on destination adresses .
Microsoft published the following URL(s)
The problem is that some URL(s) are generic Office365 URL(s) so normal office365 will also be routed over the special SFB Voice and Video WAN connection.
Option 2
Use a proxy for Skype for Business within in the LAN environment. With the SFB traffic coming from one source(proxy) we can route to the special WAN interface.
The problem is that Microsoft doesn't recommend the use of a proxy with SFB.
Option 3
Are there any better/easier ways Fortinet recommends to route Skype for Business traffic to a special WAN interface?
How do other customers of Fortinet solve this kind of problem?
I hope to hear from you guys and girls.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Sorry I know this is a bit late.
We ae using Policy based Routing based on destination ports and the TOS flags. The skype devices are set to mark signaling as CS3, voice as EF and video as AF41. The PbR matches the TOS field (0x60, 0x88 and 0xb with a mask of 0xFC).
In that way only the skype traffic is routed out the Skype interface. You need to set up Skype to mark the traffic properly. I'm not sure how his is done and probably depends on your Skype setup. Obviously the QoS markings will be ignored on the Internet.
Hope this helps
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.