Firewall configuration for Microsoft Teams recording deployments
- Kiss, Mate
This chapter summarizes the required firewall configuration for Microsoft Teams recording deployments.
Inbound rules
Server | Server Role | Service name | Source | Port | Protocol | Notes |
|---|---|---|---|---|---|---|
| SQL Server | - | - | All Verba Servers | 1433 | TCP | SQL connection |
| All Verba Servers | - | Verba Node Manager Agent | Verba Media Repository | 4433 | TCP | Central configuration from Verba Web Application |
| Verba Media Repository Server | Media Repository   | Verba Web Application | Any | 80 | TCP | Used for HTTP-based web access |
| Verba Web Application | Any | 443 | TCP | Used for HTTPS-based web access | ||
| Verba Media Streamer and Content Server Service | Any | 10105 | TCP | Media port for playback via HTTP | ||
| Verba Media Streamer and Content Server Service | Any | 10106 | TCP | Media port for playback via HTTPS | ||
| Verba Storage Management Service | Verba Recording Server | 20111 | TCP | Communication with Verba Storage Management services, used for secure file upload | ||
| SQL Server (if co-located on Verba Media Repository) | All Verba Servers | 1433 | TCP | SQL connection | ||
| Verba Recording Server | Recording Server | Verba Microsoft Teams Bot Service | Any It can be only restricted to Azure networks, Microsoft cannot restrict the Teams side to specific IP ranges at the moment. To download Azure IP ranges, see https://www.microsoft.com/en-us/download/details.aspx?id=56519 Make sure that the IP addresses of the VMs running the bot service are allowed. | 8445 | TCP | Media control port for Teams |
| Recording Server | Verba Microsoft Teams Bot Service | Any It can be only restricted to Azure networks, Microsoft cannot restrict the Teams side to specific IP ranges at the moment. To download Azure IP ranges, see https://www.microsoft.com/en-us/download/details.aspx?id=56519 Make sure that the IP addresses of the VMs running the bot service are allowed. | 9440 | TCP |
| |
| Recording Server | Verba Microsoft Teams Bot Service | Any It can be only restricted to Azure networks, Microsoft cannot restrict the Teams side to specific IP ranges at the moment. To download Azure IP ranges, see https://www.microsoft.com/en-us/download/details.aspx?id=56519 Make sure that the IP addresses of the VMs running the bot service are allowed. | 10100 | TCP | Call control port for Teams | |
| Recording Server | Verba Microsoft Teams Bot Service | Verba Recording Server / Verba Unified Call Recorder Service | 10501 | TCP | Recording Director connection (it is recommended to deploy the bot and the recording service on the same VM) | |
| Recording Server | Verba Microsoft Teams Bot Service | Verba Recording Server / Verba Unified Call Recorder Service | 10502 | TCP | Media Recorder connection (it is recommended to deploy the bot and the recording service on the same VM) | |
| Recording Server | Verba Microsoft Teams Bot Service | 13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15, 2603:1063::/39 The above IP ranges can be changed by Microsoft and it is possible that this Knowledge Base is not in sync with Microsoft's documentation. Please double-check the currently needed IP ranges on the Microsoft Documentation: | 16384 - 65535 | UDP | Media port range | |
| Recording Server | Verba Microsoft Teams Bot Service | Any | 10038 | TCP | Bot service API port | |
| Recording Server | Verba Unified Call Recorder Service | All Verba Servers All Verba Desktop Agents (if used) (plus all playback stations if silent monitoring is used) | 10031 | TCP | Service API port | |
Outbound rules
The Microsoft Teams Bot Service is considered as a standard Microsoft Teams endpoint and the standard firewall rules can be applied.
The following Microsoft documentation contains all the required endpoints and ports which has to be accessible for a Teams endpoint: Office 365 URLs and IP address ranges (section Skype for Business Online and Microsoft Teams)
In addition, the Microsoft Teams Bot Service uses Microsoft Graph API via the https://graph.microsoft.com/v1.0 endpoint for sending requests to Microsoft Teams (e.g.: Call answer, Azure AD queries)